usmcterp

MBAM/MBAM Chameleon Not Working

15 posts in this topic

I inadvertly downloaded malware tonight and have been unable to open MBAM or get MBAM Chameleon to fix the problem.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014
Ran by usmcterp (administrator) on HOME on 25-05-2014 02:58:50
Running from C:\Users\usmcterp\Downloads
Platform: Windows 8.1 (Update 1) (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
() C:\Program Files\Toshiba\Hotkey\Hotkey\TCrdKBB.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe
(Farbar) C:\Users\usmcterp\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [894048 2013-01-11] (Conexant Systems, Inc.)
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1820116336-1726196688-2488517242-1001\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-1820116336-1726196688-2488517242-1001\...\MountPoints2: {9015082b-94c5-11e3-8261-fcf8ae67083a} - "E:\MotoCastSetup.exe" -a
AppInit_DLLs-x32: c:\program files => c:\program files [0 2014-05-19] ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
SearchScopes: HKLM - DefaultScope {F91AE228-FCD8-4242-AAA9-97E4537FD6CF} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TNJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {F91AE228-FCD8-4242-AAA9-97E4537FD6CF} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TNJB
SearchScopes: HKLM-x32 - {F91AE228-FCD8-4242-AAA9-97E4537FD6CF} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TNJB
SearchScopes: HKCU - {F91AE228-FCD8-4242-AAA9-97E4537FD6CF} URL = 
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF [2014-01-28]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.trovi.com/?gd=&ctid=CT3325285&octid=EB_ORIGINAL_CTID&ISID=MA99C0D2B-B5D5-49FE-B0C9-A57073171F9C&SearchSource=55&CUI=&UM=2&UP=SPB709CE9E-158B-4222-A787-5181D97CB589&SSPV=", "hxxp://start.mysearchdial.com/?f=1&a=tuto_14_18&cd=2XzuyEtN2Y1L1Qzu0F0C0Fzz0A0EyCyBtDzztA0AyDzztA0DtN0D0Tzu0SzzyByDtN1L2XzutBtFtBtDtFtCyDtFtDtN1L1Czu2Z2Y2Z1F1VtCyE1VtCzztN1L1G1B1V1N2Y1L1Qzu2StDyB0DtC0AyC0D0DtG0CzztC0CtGzyzy0EyCtGtB0A0B0EtGyEtBtAzztDyBtCtBtDyC0ByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DyEzyyB0E0E0AtGtByCyCzztGyCtCtCyDtGyE0DyEyEtGyD0DyCyCtD0E0C0F0D0AyE0A2Q&cr=1120693140&ir="
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultSearchProvider: Yahoo!
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\usmcterp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-27]
CHR Extension: (Google Drive) - C:\Users\usmcterp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\usmcterp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\usmcterp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-27]
CHR Extension: (Google Search) - C:\Users\usmcterp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-27]
CHR Extension: (Norton Identity Protection) - C:\Users\usmcterp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-27]
CHR Extension: (Google Wallet) - C:\Users\usmcterp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-27]
CHR Extension: (Gmail) - C:\Users\usmcterp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-27]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\Exts\Chrome.crx [2014-05-15]
 
==================== Services (Whitelisted) =================
 
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2266296 2014-05-16] (Microsoft Corporation)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-07-29] ()
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376 2014-05-11] (Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3668208 2013-07-29] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
R3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2014-01-21] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-27] (Symantec Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [117192 2013-08-29] (Intel Corporation)
R3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140225.001\IDSvia64.sys [521944 2014-01-27] (Symantec Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140226.018\ENG64.SYS [126040 2014-02-25] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140226.018\EX64.SYS [2099288 2014-02-25] (Symantec Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-22] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1503000.00C\SRTSPX64.SYS [36952 2013-07-30] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1503000.00C\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1503000.00C\SymELAM.sys [23568 2013-07-31] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-22] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-25 02:58 - 2014-05-25 02:59 - 00018895 _____ () C:\Users\usmcterp\Downloads\FRST.txt
2014-05-25 02:58 - 2014-05-25 02:58 - 02066432 _____ (Farbar) C:\Users\usmcterp\Downloads\FRST64 (1).exe
2014-05-25 02:58 - 2014-05-25 02:58 - 00000000 ____D () C:\FRST
2014-05-25 02:49 - 2014-05-25 02:49 - 00000000 ____D () C:\Windows\pss
2014-05-25 02:34 - 2014-05-25 02:34 - 00024265 _____ () C:\Users\usmcterp\Desktop\RKreport[0]_D_05252014_023428.txt
2014-05-25 02:34 - 2014-05-25 02:34 - 00024227 _____ () C:\Users\usmcterp\Desktop\RKreport[0]_S_05252014_023424.txt
2014-05-25 02:32 - 2014-05-25 02:32 - 00024176 _____ () C:\Users\usmcterp\Desktop\RKreport[0]_S_05252014_023202.txt
2014-05-25 02:32 - 2014-05-25 02:32 - 00024141 _____ () C:\Users\usmcterp\Desktop\RKreport[0]_D_05252014_023206.txt
2014-05-25 02:32 - 2014-05-25 02:32 - 00001481 _____ () C:\Users\usmcterp\Desktop\RKreport[0]_SC_05252014_023252.txt
2014-05-25 02:32 - 2014-05-25 02:32 - 00001481 _____ () C:\Users\usmcterp\Desktop\RKreport[0]_SC_05252014_023245.txt
2014-05-25 02:32 - 2014-05-25 02:32 - 00001107 _____ () C:\Users\usmcterp\Desktop\RKreport[0]_PR_05252014_023220.txt
2014-05-25 02:32 - 2014-05-25 02:32 - 00001091 _____ () C:\Users\usmcterp\Desktop\RKreport[0]_H_05252014_023214.txt
2014-05-25 02:32 - 2014-05-25 02:32 - 00000991 _____ () C:\Users\usmcterp\Desktop\RKreport[0]_DN_05252014_023233.txt
2014-05-25 02:30 - 2014-05-25 02:30 - 00024764 _____ () C:\Users\usmcterp\Desktop\RKreport[0]_S_05252014_023011.txt
2014-05-25 02:30 - 2014-05-25 02:30 - 00024744 _____ () C:\Users\usmcterp\Desktop\RKreport[0]_D_05252014_023033.txt
2014-05-25 02:27 - 2014-05-25 02:27 - 04527616 _____ () C:\Users\usmcterp\Downloads\RogueKillerX64 (1).exe
2014-05-25 02:26 - 2014-05-25 02:32 - 00000000 ____D () C:\Users\usmcterp\Desktop\RK_Quarantine
2014-05-25 02:26 - 2014-05-25 02:26 - 03778560 _____ () C:\Users\usmcterp\Downloads\RogueKillerX64.exe
2014-05-25 01:48 - 2014-05-25 01:48 - 01326389 _____ () C:\Users\usmcterp\Downloads\adwcleaner_3.210 (2).exe
2014-05-25 01:41 - 2014-05-25 02:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-25 01:41 - 2014-05-25 01:43 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-25 01:41 - 2014-05-25 01:41 - 00001418 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-25 01:41 - 2014-05-25 01:41 - 00001406 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-05-25 01:41 - 2014-05-25 01:41 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-05-25 01:41 - 2014-05-25 01:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-25 01:41 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-05-25 01:40 - 2014-05-25 01:40 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\usmcterp\Downloads\spybot-2.3.exe
2014-05-25 01:40 - 2014-05-25 01:40 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\usmcterp\Downloads\spybot-2.3 (1).exe
2014-05-25 01:33 - 2014-05-25 01:33 - 01055232 _____ (Farbar) C:\Users\usmcterp\Downloads\FRST.exe
2014-05-25 01:32 - 2014-05-25 01:32 - 02066432 _____ (Farbar) C:\Users\usmcterp\Downloads\FRST64.exe
2014-05-25 01:32 - 2014-05-25 01:32 - 00008238 _____ () C:\Users\usmcterp\Desktop\scan.txt
2014-05-25 00:40 - 2014-05-25 00:40 - 02347384 _____ (ESET) C:\Users\usmcterp\Downloads\esetsmartinstaller_enu.exe
2014-05-25 00:40 - 2014-05-25 00:40 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-25 00:36 - 2014-05-25 00:36 - 00000625 _____ () C:\Users\usmcterp\Desktop\JRT.txt
2014-05-25 00:32 - 2014-05-25 00:32 - 00000000 ____D () C:\Windows\ERUNT
2014-05-25 00:31 - 2014-05-25 00:31 - 01016261 _____ (Thisisu) C:\Users\usmcterp\Downloads\JRT (1).exe
2014-05-25 00:29 - 2014-05-25 00:29 - 00009361 _____ () C:\Users\usmcterp\Desktop\AdwCleaner[s0].txt
2014-05-25 00:26 - 2014-05-25 00:26 - 01326389 _____ () C:\Users\usmcterp\Downloads\adwcleaner_3.210 (1).exe
2014-05-25 00:26 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-25 00:23 - 2014-05-25 00:23 - 01016261 _____ (Thisisu) C:\Users\usmcterp\Downloads\JRT.exe
2014-05-25 00:20 - 2014-05-25 01:49 - 00000000 ____D () C:\AdwCleaner
2014-05-25 00:20 - 2014-05-25 00:20 - 01326389 _____ () C:\Users\usmcterp\Downloads\adwcleaner_3.210.exe
2014-05-25 00:00 - 2014-05-25 00:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\usmcterp\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-05-24 23:59 - 2014-05-24 23:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\usmcterp\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-24 23:54 - 2014-05-24 23:54 - 00003088 _____ () C:\Windows\System32\Tasks\{59CDF92E-5E25-4643-9FB9-5771B9336A0B}
2014-05-24 23:44 - 2014-05-24 23:52 - 00000000 ____D () C:\Users\usmcterp\AppData\Local\WeatherAlerts
2014-05-24 23:43 - 2014-05-25 01:29 - 00000000 ____D () C:\Program Files (x86)\HD-Plus10
2014-05-24 23:43 - 2014-05-24 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fst
2014-05-21 20:16 - 2014-05-21 20:16 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-05-21 19:43 - 2014-05-21 19:43 - 00000000 __SHD () C:\Users\usmcterp\AppData\Local\EmieUserList
2014-05-21 19:43 - 2014-05-21 19:43 - 00000000 __SHD () C:\Users\usmcterp\AppData\Local\EmieSiteList
2014-05-21 19:35 - 2014-05-25 02:51 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-21 19:35 - 2014-05-25 00:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-21 19:35 - 2014-05-25 00:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-21 19:35 - 2014-05-22 06:56 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-21 19:35 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-19 22:15 - 2014-05-19 22:15 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-19 22:15 - 2014-05-19 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-19 22:14 - 2014-05-19 22:14 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-19 22:14 - 2014-05-19 22:14 - 00000000 ____D () C:\Program Files\iTunes
2014-05-19 22:14 - 2014-05-19 22:14 - 00000000 ____D () C:\Program Files\iPod
2014-05-19 22:14 - 2014-05-19 22:14 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-14 19:38 - 2014-03-23 22:30 - 00257880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-14 19:38 - 2014-03-23 22:30 - 00123224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-05-14 19:38 - 2014-03-23 22:27 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-14 19:37 - 2014-04-08 18:46 - 00086688 _____ (Microsoft Corporation) C:\Windows\system32\mrt_map.dll
2014-05-14 19:37 - 2014-04-08 18:46 - 00028320 _____ (Microsoft Corporation) C:\Windows\system32\mrt100.dll
2014-05-14 19:37 - 2014-04-08 14:54 - 00080032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt_map.dll
2014-05-14 19:37 - 2014-04-08 14:54 - 00026784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt100.dll
2014-05-14 19:37 - 2014-03-13 03:42 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-05-14 19:37 - 2014-03-13 02:51 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-05-14 19:35 - 2014-04-11 06:03 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-05-14 19:35 - 2014-04-11 06:03 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-05-14 19:35 - 2014-04-11 04:25 - 00419928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2014-05-14 19:35 - 2014-04-11 02:04 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-05-14 19:35 - 2014-04-11 01:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-05-14 19:35 - 2014-04-11 01:22 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-05-14 19:35 - 2014-04-10 23:54 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-05-14 19:35 - 2014-04-10 23:36 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-05-14 19:35 - 2014-04-10 23:24 - 13288960 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-05-14 19:35 - 2014-04-10 23:06 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-05-14 19:35 - 2014-04-10 23:05 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 19:35 - 2014-04-10 23:05 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-05-14 19:35 - 2014-04-10 23:02 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 19:35 - 2014-04-10 23:02 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-05-14 19:35 - 2014-04-10 23:01 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-05-14 19:35 - 2014-04-10 23:00 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-05-14 19:35 - 2014-04-10 22:59 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-05-14 19:35 - 2014-04-10 22:57 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-05-14 19:35 - 2014-04-10 22:56 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-05-14 19:35 - 2014-04-10 22:55 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-05-14 19:35 - 2014-04-10 22:53 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-05-14 19:35 - 2014-04-10 22:52 - 03464192 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-05-14 19:35 - 2014-04-10 22:46 - 01705472 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-05-14 19:35 - 2014-04-10 22:36 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-05-14 19:35 - 2014-04-10 22:34 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-14 19:35 - 2014-04-10 22:29 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-05-14 19:35 - 2014-04-10 22:25 - 00921088 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-14 19:34 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 19:34 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 19:34 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 19:34 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 19:34 - 2014-03-27 05:12 - 21225584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 19:34 - 2014-03-27 03:48 - 18679728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-07 18:09 - 2014-05-24 19:45 - 00000000 ____D () C:\Users\usmcterp\AppData\Roaming\ShopAtHome.com BrowserAppCore Service
2014-05-07 18:09 - 2014-05-07 18:09 - 00000000 ____D () C:\Users\usmcterp\AppData\Roaming\Windows
2014-05-02 21:12 - 2014-05-02 21:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
 
==================== One Month Modified Files and Folders =======
 
2014-05-25 02:59 - 2014-05-25 02:58 - 00018895 _____ () C:\Users\usmcterp\Downloads\FRST.txt
2014-05-25 02:58 - 2014-05-25 02:58 - 02066432 _____ (Farbar) C:\Users\usmcterp\Downloads\FRST64 (1).exe
2014-05-25 02:58 - 2014-05-25 02:58 - 00000000 ____D () C:\FRST
2014-05-25 02:58 - 2014-01-27 19:28 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9F74F168-34D1-453B-8D78-367EDE20BC58}
2014-05-25 02:58 - 2014-01-27 19:22 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1820116336-1726196688-2488517242-1001
2014-05-25 02:55 - 2014-01-27 22:13 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-25 02:53 - 2014-01-22 01:27 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-25 02:53 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-25 02:51 - 2014-05-21 19:35 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-25 02:51 - 2014-01-27 20:01 - 00000000 ____D () C:\Users\usmcterp\AppData\Local\CrashDumps
2014-05-25 02:49 - 2014-05-25 02:49 - 00000000 ____D () C:\Windows\pss
2014-05-25 02:49 - 2014-01-27 19:14 - 00000000 ____D () C:\Users\usmcterp
2014-05-25 02:49 - 2014-01-22 01:20 - 05070836 _____ () C:\Users\Public\CAFADEBUG.log
2014-05-25 02:34 - 2014-05-25 02:34 - 00024265 _____ () C:\Users\usmcterp\Desktop\RKreport[0]_D_05252014_023428.txt
2014-05-25 02:34 - 2014-05-25 02:34 - 00024227 _____ () C:\Users\usmcterp\Desktop\RKreport[0]_S_05252014_023424.txt
2014-05-25 02:32 - 2014-05-25 02:32 - 00024176 _____ () C:\Users\usmcterp\Desktop\RKreport[0]_S_05252014_023202.txt
2014-05-25 02:32 - 2014-05-25 02:32 - 00024141 _____ () C:\Users\usmcterp\Desktop\RKreport[0]_D_05252014_023206.txt
2014-05-25 02:32 - 2014-05-25 02:32 - 00001481 _____ () C:\Users\usmcterp\Desktop\RKreport[0]_SC_05252014_023252.txt
2014-05-25 02:32 - 2014-05-25 02:32 - 00001481 _____ () C:\Users\usmcterp\Desktop\RKreport[0]_SC_05252014_023245.txt
2014-05-25 02:32 - 2014-05-25 02:32 - 00001107 _____ () C:\Users\usmcterp\Desktop\RKreport[0]_PR_05252014_023220.txt
2014-05-25 02:32 - 2014-05-25 02:32 - 00001091 _____ () C:\Users\usmcterp\Desktop\RKreport[0]_H_05252014_023214.txt
2014-05-25 02:32 - 2014-05-25 02:32 - 00000991 _____ () C:\Users\usmcterp\Desktop\RKreport[0]_DN_05252014_023233.txt
2014-05-25 02:32 - 2014-05-25 02:26 - 00000000 ____D () C:\Users\usmcterp\Desktop\RK_Quarantine
2014-05-25 02:30 - 2014-05-25 02:30 - 00024764 _____ () C:\Users\usmcterp\Desktop\RKreport[0]_S_05252014_023011.txt
2014-05-25 02:30 - 2014-05-25 02:30 - 00024744 _____ () C:\Users\usmcterp\Desktop\RKreport[0]_D_05252014_023033.txt
2014-05-25 02:27 - 2014-05-25 02:27 - 04527616 _____ () C:\Users\usmcterp\Downloads\RogueKillerX64 (1).exe
2014-05-25 02:26 - 2014-05-25 02:26 - 03778560 _____ () C:\Users\usmcterp\Downloads\RogueKillerX64.exe
2014-05-25 02:14 - 2013-11-05 05:43 - 00080100 _____ () C:\Windows\PFRO.log
2014-05-25 02:11 - 2014-05-25 01:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-25 02:00 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2014-05-25 01:51 - 2014-01-22 01:27 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-25 01:49 - 2014-05-25 00:20 - 00000000 ____D () C:\AdwCleaner
2014-05-25 01:48 - 2014-05-25 01:48 - 01326389 _____ () C:\Users\usmcterp\Downloads\adwcleaner_3.210 (2).exe
2014-05-25 01:43 - 2014-05-25 01:41 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-25 01:41 - 2014-05-25 01:41 - 00001418 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-25 01:41 - 2014-05-25 01:41 - 00001406 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-05-25 01:41 - 2014-05-25 01:41 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-05-25 01:41 - 2014-05-25 01:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-25 01:40 - 2014-05-25 01:40 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\usmcterp\Downloads\spybot-2.3.exe
2014-05-25 01:40 - 2014-05-25 01:40 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\usmcterp\Downloads\spybot-2.3 (1).exe
2014-05-25 01:37 - 2014-01-27 19:16 - 00000000 ___RD () C:\Users\usmcterp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-25 01:33 - 2014-05-25 01:33 - 01055232 _____ (Farbar) C:\Users\usmcterp\Downloads\FRST.exe
2014-05-25 01:32 - 2014-05-25 01:32 - 02066432 _____ (Farbar) C:\Users\usmcterp\Downloads\FRST64.exe
2014-05-25 01:32 - 2014-05-25 01:32 - 00008238 _____ () C:\Users\usmcterp\Desktop\scan.txt
2014-05-25 01:29 - 2014-05-24 23:43 - 00000000 ____D () C:\Program Files (x86)\HD-Plus10
2014-05-25 00:49 - 2014-01-22 01:10 - 01855826 _____ () C:\Windows\WindowsUpdate.log
2014-05-25 00:40 - 2014-05-25 00:40 - 02347384 _____ (ESET) C:\Users\usmcterp\Downloads\esetsmartinstaller_enu.exe
2014-05-25 00:40 - 2014-05-25 00:40 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-25 00:36 - 2014-05-25 00:36 - 00000625 _____ () C:\Users\usmcterp\Desktop\JRT.txt
2014-05-25 00:32 - 2014-05-25 00:32 - 00000000 ____D () C:\Windows\ERUNT
2014-05-25 00:31 - 2014-05-25 00:31 - 01016261 _____ (Thisisu) C:\Users\usmcterp\Downloads\JRT (1).exe
2014-05-25 00:29 - 2014-05-25 00:29 - 00009361 _____ () C:\Users\usmcterp\Desktop\AdwCleaner[s0].txt
2014-05-25 00:27 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-05-25 00:26 - 2014-05-25 00:26 - 01326389 _____ () C:\Users\usmcterp\Downloads\adwcleaner_3.210 (1).exe
2014-05-25 00:23 - 2014-05-25 00:23 - 01016261 _____ (Thisisu) C:\Users\usmcterp\Downloads\JRT.exe
2014-05-25 00:20 - 2014-05-25 00:20 - 01326389 _____ () C:\Users\usmcterp\Downloads\adwcleaner_3.210.exe
2014-05-25 00:00 - 2014-05-25 00:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\usmcterp\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-05-25 00:00 - 2014-05-21 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-25 00:00 - 2014-05-21 19:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-25 00:00 - 2014-02-01 23:22 - 00001129 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-24 23:59 - 2014-05-24 23:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\usmcterp\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-24 23:54 - 2014-05-24 23:54 - 00003088 _____ () C:\Windows\System32\Tasks\{59CDF92E-5E25-4643-9FB9-5771B9336A0B}
2014-05-24 23:52 - 2014-05-24 23:44 - 00000000 ____D () C:\Users\usmcterp\AppData\Local\WeatherAlerts
2014-05-24 23:44 - 2014-05-24 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fst
2014-05-24 19:45 - 2014-05-07 18:09 - 00000000 ____D () C:\Users\usmcterp\AppData\Roaming\ShopAtHome.com BrowserAppCore Service
2014-05-22 18:01 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-05-22 16:47 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-22 06:56 - 2014-05-21 19:35 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-21 21:15 - 2014-01-27 19:57 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-05-21 20:35 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-21 20:27 - 2013-08-22 11:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-05-21 20:16 - 2014-05-21 20:16 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-05-21 20:13 - 2013-11-05 05:53 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-21 20:11 - 2014-01-22 01:29 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-05-21 20:11 - 2014-01-22 01:28 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-05-21 20:11 - 2014-01-22 01:28 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-05-21 20:07 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-05-21 19:43 - 2014-05-21 19:43 - 00000000 __SHD () C:\Users\usmcterp\AppData\Local\EmieUserList
2014-05-21 19:43 - 2014-05-21 19:43 - 00000000 __SHD () C:\Users\usmcterp\AppData\Local\EmieSiteList
2014-05-21 19:35 - 2014-02-01 23:23 - 00000000 ____D () C:\Users\usmcterp\AppData\Roaming\Malwarebytes
2014-05-21 19:35 - 2014-02-01 23:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-20 20:47 - 2014-03-18 19:15 - 00013932 _____ () C:\Users\usmcterp\Desktop\Percent Reduction Record.xlsx
2014-05-19 22:15 - 2014-05-19 22:15 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-19 22:15 - 2014-05-19 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-19 22:14 - 2014-05-19 22:14 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-19 22:14 - 2014-05-19 22:14 - 00000000 ____D () C:\Program Files\iTunes
2014-05-19 22:14 - 2014-05-19 22:14 - 00000000 ____D () C:\Program Files\iPod
2014-05-19 22:14 - 2014-05-19 22:14 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-17 08:36 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2014-05-16 18:32 - 2014-01-27 19:16 - 00000000 ___RD () C:\Users\usmcterp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 18:28 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData
2014-05-16 18:28 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-16 18:28 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-16 18:28 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\WinStore
2014-05-16 18:28 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-16 18:28 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-15 05:43 - 2014-01-28 22:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 05:38 - 2014-01-28 22:13 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 20:26 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-12 07:26 - 2014-05-21 19:35 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-02-01 23:22 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 06:52 - 2014-01-22 01:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-05-07 21:46 - 2014-01-22 01:27 - 00003916 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 21:46 - 2014-01-22 01:27 - 00003680 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-07 18:09 - 2014-05-07 18:09 - 00000000 ____D () C:\Users\usmcterp\AppData\Roaming\Windows
2014-05-06 00:40 - 2014-05-14 19:34 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 23:25 - 2014-05-14 19:34 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 23:00 - 2014-05-14 19:34 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 22:10 - 2014-05-14 19:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 19:30 - 2014-01-27 19:15 - 00000000 ____D () C:\Users\usmcterp\AppData\Local\Packages
2014-05-02 21:12 - 2014-05-02 21:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-01 16:30 - 2013-08-22 11:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 16:30 - 2013-08-22 11:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-28 17:28 - 2013-08-22 10:46 - 00017582 _____ () C:\Windows\setupact.log
2014-04-28 06:50 - 2013-08-22 10:44 - 00474808 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-28 06:46 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-04-28 06:46 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-04-28 06:46 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2014-04-28 06:46 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-28 06:46 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\setup
2014-04-28 06:46 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-04-28 06:46 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-04-28 06:46 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2014-04-28 06:46 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2014-04-28 06:46 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2014-04-28 06:46 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-04-28 06:46 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-04-28 06:46 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\servicing
2014-04-28 06:45 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-04-28 06:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-04-28 06:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\uk-UA
2014-04-28 06:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-04-28 06:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\th-TH
2014-04-28 06:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\SystemResetPlatform
2014-04-28 06:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-04-28 06:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-04-28 06:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sl-SI
2014-04-28 06:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-04-28 06:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\ro-RO
2014-04-28 06:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\migwiz
2014-04-28 06:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\lv-LV
2014-04-28 06:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\lt-LT
2014-04-28 06:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\hr-HR
2014-04-28 06:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\he-IL
2014-04-28 06:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\et-EE
2014-04-28 06:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\en-GB
2014-04-28 06:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\bg-BG
2014-04-28 06:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-04-28 06:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-28 06:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\FileManager
2014-04-28 06:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Camera
2014-04-28 06:45 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-04-28 06:45 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\oobe
2014-04-28 06:45 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\Dism
2014-04-26 06:29 - 2014-02-02 16:35 - 00155136 ___SH () C:\Users\usmcterp\Desktop\Thumbs.db
 
Some content of TEMP:
====================
C:\Users\usmcterp\AppData\Local\Temp\ntdll_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014
Ran by usmcterp at 2014-05-25 02:59:22
Running from C:\Users\usmcterp\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
Adobe Reader XI (11.0.03)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.2.0 - Conexant)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3424.05 - CyberLink Corp.)
CyberLink PowerDVD 12 (x32 Version: 12.0.3424.05 - CyberLink Corp.) Hidden
DTS Studio Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Drive (HKLM-x32\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HD-Plus10 (HKLM-x32\...\HD-Plus10) (Version: 1.34.5.22 - PlusHD10)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 16.05.0000.0525 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3282 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.8.2.1000 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® 4.0 (HKLM-x32\...\{38561F82-2984-4C99-ADD7-D1166BC3D552}) (Version: 3.0.1335.05 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{5586ea81-c047-4609-b47a-4bad18347b44}) (Version: 16.5.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.05.0000.0251 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.)
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4615.1002 - Microsoft Corporation)
Microsoft Project Professional 2013 - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 15.0.4615.1002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.20617 (Version: 12.0.20617 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.20617 (Version: 12.0.20617 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.20617 (x32 Version: 12.0.20617 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.20617 (x32 Version: 12.0.20617 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.3.0.12 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PursuePoint (HKLM\...\PursuePoint) (Version: 2014.02.01.021226 - PursuePoint) <==== ATTENTION
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.1 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Display Utility (HKLM\...\{11955FE2-CAC6-4C3B-AA68-F787D7405400}) (Version: 1.1.9.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.0003.64001 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 5.0.1.0 - Toshiba Corporation)
TOSHIBA Password Utility (Version: 5.0.1.0 - Toshiba Corporation) Hidden
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.2 - WildTangent) Hidden
 
==================== Restore Points  =========================
 
07-05-2014 00:37:38 Windows Update
14-05-2014 01:47:23 Scheduled Checkpoint
21-05-2014 21:21:15 Scheduled Checkpoint
25-05-2014 03:45:55 Uniblue SpeedUpMyPC installation
 
==================== Hosts content: ==========================
 
2013-08-22 09:25 - 2014-05-25 02:32 - 00000741 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {020B4158-81E6-41B7-BFAA-3101DC62D21D} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0814648C-9C1D-4E73-B9E1-8E58F3B8A941} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1859826F-3846-4457-8CC0-A7553FDE807C} - \da445520-7f5a-46c3-8e5b-9a828acb4023-4 No Task File <==== ATTENTION
Task: {1BEDB4D7-2D92-4743-ADE2-000DF9462022} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {21D515BA-63F2-4FFE-9A7C-3BCF19C0B540} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)
Task: {273877EC-A617-4BC4-A202-20C7F43AB39B} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {3095CC88-44B3-4A67-97DE-C67B32CAD8B7} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3AD81233-E853-47E0-A8F9-0F5D201BDDFD} - \da445520-7f5a-46c3-8e5b-9a828acb4023-5 No Task File <==== ATTENTION
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {40E6A72E-D60B-41AA-A41F-B93F9E0EC02B} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {4692A036-8F6E-4AB1-B2B5-F93EF84563A1} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-22] (Synaptics Incorporated)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4CB1FC00-627D-435A-8164-EC50BC09320E} - \da445520-7f5a-46c3-8e5b-9a828acb4023-2 No Task File <==== ATTENTION
Task: {4CBFA4B5-9A7C-43E1-BC48-017B7DD8A22E} - \da445520-7f5a-46c3-8e5b-9a828acb4023-3 No Task File <==== ATTENTION
Task: {56C816B9-3EA4-4D2E-ACDF-72C6511BFF5C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\WSCStub.exe [2014-05-11] (Symantec Corporation)
Task: {5E6EB501-3170-464A-8650-B51882277A45} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6B01F0FB-0545-4A4E-B46C-99E500FB1B30} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {70335141-8251-4B49-8EE0-0860B496E939} - \da445520-7f5a-46c3-8e5b-9a828acb4023-6 No Task File <==== ATTENTION
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {78204E6D-B8F0-4339-B2B2-190699681EEE} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {7D5FE79A-BA20-4B07-8289-FD514F38ABBF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8C8F5D0C-D254-47AC-AAEA-2E7B617FDBFF} - \da445520-7f5a-46c3-8e5b-9a828acb4023-1 No Task File <==== ATTENTION
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9200FD9C-80E1-45B2-A513-D026D6829FF1} - \da445520-7f5a-46c3-8e5b-9a828acb4023-7 No Task File <==== ATTENTION
Task: {96BA0C16-9297-478A-900F-A3D3E12819AB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-05-13] (Microsoft Corporation)

 

Share this post


Link to post
Share on other sites

While waiting for a response, I was able to get a version of MBAM to install an update.  The run found several Infections.  I have rerun Farbar and attached the logs along with the MBAM run.  Could someone still verify that I am clean?  I realize you guys are busy since I have not received a response in a few days.  Any help would be greatly appreciated.  Thanks.

 

FRST_27-05-2014_18-59-08.txt

Addition.txt

mbam-log-2014-05-27 (16-27-07).txt

Share this post


Link to post
Share on other sites

Hi usmcterp, and welcome to Malwarebytes.

I see that you apparently downloaded this file from CNET (due to the file name):
C:\Users\usmcterp\Downloads\avg_free_stb_all_2014_4577_cnet.exe
I would not recommend CNET as a safe download site, please see this article:
http://www.thewindowsclub.com/safe-software-download-sites

You appear to be running AVG AntiVirus, and Norton Internet Security. It is not recommended to run more than one antivirus program resident, as they can conflict with each other, and you actually end up with less protection, not more. You should decide which you want to keep, and completely uninstall the other (not just disable).

Please go to Start > Control Panel > Programs and Features and uninstall the following program:
PursuePoint

 

 

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.
Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 

startHKLM\...\Run: [] => [X]AppInit_DLLs-x32: c:\program files => c:\program files [0 2014-05-19] ()SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKCU - DefaultScope {F91AE228-FCD8-4242-AAA9-97E4537FD6CF} URL =SearchScopes: HKCU - {F91AE228-FCD8-4242-AAA9-97E4537FD6CF} URL =HR StartupUrls: "hxxp://www.trovi.com/?gd=&ctid=CT3325285&octid=EB_ORIGINAL_CTID&ISID=MA99C0D2B-B5D5-49FE-B0C9-A57073171F9C&SearchSource=55&CUI=&UM=2&UP=SPB709CE9E-158B-4222-A787-5181D97CB589&SSPV=", "hxxp://start.mysearchdial.com/?f=1&a=tuto_14_18&cd=2XzuyEtN2Y1L1Qzu0F0C0Fzz0A0EyCyBtDzztA0AyDzztA0DtN0D0Tzu0SzzyByDtN1L2XzutBtFtBtDtFtCyDtFtDtN1L1Czu2Z2Y2Z1F1VtCyE1VtCzztN1L1G1B1V1N2Y1L1Qzu2StDyB0DtC0AyC0D0DtG0CzztC0CtGzyzy0EyCtGtB0A0B0EtGyEtBtAzztDyBtCtBtDyC0ByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DyEzyyB0E0E0AtGtByCyCzztGyCtCtCyDtGyE0DyEyEtGyD0DyCyCtD0E0C0F0D0AyE0A2Q&cr=1120693140&ir="Task: {1859826F-3846-4457-8CC0-A7553FDE807C} - \da445520-7f5a-46c3-8e5b-9a828acb4023-4 No Task File <==== ATTENTIONTask: {273877EC-A617-4BC4-A202-20C7F43AB39B} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTIONTask: {3AD81233-E853-47E0-A8F9-0F5D201BDDFD} - \da445520-7f5a-46c3-8e5b-9a828acb4023-5 No Task File <==== ATTENTIONTask: {4CB1FC00-627D-435A-8164-EC50BC09320E} - \da445520-7f5a-46c3-8e5b-9a828acb4023-2 No Task File <==== ATTENTIONTask: {4CBFA4B5-9A7C-43E1-BC48-017B7DD8A22E} - \da445520-7f5a-46c3-8e5b-9a828acb4023-3 No Task File <==== ATTENTIONTask: {6B01F0FB-0545-4A4E-B46C-99E500FB1B30} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTIONTask: {70335141-8251-4B49-8EE0-0860B496E939} - \da445520-7f5a-46c3-8e5b-9a828acb4023-6 No Task File <==== ATTENTIONTask: {9200FD9C-80E1-45B2-A513-D026D6829FF1} - \da445520-7f5a-46c3-8e5b-9a828acb4023-7 No Task File <==== ATTENTION end

Save the file as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will create a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 
Please post the log from FRST (Fixlog.txt) in your next reply.

 

 

Download TFC by OldTimer to your Desktop.

  • Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
  • Double-click on the TFC icon.
  • When the program starts, click on the Start button.  TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
  • Depending on how much data is currently stored in the Temp folders, this process can take quite a while to remove all of the files, so please be patient.
  • When done, press OK to reboot your computer and finish the cleanup.

 

Please scan your system with ESET Online Scanner

  • Click the "Run ESET Online Scanner" button.
    • For browsers other than Internet Explorer such as Firefox, Chrome, or Opera (Microsoft Internet Explorer users can skip this step) another page will open to download the ESET Smart Installer
    • Click on esetsmartinstaller_enu.exe
    • Save it to your desktop, and double-click to run it.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

I see that you have run RogueKiller, AdwCleaner, and Junkware Removal Tool. Please post the most recent log from each.

 

Please copy and paste the contents of the log from FRST (Fixlog.txt) and ESET Online Scan in your next reply, along with the most recent logs from RogueKiller, AdwCleaner, and Junkware Removal Tool which you previously ran, and note any errors encountered.

Share this post


Link to post
Share on other sites

Please re-run RogueKiller

  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found on your Desktop
  • Exit/Close RogueKiller

 

Follow the instructions here to show hidden files:

http://www.bleepingcomputer.com/tutorials/show-hidden-files-in-windows-8/

 

Then using Windows Explore, delete the following file if still there:

C:\Users\usmcterp\AppData\Roaming\ShopAtHome.com BrowserAppCore Service

 

When finished, do the reverse to again hide hidden files.

 

I don't really see any other malware, so let's check further:

 

Please download Malwarebytes Anti-Rootkit here.

  • Unzip the contents to a folder on the Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Please post the two logs produced.
  • Please note: This tool is still in BETA mode, so please ensure you have backed up any important files.

 

I have still been unable to properly install the current version of MBAM and have reinstalled an older version.

 

Is this a registered or free version?

 

Please copy and paste the contents of the two logs each in their own reply, the new log from RogueKiller, and note any errors encountered.and not any errors encountered.

Share this post


Link to post
Share on other sites

I am not sure I did the RogueKiller correctly.  I did not see where to run as an administrator, so I hope I did that properly.

 

The MBAM version is free but do not have any issue upgrading if it is beneficial.  I did upgrade AVG today figuring I could use the extra protection.  If the MBAM version will upload and worth the investment, I will happily upgrade.

 

Thanks for your help.

RKreport_DEL_06142014_130850.log

mbar-log-2014-06-14 (13-18-31).txt

Share this post


Link to post
Share on other sites
I am not sure I did the RogueKiller correctly.  I did not see where to run as an administrator, so I hope I did that properly.

 

All you need to do is to right-click on the file, a menu will appear, and near the top of the list you select Run as administrator.

 

Please re-run RogueKiller

  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-click and select "Run as administrator" to start
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found on your Desktop
  • Exit/Close RogueKiller

 

Restart your system.

Please re-run Malwarebytes' Anti-Malware.

  • Click the Update tab.
  • Click Check for Updates.
  • If an update is found, it will download and install.
  • Click the Scanner tab.
  • Select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.

Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately.

 

Please copy and paste (rather than attach) the contents of the new RogueKiller log, the log from MBAM, and note any errors encountered.

 

Share this post


Link to post
Share on other sites

I ran the MBAM scan with 1.75.  I have since tried to install the latest 2.0 version but getting the same error during installation.  Internal error: Expression error 'Runtime Error (at 79:177): External exceptions D06D7363.'  I receive a few more errors with the same exception.  After installation, the MBAM program icon appears but the program will not open.

RKreport_DEL_06152014_104620.log

mbam-log-2014-06-15 (10-51-10).txt

Share this post


Link to post
Share on other sites

When you are running RogueKiller, you seem to be missing this step:

Make sure that everything is checked, and click Remove Selected.

 

Please re-run it, make sure that everything is checked, and click Remove Selected, and post the new log.

 

Please download the Malwarebytes Anti-Malware Cleanup Tool to completely remove MBAM:

http://www.bleepingcomputer.com/download/malwarebytes-anti-malware-cleanup-tool/

Save the file to your Desktop, right-click and select "Run as administrator".

When the tool finished, restart your system.

Can you now successfully install the current version of MBAM?

Share this post


Link to post
Share on other sites
That did the trick and currently running a scan with 2.0.

 

That's great. were you able to get the log to post?

While still on the Scan tab, click the Export Log button, select Text file (*.txt), and save the log to your Desktop.

Then copy and paste the contents of the log in your next reply.

Share this post


Link to post
Share on other sites
Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 6/15/2014

Scan Time: 12:10:12 PM

Logfile: mbam log.txt

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.06.15.04

Rootkit Database: v2014.06.02.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: usmcterp

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 274534

Time Elapsed: 8 min, 48 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

Share this post


Link to post
Share on other sites

Excellent!

You can now delete the following utilities and any logs they created:
Farbar Recovery Scan Tool (and delete the folder C:\FRST)

RogueKiller

MBAR

Malwarebytes Anti-Malware Cleanup Tool

 

To help keep malware off your system:

  • Keep Windows updated at Windows Update or Microsoft Update.
  • Keep your other applications updated, there are vulnerabilities that rely on exploits through other programs like Java, Microsoft Office, Adobe Reader, Flash, and others.
  • Run a program like Secunia Online Software Inspector or FileHippo Update Checker to see what programs need to be updated.
  • Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.
  • Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.
  • Don't click on links received in instant message programs.
  • In place of Internet Explorer, browse with Firefox with the NoScript and AdBlock Plus add-ons.
  • A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/...p2002/hosts.htm
  • A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available at http://www.javacools...m/products.html
  • I recommend reading Tony Klein's article So How did I get Infected in the First Place? at http://www.spywarein...showtopic=60955

Does your problem appear resolved?

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.