Jump to content

MBAM won't run Error -2147417848 Malware Infection


Recommended Posts

Frst.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Kardell (administrator) on KARDELL-HP on 04-06-2014 13:13:56
Running from C:\Users\Kardell\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/  
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/  
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL =  
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM - {E96A393A-F4A0-4EF8-B105-E60FE6BD09FE} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {E96A393A-F4A0-4EF8-B105-E60FE6BD09FE} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {0572C908-52D2-47AF-9AD9-2683B07B9D2B} URL = http://www.search.ask.com/web?p2=%5EBBD%5EOSJ000%5EYY%5EUS&gct=&itbv=12.7.0.15&o=APN11405&tpid=ORJ-V7C&apn_uid=CCD91CA9-F714-44A0-AA64-CF2D35ECD99D&apn_ptnrs=BBD&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_11.0.9600.16428&doi=2013-12-26&trgb=IE&q={searchTerms}&psv=
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - {E96A393A-F4A0-4EF8-B105-E60FE6BD09FE} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Video Player - {1d683a7c-d033-4ce3-8b80-d0869f4c4c90} - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta6162\ie\VideoPlayerV3beta6162.dll No File
BHO-x32: Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll" No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Media View - {6d85906c-13c2-41ba-ba58-adf864f241b8} - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5752\ie\MediaViewV1alpha5752.dll No File
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Media Player - {9d2d6523-343c-459b-84eb-494d85d0f94b} - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha1612\ie\MediaPlayerV1alpha1612.dll No File
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll" No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.15.4
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-12-31]
FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta6162.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta6162\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaPlayerV1alpha1612.net] - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha1612\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha5752.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5752\ff
 
Chrome:  
=======
CHR Extension: (Google Docs) - C:\Users\Kardell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-25]
CHR Extension: (Google Drive) - C:\Users\Kardell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-25]
CHR Extension: (YouTube) - C:\Users\Kardell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-17]
CHR Extension: (Google Search) - C:\Users\Kardell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-17]
CHR Extension: (Website Logon) - C:\Users\Kardell\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa [2014-01-25]
CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\Kardell\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-25]
CHR Extension: (Google Wallet) - C:\Users\Kardell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-05]
CHR Extension: (Gmail) - C:\Users\Kardell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-17]
CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-25]
CHR HKLM-x32\...\Chrome\Extension: [eigajcihfeikdnhpeonndlggggiodpln] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5752\ch\MediaViewV1alpha5752.crx [2011-08-25]
CHR HKLM-x32\...\Chrome\Extension: [ildjmoebhbpbpohbmebnpfdfeejjgjlb] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta6162\ch\VideoPlayerV3beta6162.crx [2011-08-25]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [2013-12-31]
 
==================== Services (Whitelisted) =================
 
S2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 a4djavs; C:\Windows\System32\Drivers\a4djavs.sys [353360 2010-10-20] (Native Instruments GmbH)
S3 a4djusb_svc; C:\Windows\System32\Drivers\a4djusb.sys [93264 2010-10-20] (Native Instruments GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131002.001\BHDrvx64.sys [1525848 2013-09-25] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-10-16] (Symantec Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32152 2014-01-22] ()
S3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20130930.001\IDSVia64.sys [520280 2013-09-23] (Symantec Corporation)
R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2014-06-04] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-04] (Malwarebytes Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-31] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
S1 A2DDA; \??\G:\RUN\a2ddax64.sys [X]
S3 cleanhlp; \??\G:\Run\cleanhlp64.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131004.035\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131004.035\EX64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-04 13:13 - 2014-06-04 13:14 - 00014554 _____ () C:\Users\Kardell\Downloads\FRST.txt
2014-06-04 13:13 - 2014-06-04 13:13 - 02068992 _____ (Farbar) C:\Users\Kardell\Downloads\FRST64.exe
2014-06-04 13:02 - 2014-06-04 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-06-04 13:02 - 2014-06-04 13:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-06-04 13:01 - 2014-06-04 13:01 - 00000000 ____D () C:\Users\Kardell\Desktop\Spyware
2014-06-04 11:21 - 2014-06-04 11:21 - 05245952 _____ () C:\Users\Kardell\Downloads\RogueKillerX64.exe
2014-06-04 06:32 - 2014-06-04 06:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 22:28 - 2014-06-04 13:01 - 00036680 _____ () C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-03 22:28 - 2014-06-03 22:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 22:28 - 2014-06-03 22:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 22:28 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-03 22:15 - 2014-06-03 22:23 - 00037076 _____ () C:\Users\Kardell\Downloads\SystemLook.txt
2014-06-03 22:15 - 2014-06-03 22:15 - 00165376 _____ () C:\Users\Kardell\Downloads\SystemLook_x64.exe
2014-06-03 19:17 - 2014-06-04 13:13 - 00000000 ____D () C:\FRST
2014-06-03 09:45 - 2014-06-03 09:45 - 04673536 _____ () C:\Users\Kardell\Downloads\RogueKiller (1).exe
2014-06-03 09:13 - 2014-06-03 09:13 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-03 09:13 - 2014-06-03 09:13 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-03 09:13 - 2014-06-03 09:13 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-03 08:42 - 2014-06-03 08:43 - 00001133 _____ () C:\Users\Kardell\Downloads\FSS.txt
2014-06-03 08:42 - 2014-06-03 08:42 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\Kardell\Downloads\tdsskiller.exe
2014-06-03 08:41 - 2014-06-03 08:41 - 00410112 _____ (Farbar) C:\Users\Kardell\Downloads\FSS.exe
2014-06-03 08:40 - 2014-06-03 08:40 - 02463848 _____ (Malwarebytes ) C:\Users\Kardell\Downloads\mbae-setup-0.10.3.0100.exe
2014-06-03 08:19 - 2014-06-04 13:02 - 00000956 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 08:13 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-03 08:12 - 2014-06-03 08:13 - 00000000 ____D () C:\AdwCleaner
2014-06-03 07:43 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-03 07:43 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-03 07:43 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-03 07:43 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-03 07:43 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-03 07:43 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-03 07:43 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-03 07:43 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-03 07:42 - 2014-06-03 08:01 - 00000000 ____D () C:\Windows\erdnt
2014-06-03 07:39 - 2014-06-03 07:41 - 00002956 _____ () C:\Users\Kardell\Desktop\Rkill.txt
2014-06-03 07:38 - 2014-06-03 07:38 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Kardell\Downloads\rkill.exe
2014-06-03 07:24 - 2014-06-03 07:24 - 01327971 _____ () C:\Users\Kardell\Downloads\AdwCleaner.exe
2014-06-03 07:24 - 2014-06-03 07:24 - 01016261 _____ (Thisisu) C:\Users\Kardell\Downloads\JRT.exe
2014-06-03 07:21 - 2014-06-03 07:21 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-03 07:20 - 2014-06-03 07:21 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Kardell\Downloads\mbam-setup-1.75.0.1300.exe
2014-06-03 07:18 - 2014-06-03 07:18 - 04673536 _____ () C:\Users\Kardell\Downloads\RogueKiller.exe
 
==================== One Month Modified Files and Folders =======
 
2014-06-04 13:14 - 2014-06-04 13:13 - 00014554 _____ () C:\Users\Kardell\Downloads\FRST.txt
2014-06-04 13:14 - 2012-07-25 14:32 - 00000000 ____D () C:\Users\Kardell\AppData\Local\Temp
2014-06-04 13:13 - 2014-06-04 13:13 - 02068992 _____ (Farbar) C:\Users\Kardell\Downloads\FRST64.exe
2014-06-04 13:13 - 2014-06-03 19:17 - 00000000 ____D () C:\FRST
2014-06-04 13:02 - 2014-06-04 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-06-04 13:02 - 2014-06-04 13:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-06-04 13:02 - 2014-06-03 08:19 - 00000956 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-04 13:02 - 2014-02-03 12:53 - 00000000 ____D () C:\Users\Kardell\AppData\Roaming\Malwarebytes
2014-06-04 13:02 - 2014-02-03 12:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-04 13:01 - 2014-06-04 13:01 - 00000000 ____D () C:\Users\Kardell\Desktop\Spyware
2014-06-04 13:01 - 2014-06-03 22:28 - 00036680 _____ () C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-04 11:21 - 2014-06-04 11:21 - 05245952 _____ () C:\Users\Kardell\Downloads\RogueKillerX64.exe
2014-06-04 06:44 - 2012-10-22 20:31 - 00000000 ____D () C:\Users\Kardell\AppData\Local\CrashDumps
2014-06-04 06:33 - 2014-06-04 06:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 22:28 - 2014-06-03 22:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 22:28 - 2014-06-03 22:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 22:23 - 2014-06-03 22:15 - 00037076 _____ () C:\Users\Kardell\Downloads\SystemLook.txt
2014-06-03 22:15 - 2014-06-03 22:15 - 00165376 _____ () C:\Users\Kardell\Downloads\SystemLook_x64.exe
2014-06-03 16:28 - 2009-07-14 00:13 - 00006194 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-03 16:26 - 2014-02-03 13:41 - 00002388 _____ () C:\Windows\PFRO.log
2014-06-03 16:12 - 2014-02-03 13:41 - 00001188 _____ () C:\Windows\setupact.log
2014-06-03 09:45 - 2014-06-03 09:45 - 04673536 _____ () C:\Users\Kardell\Downloads\RogueKiller (1).exe
2014-06-03 09:13 - 2014-06-03 09:13 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-03 09:13 - 2014-06-03 09:13 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-03 09:13 - 2014-06-03 09:13 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-03 09:06 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-03 08:43 - 2014-06-03 08:42 - 00001133 _____ () C:\Users\Kardell\Downloads\FSS.txt
2014-06-03 08:42 - 2014-06-03 08:42 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\Kardell\Downloads\tdsskiller.exe
2014-06-03 08:41 - 2014-06-03 08:41 - 00410112 _____ (Farbar) C:\Users\Kardell\Downloads\FSS.exe
2014-06-03 08:40 - 2014-06-03 08:40 - 02463848 _____ (Malwarebytes ) C:\Users\Kardell\Downloads\mbae-setup-0.10.3.0100.exe
2014-06-03 08:13 - 2014-06-03 08:12 - 00000000 ____D () C:\AdwCleaner
2014-06-03 08:13 - 2012-07-25 14:32 - 00000000 ____D () C:\Users\Kardell
2014-06-03 08:01 - 2014-06-03 07:42 - 00000000 ____D () C:\Windows\erdnt
2014-06-03 07:41 - 2014-06-03 07:39 - 00002956 _____ () C:\Users\Kardell\Desktop\Rkill.txt
2014-06-03 07:38 - 2014-06-03 07:38 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Kardell\Downloads\rkill.exe
2014-06-03 07:35 - 2014-01-22 10:27 - 00000000 ____D () C:\Windows\pss
2014-06-03 07:24 - 2014-06-03 07:24 - 01327971 _____ () C:\Users\Kardell\Downloads\AdwCleaner.exe
2014-06-03 07:24 - 2014-06-03 07:24 - 01016261 _____ (Thisisu) C:\Users\Kardell\Downloads\JRT.exe
2014-06-03 07:21 - 2014-06-03 07:21 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-03 07:21 - 2014-06-03 07:20 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Kardell\Downloads\mbam-setup-1.75.0.1300.exe
2014-06-03 07:18 - 2014-06-03 07:18 - 04673536 _____ () C:\Users\Kardell\Downloads\RogueKiller.exe
2014-06-03 07:09 - 2012-10-17 19:16 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-03 07:09 - 2012-10-17 19:16 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-03 07:09 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-12 07:26 - 2014-06-03 22:28 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
safeboot: ==> The system is configured to boot to Safe Mode <===== ATTENTION!
 
 
LastRegBack: 2014-03-03 21:52
 
==================== End Of Log ============================

Addition.txt :

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by Kardell at 2014-06-04 13:14:31
Running from C:\Users\Kardell\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Security Center ========================
 
AV: Norton Internet Security (Enabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-4300-76A7-A758B70C0C02}) (Version: 12.12.2.83 - APN, LLC) <==== ATTENTION
AuthenTec TrueAPI (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}) (Version: 7.0.826.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4422 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.0.4422 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FS One (HKLM-x32\...\FS Onev 1.0.3) (Version: v 1.0.3 - InertiaSoft, Inc.)
GigaClicks Crawler (HKLM-x32\...\GigaClicks Crawler) (Version: 3.0.31.0 - GigaClicks Inc.) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 32.0.1700.102 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{6032497A-4479-462B-ADB8-A0A372BB9A23}) (Version: 1.0.409.3882 - Hewlett-Packard)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{3D5C7E0E-AEC0-40EB-99D3-C40469738040}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}) (Version: 1.0.11 - Hewlett-Packard Company)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP MovieStore (x32 Version: 2.1.091 - Hewlett-Packard) Hidden
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
HP Security Assistant (HKLM\...\{562608FE-2051-4488-BF22-8CE4C03046AC}) (Version: 1.0.12 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP SimplePass PE 2012 (HKLM-x32\...\{423FBEB8-21C6-4720-A8DA-B19B06FDB607}) (Version: 5.3.1.7 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Player (HKLM-x32\...\MediaPlayerV1alpha1612) (Version: 1.1 - Media Player) <==== ATTENTION
Media View (HKLM-x32\...\MediaViewV1alpha5752) (Version: 1.1 - Media View) <==== ATTENTION
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Native Instruments Audio 4 DJ (HKLM-x32\...\Native Instruments Audio 4 DJ) (Version:  - Native Instruments)
Native Instruments Audio 4 DJ (Version: 2.9.4.433 - Native Instruments) Hidden
Native Instruments Audio 4 DJ Driver (HKLM-x32\...\Native Instruments Audio 4 DJ Driver) (Version:  - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version:  - Native Instruments)
Native Instruments Controller Editor (Version: 1.4.5.910 - Native Instruments) Hidden
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
Native Instruments Service Center (Version: 2.3.2.926 - Native Instruments) Hidden
Native Instruments Traktor (HKLM-x32\...\Native Instruments Traktor) (Version:  - Native Instruments)
Native Instruments Traktor (Version: 1.2.7.9529 - Native Instruments) Hidden
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version:  - Native Instruments)
Native Instruments Traktor 2 (Version: 2.5.1.13951 - Native Instruments) Hidden
Native Instruments Traktor Kontrol S4 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S4 Driver (Version: 3.0.3.696 - Native Instruments) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.1.0.18 - Symantec Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
PhoenixRC (HKLM-x32\...\{545DF825-0A9A-499F-B9A8-2A1A355ED7FC}) (Version: 4.0.10 - Runtime Games Ltd)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.84 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Search-Results Toolbar (HKLM-x32\...\imeshtoolbar2) (Version: 1.0.0.12 - APN LLC) <==== ATTENTION
Skookum Digital Flybar (HKCU\...\SK720DigitalFlybar) (Version:  - )
Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.17.0 - Synaptics Incorporated)
Temp File Cleaner (HKLM-x32\...\Temp File Cleaner) (Version:  - )
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Video Player (HKLM-x32\...\Video Player) (Version: 1.1 - Video Player) <==== ATTENTION
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WD SmartWare (HKLM\...\{604CB4FC-3D32-405F-A109-165F170529B6}) (Version: 1.2.0.8 - Western Digital)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2014-06-03 07:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0501627E-E0A8-4C10-8AD6-58752478D0B1} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {2D7A2FCC-3CD0-4F7C-9458-6A5C10F925AC} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {30706BAD-1ECC-43A7-8E30-32A6F2C7E216} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-03] (Adobe Systems Incorporated)
Task: {3C0BF5E0-708F-4816-BC2C-374828AA8FF8} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {4121698F-62DA-4E70-815B-3447AD843533} - \Plus-HD-1.2-firefoxinstaller No Task File <==== ATTENTION
Task: {563F227E-96EB-45F7-928A-A5B08274D33A} - \Plus-HD-1.2-updater No Task File <==== ATTENTION
Task: {5B4A2044-2996-40B7-9ECD-71862D9E79A6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-17] (Google Inc.)
Task: {5E730038-64AF-424D-8C37-7637D04C3960} - \Plus-HD-1.2-enabler No Task File <==== ATTENTION
Task: {6BF2E567-674D-4A31-9622-83B5A2BDB333} - \Plus-HD-1.2-codedownloader No Task File <==== ATTENTION
Task: {6D5DC6CD-3E7A-4C80-8CDC-73A7A15124DE} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-22] (CyberLink)
Task: {6E22F80B-694C-4B0B-B5D7-CF7D679B13AD} - \AmiUpdXp No Task File <==== ATTENTION
Task: {72C9E265-DEA1-4722-AC58-71B9889947E3} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {7DA1D838-89C5-4A7A-9E48-18B3250E3CD1} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {859AC508-3C38-452F-992E-1395B0581F80} - \Plus-HD-1.2-chromeinstaller No Task File <==== ATTENTION
Task: {9009D489-C003-4D68-9A15-E469A5D6BFDD} - System32\Tasks\{97DC3ED3-9533-4DB7-9A9B-B8AAC1D75EFB} => C:\Program Files (x86)\FS One\FS_One.exe [2006-10-12] (InertiaSoft, Inc.)
Task: {BB6C82BC-0D18-42E9-ABA9-A45414434A6E} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {E75763B8-F10A-44DF-A00A-95B8E2EB5F15} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-17] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-03 11:45 - 2014-01-23 00:56 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll
2014-02-03 11:45 - 2014-01-23 00:57 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
2014-02-03 11:45 - 2014-01-23 00:55 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk => C:\Windows\pss\WDDMStatus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk => C:\Windows\pss\WDSmartWare.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Kardell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Kardell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Severe Weather Alerts App.lnk => C:\Windows\pss\Severe Weather Alerts App.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Kardell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Severe Weather Alerts.lnk => C:\Windows\pss\Severe Weather Alerts.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: DATAMNGR => C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\DATAMN~1.EXE
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: HPQuickWebProxy => "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: NextLive => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Kardell\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:  
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/04/2014 11:24:06 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\drivers\dxgkrnl.sys for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program RogueKillerX64.exe because of this error.
 
Program: RogueKillerX64.exe
File: C:\Windows\System32\drivers\dxgkrnl.sys
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000185
Disk type: 3
 
Error: (06/04/2014 11:24:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RogueKillerX64.exe, version: 9.0.2.0, time stamp: 0x538ef100
Faulting module name: RogueKillerX64.exe, version: 9.0.2.0, time stamp: 0x538ef100
Exception code: 0xc0000006
Fault offset: 0x000000000019134d
Faulting process id: 0x6b8
Faulting application start time: 0xRogueKillerX64.exe0
Faulting application path: RogueKillerX64.exe1
Faulting module path: RogueKillerX64.exe2
Report Id: RogueKillerX64.exe3
 
Error: (06/04/2014 11:17:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/04/2014 06:44:03 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\msvcp100.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows Explorer because of this error.
 
Program: Windows Explorer
File: C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\msvcp100.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C00000B5
Disk type: 3
 
Error: (06/04/2014 06:44:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000006
Fault offset: 0x000000000003cbc8
Faulting process id: 0x3c8
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (06/03/2014 10:09:31 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\SysWOW64\mshtml.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Malwarebytes Anti-Malware because of this error.
 
Program: Malwarebytes Anti-Malware
File: C:\Windows\SysWOW64\mshtml.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000185
Disk type: 3
 
Error: (06/03/2014 10:09:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.75.0.1, time stamp: 0x511f8eb2
Faulting module name: mshtml.dll, version: 10.0.9200.16750, time stamp: 0x5269d985
Exception code: 0xc0000006
Fault offset: 0x009a5cdd
Faulting process id: 0x674
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (06/03/2014 09:47:17 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\SysWOW64\mshtml.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Malwarebytes Anti-Malware because of this error.
 
Program: Malwarebytes Anti-Malware
File: C:\Windows\SysWOW64\mshtml.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000185
Disk type: 3
 
Error: (06/03/2014 09:47:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.75.0.1, time stamp: 0x511f8eb2
Faulting module name: mshtml.dll, version: 10.0.9200.16750, time stamp: 0x5269d985
Exception code: 0xc0000006
Fault offset: 0x009a5cdd
Faulting process id: 0x7a4
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (06/03/2014 08:26:22 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\drivers\dxgkrnl.sys for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program RogueKillerX64.exe because of this error.
 
Program: RogueKillerX64.exe
File: C:\Windows\System32\drivers\dxgkrnl.sys
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000185
Disk type: 3
 
 
System errors:
=============
Error: (06/04/2014 11:15:50 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (06/04/2014 11:15:50 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (06/04/2014 11:15:44 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (06/04/2014 11:15:35 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (06/04/2014 11:15:33 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:  
discache
spldr
Wanarpv6
 
Error: (06/04/2014 11:15:20 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:46:14 AM on ‎6/‎4/‎2014 was unexpected.
 
Error: (06/04/2014 06:44:18 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
Error: (06/04/2014 06:44:17 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
Error: (06/04/2014 06:44:16 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
Error: (06/04/2014 06:44:15 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
 
Microsoft Office Sessions:
=========================
Error: (06/04/2014 11:24:06 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Windows\System32\drivers\dxgkrnl.sysRogueKillerX64.exeC00001853
 
Error: (06/04/2014 11:24:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: RogueKillerX64.exe9.0.2.0538ef100RogueKillerX64.exe9.0.2.0538ef100c0000006000000000019134d6b801cf80111ac8c5ceC:\Users\Kardell\Downloads\RogueKillerX64.exeC:\Users\Kardell\Downloads\RogueKillerX64.exea576b91e-ec04-11e3-9ed7-78e3b569d525
 
Error: (06/04/2014 11:17:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/04/2014 06:44:03 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\msvcp100.dllWindows ExplorerC00000B53
 
Error: (06/04/2014 06:44:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c0000006000000000003cbc83c801cf7f7279a39653C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll868b89cc-ebdd-11e3-9d2e-78e3b569d525
 
Error: (06/03/2014 10:09:31 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Windows\SysWOW64\mshtml.dllMalwarebytes Anti-MalwareC00001853
 
Error: (06/03/2014 10:09:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.75.0.1511f8eb2mshtml.dll10.0.9200.167505269d985c0000006009a5cdd67401cf7fa22524eeabC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Windows\SysWOW64\mshtml.dlla4e20a86-eb95-11e3-9d2e-78e3b569d525
 
Error: (06/03/2014 09:47:17 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Windows\SysWOW64\mshtml.dllMalwarebytes Anti-MalwareC00001853
 
Error: (06/03/2014 09:47:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.75.0.1511f8eb2mshtml.dll10.0.9200.167505269d985c0000006009a5cdd7a401cf7f9f0fcc7eafC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Windows\SysWOW64\mshtml.dll8a38076d-eb92-11e3-9d2e-78e3b569d525
 
Error: (06/03/2014 08:26:22 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Windows\System32\drivers\dxgkrnl.sysRogueKillerX64.exeC00001853
 
 
CodeIntegrity Errors:
===================================
 
 
==================== Memory info ===========================  
 
Percentage of memory in use: 22%
Total physical RAM: 4043.86 MB
Available physical RAM: 3142.98 MB
Total Pagefile: 8085.9 MB
Available Pagefile: 7372.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:440.79 GB) (Free:311.69 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:20.81 GB) (Free:2.25 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.07 GB) FAT32
Drive g: (MULTISYSTEM) (Removable) (Total:14.89 GB) (Free:10.15 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 6F916D90)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 000C52F9)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)
 
==================== End Of Log ============================

RogueKiller will not run. I have a post open on their site, Here...
http://forum.adlice.com/index.php/topic,105.0.html

It crashes with:
Problem signature:
  Problem Event Name:   InPageCoFire
  Error Status Code:   c0000185
  Faulting Media Type:   00000003
  Damaged file name:   dxgkrnl.sys
  OS Version:   6.1.7601.2.1.0.768.3
  Locale ID:   1033
  Additional Information 1:   4185
  Additional Information 2:   418519222577344c55066d30590bd95d
  Additional Information 3:   cfb4
  Additional Information 4:   cfb45a02466b4b7d6130164d00fd0749

Malwarebytes and Chamelion will not run. They crash with:

Run-time error '-2147417848 (80010108)':
automation error

the object invoked has disconnected from its clients.

chkdsk c: /f /r /x

 

When I try to run chkdsk, I reboot the computer, the process initializes, then immediately terminates.

 

What next?
 

Link to post
Share on other sites

Hello and Welcome on board theonlytalkinggoat :welcome:,

my Name is Machiavelli and I will assist you with your problem.

If you booted into safe mode on your computer then print my instructions!

I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:

  • Removing Malware is usually very difficult.

    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!

  • Please follow these instructions

    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!

  • Please stay in contact with me until your problem is resolved

    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.

  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware

    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!

  • Read my post completely

    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!


Why are you running the tools in Safe Mode?

Link to post
Share on other sites

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1

  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Link to post
Share on other sites

New Symptom:

 

Windows is now complaining the version of windows is not genuine.

 

Additional Symptom:

Computer is so slow, in normal mode, it is unusableFull boot takes over 5 minutes and it takes over 1 minute to access the start menu. Anything launched from it, probably won't open, this week. Maybe next.

AdwCleaner:

# AdwCleaner v3.211 - Report created 04/06/2014 at 15:06:03
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Kardell - KARDELL-HP
# Running from : C:\Users\Kardell\Desktop\Spyware\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16750
 
 
-\\ Google Chrome v32.0.1700.102
 
[ File : C:\Users\Kardell\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [search Provider] : hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=393&systemid=1&apn_dtid=IME001&apn_ptnrs=AG1&o=APN10653&apn_uid=1950462057244745&q={searchTerms}
Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3308837&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP34B20FD1-D6DC-4D9D-BB23-CA9B6478D577&q=%s&SSPV=
 
*************************
 
AdwCleaner[R0].txt - [23665 octets] - [03/06/2014 08:12:53]
AdwCleaner[R1].txt - [1455 octets] - [04/06/2014 15:04:57]
AdwCleaner[s0].txt - [20039 octets] - [03/06/2014 08:13:28]
AdwCleaner[s1].txt - [1386 octets] - [04/06/2014 15:06:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1446 octets] ##########

JRT:

 

Would not run in safe mode, even using run as admin. Froze on the Internet Explorer stage, in normal mode. Allowed it to run for 2:30. Rebooted into safe mode to run FRST...


FRST:
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Kardell (administrator) on KARDELL-HP on 04-06-2014 16:26:40
Running from C:\Users\Kardell\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/  
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/  
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816808 2011-07-21] (Synaptics Incorporated)
HKLM\...\Run: [setDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
Startup: C:\Users\Kardell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
Startup: C:\Users\Kardell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk
ShortcutTarget: Severe Weather Alerts App.lnk -> C:\Users\Kardell\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe (No File)
Startup: C:\Users\Kardell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk
ShortcutTarget: Severe Weather Alerts.lnk -> C:\Users\Kardell\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL =  
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM - {E96A393A-F4A0-4EF8-B105-E60FE6BD09FE} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Video Player - {1d683a7c-d033-4ce3-8b80-d0869f4c4c90} - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta6162\ie\VideoPlayerV3beta6162.dll No File
BHO-x32: Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll" No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Media View - {6d85906c-13c2-41ba-ba58-adf864f241b8} - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5752\ie\MediaViewV1alpha5752.dll No File
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Media Player - {9d2d6523-343c-459b-84eb-494d85d0f94b} - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha1612\ie\MediaPlayerV1alpha1612.dll No File
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll" No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.15.4
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-12-31]
FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta6162.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta6162\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaPlayerV1alpha1612.net] - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha1612\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha5752.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5752\ff
 
Chrome:  
=======
CHR HomePage:  
CHR Extension: (Google Docs) - C:\Users\Kardell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-25]
CHR Extension: (Google Drive) - C:\Users\Kardell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-25]
CHR Extension: (YouTube) - C:\Users\Kardell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-17]
CHR Extension: (Google Search) - C:\Users\Kardell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-17]
CHR Extension: (Website Logon) - C:\Users\Kardell\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa [2014-01-25]
CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\Kardell\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-25]
CHR Extension: (Google Wallet) - C:\Users\Kardell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-05]
CHR Extension: (Gmail) - C:\Users\Kardell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-17]
CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-25]
CHR HKLM-x32\...\Chrome\Extension: [eigajcihfeikdnhpeonndlggggiodpln] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5752\ch\MediaViewV1alpha5752.crx [2011-08-25]
CHR HKLM-x32\...\Chrome\Extension: [ildjmoebhbpbpohbmebnpfdfeejjgjlb] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta6162\ch\VideoPlayerV3beta6162.crx [2011-08-25]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [2013-12-31]
 
==================== Services (Whitelisted) =================
 
S2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 a4djavs; C:\Windows\System32\Drivers\a4djavs.sys [353360 2010-10-20] (Native Instruments GmbH)
S3 a4djusb_svc; C:\Windows\System32\Drivers\a4djusb.sys [93264 2010-10-20] (Native Instruments GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131002.001\BHDrvx64.sys [1525848 2013-09-25] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-10-16] (Symantec Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32152 2014-01-22] ()
S3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20130930.001\IDSVia64.sys [520280 2013-09-23] (Symantec Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2014-06-04] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-04] (Malwarebytes Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-31] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
S1 A2DDA; \??\G:\RUN\a2ddax64.sys [X]
S3 cleanhlp; \??\G:\Run\cleanhlp64.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131004.035\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131004.035\EX64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-04 16:06 - 2014-06-04 16:06 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-06-04 15:16 - 2014-06-04 15:25 - 00013190 _____ () C:\Windows\WindowsUpdate.log
2014-06-04 15:16 - 2014-06-04 15:16 - 00001184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-04 15:16 - 2014-06-04 15:16 - 00001184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-04 15:16 - 2014-06-04 15:16 - 00000552 _____ () C:\Windows\system32\spsys.log
2014-06-04 15:14 - 2014-06-04 15:14 - 00000000 ____D () C:\Windows\ERUNT
2014-06-04 13:14 - 2014-06-04 13:14 - 00041027 _____ () C:\Users\Kardell\Downloads\Addition.txt
2014-06-04 13:13 - 2014-06-04 16:26 - 00000883 _____ () C:\Users\Kardell\Downloads\FRST.txt
2014-06-04 13:13 - 2014-06-04 13:13 - 02068992 _____ (Farbar) C:\Users\Kardell\Downloads\FRST64.exe
2014-06-04 13:02 - 2014-06-04 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-06-04 13:02 - 2014-06-04 13:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-06-04 13:01 - 2014-06-04 13:01 - 00000000 ____D () C:\Users\Kardell\Desktop\Spyware
2014-06-04 11:21 - 2014-06-04 11:21 - 05245952 _____ () C:\Users\Kardell\Downloads\RogueKillerX64.exe
2014-06-04 06:32 - 2014-06-04 06:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 22:28 - 2014-06-04 13:01 - 00036680 _____ () C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-03 22:28 - 2014-06-03 22:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 22:28 - 2014-06-03 22:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 22:28 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-03 22:15 - 2014-06-04 14:42 - 00003182 _____ () C:\Users\Kardell\Downloads\SystemLook.txt
2014-06-03 22:15 - 2014-06-03 22:15 - 00165376 _____ () C:\Users\Kardell\Downloads\SystemLook_x64.exe
2014-06-03 19:17 - 2014-06-04 16:26 - 00000000 ____D () C:\FRST
2014-06-03 09:45 - 2014-06-03 09:45 - 04673536 _____ () C:\Users\Kardell\Downloads\RogueKiller (1).exe
2014-06-03 09:13 - 2014-06-03 09:13 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-03 09:13 - 2014-06-03 09:13 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-03 09:13 - 2014-06-03 09:13 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-03 08:42 - 2014-06-03 08:43 - 00001133 _____ () C:\Users\Kardell\Downloads\FSS.txt
2014-06-03 08:42 - 2014-06-03 08:42 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\Kardell\Downloads\tdsskiller.exe
2014-06-03 08:41 - 2014-06-03 08:41 - 00410112 _____ (Farbar) C:\Users\Kardell\Downloads\FSS.exe
2014-06-03 08:40 - 2014-06-03 08:40 - 02463848 _____ (Malwarebytes ) C:\Users\Kardell\Downloads\mbae-setup-0.10.3.0100.exe
2014-06-03 08:19 - 2014-06-04 13:02 - 00000956 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 08:13 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-03 08:12 - 2014-06-04 15:06 - 00000000 ____D () C:\AdwCleaner
2014-06-03 07:43 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-03 07:43 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-03 07:43 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-03 07:43 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-03 07:43 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-03 07:43 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-03 07:43 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-03 07:43 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-03 07:42 - 2014-06-03 08:01 - 00000000 ____D () C:\Windows\erdnt
2014-06-03 07:39 - 2014-06-03 07:41 - 00002956 _____ () C:\Users\Kardell\Desktop\Rkill.txt
2014-06-03 07:38 - 2014-06-03 07:38 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Kardell\Downloads\rkill.exe
2014-06-03 07:24 - 2014-06-03 07:24 - 01327971 _____ () C:\Users\Kardell\Downloads\AdwCleaner.exe
2014-06-03 07:24 - 2014-06-03 07:24 - 01016261 _____ (Thisisu) C:\Users\Kardell\Downloads\JRT.exe
2014-06-03 07:21 - 2014-06-03 07:21 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-03 07:20 - 2014-06-03 07:21 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Kardell\Downloads\mbam-setup-1.75.0.1300.exe
2014-06-03 07:18 - 2014-06-03 07:18 - 04673536 _____ () C:\Users\Kardell\Downloads\RogueKiller.exe
 
==================== One Month Modified Files and Folders =======
 
2014-06-04 16:26 - 2014-06-04 13:13 - 00000883 _____ () C:\Users\Kardell\Downloads\FRST.txt
2014-06-04 16:26 - 2014-06-03 19:17 - 00000000 ____D () C:\FRST
2014-06-04 16:26 - 2012-07-25 14:32 - 00000000 ____D () C:\Users\Kardell\AppData\Local\Temp
2014-06-04 16:08 - 2012-10-17 19:16 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-04 16:06 - 2014-06-04 16:06 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-06-04 15:25 - 2014-06-04 15:16 - 00013190 _____ () C:\Windows\WindowsUpdate.log
2014-06-04 15:21 - 2009-07-14 00:13 - 00006194 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-04 15:20 - 2012-10-17 19:16 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-04 15:16 - 2014-06-04 15:16 - 00001184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-04 15:16 - 2014-06-04 15:16 - 00001184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-04 15:16 - 2014-06-04 15:16 - 00000552 _____ () C:\Windows\system32\spsys.log
2014-06-04 15:16 - 2012-07-25 10:50 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{25EA668E-89BD-4F3E-8D8E-5247562A2089}
2014-06-04 15:15 - 2012-10-17 19:16 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-04 15:15 - 2012-10-17 19:16 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-04 15:14 - 2014-06-04 15:14 - 00000000 ____D () C:\Windows\ERUNT
2014-06-04 15:14 - 2014-02-03 13:41 - 00002038 _____ () C:\Windows\setupact.log
2014-06-04 15:13 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-04 15:10 - 2014-01-22 10:27 - 00000000 ____D () C:\Windows\pss
2014-06-04 15:10 - 2012-07-25 10:50 - 00000000 ___RD () C:\Users\Kardell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-04 15:10 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-04 15:06 - 2014-06-03 08:12 - 00000000 ____D () C:\AdwCleaner
2014-06-04 15:06 - 2014-02-03 13:41 - 00002694 _____ () C:\Windows\PFRO.log
2014-06-04 14:42 - 2014-06-03 22:15 - 00003182 _____ () C:\Users\Kardell\Downloads\SystemLook.txt
2014-06-04 13:14 - 2014-06-04 13:14 - 00041027 _____ () C:\Users\Kardell\Downloads\Addition.txt
2014-06-04 13:13 - 2014-06-04 13:13 - 02068992 _____ (Farbar) C:\Users\Kardell\Downloads\FRST64.exe
2014-06-04 13:02 - 2014-06-04 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-06-04 13:02 - 2014-06-04 13:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-06-04 13:02 - 2014-06-03 08:19 - 00000956 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-04 13:02 - 2014-02-03 12:53 - 00000000 ____D () C:\Users\Kardell\AppData\Roaming\Malwarebytes
2014-06-04 13:02 - 2014-02-03 12:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-04 13:01 - 2014-06-04 13:01 - 00000000 ____D () C:\Users\Kardell\Desktop\Spyware
2014-06-04 13:01 - 2014-06-03 22:28 - 00036680 _____ () C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-04 11:21 - 2014-06-04 11:21 - 05245952 _____ () C:\Users\Kardell\Downloads\RogueKillerX64.exe
2014-06-04 06:44 - 2012-10-22 20:31 - 00000000 ____D () C:\Users\Kardell\AppData\Local\CrashDumps
2014-06-04 06:33 - 2014-06-04 06:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 22:28 - 2014-06-03 22:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 22:28 - 2014-06-03 22:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 22:15 - 2014-06-03 22:15 - 00165376 _____ () C:\Users\Kardell\Downloads\SystemLook_x64.exe
2014-06-03 09:45 - 2014-06-03 09:45 - 04673536 _____ () C:\Users\Kardell\Downloads\RogueKiller (1).exe
2014-06-03 09:13 - 2014-06-03 09:13 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-03 09:13 - 2014-06-03 09:13 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-03 09:13 - 2014-06-03 09:13 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-03 09:06 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-03 08:43 - 2014-06-03 08:42 - 00001133 _____ () C:\Users\Kardell\Downloads\FSS.txt
2014-06-03 08:42 - 2014-06-03 08:42 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\Kardell\Downloads\tdsskiller.exe
2014-06-03 08:41 - 2014-06-03 08:41 - 00410112 _____ (Farbar) C:\Users\Kardell\Downloads\FSS.exe
2014-06-03 08:40 - 2014-06-03 08:40 - 02463848 _____ (Malwarebytes ) C:\Users\Kardell\Downloads\mbae-setup-0.10.3.0100.exe
2014-06-03 08:13 - 2012-07-25 14:32 - 00000000 ____D () C:\Users\Kardell
2014-06-03 08:01 - 2014-06-03 07:42 - 00000000 ____D () C:\Windows\erdnt
2014-06-03 07:41 - 2014-06-03 07:39 - 00002956 _____ () C:\Users\Kardell\Desktop\Rkill.txt
2014-06-03 07:38 - 2014-06-03 07:38 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Kardell\Downloads\rkill.exe
2014-06-03 07:24 - 2014-06-03 07:24 - 01327971 _____ () C:\Users\Kardell\Downloads\AdwCleaner.exe
2014-06-03 07:24 - 2014-06-03 07:24 - 01016261 _____ (Thisisu) C:\Users\Kardell\Downloads\JRT.exe
2014-06-03 07:21 - 2014-06-03 07:21 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-03 07:21 - 2014-06-03 07:20 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Kardell\Downloads\mbam-setup-1.75.0.1300.exe
2014-06-03 07:18 - 2014-06-03 07:18 - 04673536 _____ () C:\Users\Kardell\Downloads\RogueKiller.exe
2014-05-12 07:26 - 2014-06-03 22:28 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
 
Some content of TEMP:
====================
C:\Users\Kardell\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-03 21:52
 
==================== End Of Log ============================

Link to post
Share on other sites

  • Please download the attached fixlist.txt file and save it to the same location as FRST

    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
How is your PC running now?

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-06-2014
Ran by Kardell at 2014-06-05 10:00:38 Run:2
Running from C:\Users\Kardell\Downloads
Boot Mode: Safe Mode (with Networking)
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
ShortcutTarget: Severe Weather Alerts.lnk -> C:\Users\Kardell\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL =   
BHO-x32: Video Player - {1d683a7c-d033-4ce3-8b80-d0869f4c4c90} - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta6162\ie\VideoPlayerV3beta6162.dll No File
BHO-x32: Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll" No File
BHO-x32: Media View - {6d85906c-13c2-41ba-ba58-adf864f241b8} - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5752\ie\MediaViewV1alpha5752.dll No File
BHO-x32: Media Player - {9d2d6523-343c-459b-84eb-494d85d0f94b} - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha1612\ie\MediaPlayerV1alpha1612.dll No File
Toolbar: HKLM-x32 - Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll" No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
2014-06-04 15:16 - 2012-07-25 10:50 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{25EA668E-89BD-4F3E-8D8E-5247562A2089}
C:\Users\Kardell\AppData\Local\Temp\Quarantine.exe
C:\Program Files (x86)\Mobogenie
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => Value deleted successfully.
C:\Users\Kardell\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d683a7c-d033-4ce3-8b80-d0869f4c4c90} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{1d683a7c-d033-4ce3-8b80-d0869f4c4c90} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-4300-76A7-7A786E7484D7} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{4F524A2D-5637-4300-76A7-7A786E7484D7} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d85906c-13c2-41ba-ba58-adf864f241b8} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6d85906c-13c2-41ba-ba58-adf864f241b8} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d2d6523-343c-459b-84eb-494d85d0f94b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9d2d6523-343c-459b-84eb-494d85d0f94b} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{4F524A2D-5637-4300-76A7-7A786E7484D7} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{4F524A2D-5637-4300-76A7-7A786E7484D7} => Key not found.
HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer => Key deleted successfully.
C:\Windows\system32\Adobe\Director\np32dsw.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
C:\Windows\System32\Tasks\User_Feed_Synchronization-{25EA668E-89BD-4F3E-8D8E-5247562A2089} => Moved successfully.
C:\Users\Kardell\AppData\Local\Temp\Quarantine.exe => Moved successfully.
"C:\Program Files (x86)\Mobogenie" => File/Directory not found.
 
 
The system needed a reboot.  
 
==== End of Fixlog ====

System rebooted.

System is still slower than Christmas.

 

MBAM and Chameleon still throw the error, Run time error '-2147417848 (80010108)': Automation error The object invoked has disconnected from its clients.

Latest version of RogueKiller still won't run.

Thanks for your patience and persistence!

Link to post
Share on other sites

So is it faster than before?

aswMBR

Please download aswMBR from one of the links below and save it to your Desktop.

Download Mirror #1

  • Right-click on aswMBR.exe and select Run as Administrator.
  • Click Yes when asked to download the Avast! definitions.
  • Click Scan to initiate the scan.
  • When the scan finishes, click Save Log and save this to your Desktop.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
GMER

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror which will download a randomly named file
  • Zipped Mirror - Unzip the file to its own folder such as C:\gmer
  • Disconnect from the Internet and close all running programs
  • Temporarily disable any real-time active protection
  • It is very important you do not use your computer while GMER is running
  • Double-click on the randomly named GMER gmericon_zps951fd5aa.jpg icon
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO
  • Please check in the Quick scan box
  • Please uncheck the following:
    • IAT/EAT
    • Show All <<< Important
    GMER2new_zpsdd936679.jpg
  • Click Scan
  • If you see a rootkit warning window click OK
  • When the scan is finished, Save the results to your desktop as gmer.log
  • Click Copy then paste the results in your reply
  • Exit GMER and be sure to re-enable your Antivirus, Firewall and any other security programs you had disabled
Note:
  • If you encounter any problems, try running GMER in Safe Mode
  • If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning
Link to post
Share on other sites

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-06-05 13:48:12
-----------------------------
13:48:12.723    OS Version: Windows x64 6.1.7601 Service Pack 1
13:48:12.723    Number of processors: 4 586 0x2A07
13:48:12.723    ComputerName: KARDELL-HP  UserName: Kardell
13:48:16.607    Initialize success
13:50:16.306    AVAST engine defs: 14060500
13:50:37.709    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:50:37.709    Disk 0 Vendor: Hitachi_ JE3O Size: 476940MB BusType: 3
13:50:37.818    Disk 0 MBR read successfully
13:50:37.818    Disk 0 MBR scan
13:50:37.818    Disk 0 Windows 7 default MBR code
13:50:37.818    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
13:50:37.834    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       451371 MB offset 409600
13:50:37.865    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        21305 MB offset 924817408
13:50:37.881    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0     4063 MB offset 968450048
13:50:38.006    Disk 0 scanning C:\Windows\system32\drivers
13:51:18.160    Service scanning
13:52:41.183    Modules scanning
13:52:41.183    Disk 0 trace - called modules:
13:52:41.199    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll  
13:52:41.199    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007254060]
13:52:41.215    3 CLASSPNP.SYS[fffff88001c7843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004db1050]
13:52:42.182    AVAST engine scan C:\Windows
13:52:44.428    AVAST engine scan C:\Windows\system32
13:54:52.988    AVAST engine scan C:\Windows\system32\drivers
13:55:35.779    AVAST engine scan C:\Users\Kardell
14:02:25.295    AVAST engine scan C:\ProgramData
14:03:46.837    Scan finished successfully
14:05:24.976    Disk 0 MBR has been saved successfully to "G:\Spyware\MBR.dat"
14:05:24.992    The log file has been saved successfully to "G:\Spyware\aswMBR.txt"
 

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-06-05 14:22:02
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE3O 465.76GB
Running: gmer.exe; Driver: C:\Users\Kardell\AppData\Local\Temp\uwlirkob.sys
 
 
---- Kernel code sections - GMER 2.1 ----
 
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                             fffff800021a8000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 594                                                             fffff800021a8042 4 bytes [00, 00, 00, 00]
 
---- Registry - GMER 2.1 ----
 
Reg       HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7E9F4C1E-F38E-4EDA-91ED-F253E9D2B3EF}@LeaseObtainedTime    1401995265
Reg       HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7E9F4C1E-F38E-4EDA-91ED-F253E9D2B3EF}@T1                   1401995565
Reg       HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7E9F4C1E-F38E-4EDA-91ED-F253E9D2B3EF}@T2                   1401995790
Reg       HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7E9F4C1E-F38E-4EDA-91ED-F253E9D2B3EF}@LeaseTerminatesTime  1401995865
 
---- EOF - GMER 2.1 ----

 

It seems the problem is not a virus, anymore. We seem to have resolved that issue, with your help. I was able to boot the computer into Ubuntu and check the physical status of the hard disk. Several of the files are damaged and there are physical failures on the disk. This seems to be what is causing the remaining problems.

Again, thanks for the help.

Link to post
Share on other sites

Hello,

in my opinion your PC is clean.

We need to remove the tools we've used during cleaning your machine

  • Download Delfix from here and run it (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Delfix icon and select Run as Administrator).
  • Ensure Remove disinfection tools is ticked

    Also tick:

    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply


Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.