Jump to content

Malwarebytes and chameleon not working


Recommended Posts

Malwarebytes won't update, and attempting to run chameleon doesn't doesn't seem to help. I keep getting a window that says malwarebytes is not working and can either search the web for a solution or close the program.

 

 

 

I ran the farbar recovery tool scan and got the following:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-06-2014
Ran by Batch Op (administrator) on BATCHOP-PC on 10-06-2014 11:35:09
Running from C:\Windows\System32\config\systemprofile\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Easy Automation, Inc.) C:\FOPro\fopro.exe
() C:\FOPro\crp32002.ngn
(Easy Automation Inc.) C:\Batcher\FeedBatch.exe
(Easy Automation, Inc.) C:\Batcher\OrdSync.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-12-11] (LogMeIn, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [390728 2010-11-23] (Acronis)
HKLM-x32\...\Run: [Anti-phishing Domain Advisor] => C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe [217256 2012-05-03] (Visicom Media Inc. (Powered by Panda Security))
HKLM-x32\...\Run: [sAOB Monitor] => C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2536448 2010-11-16] (Acronis)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5542168 2010-11-23] (Acronis)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)

==================== Internet (Whitelisted) ====================

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: blekko search bar - {5ce808f4-c861-4392-b55e-c97a89fbe2dd} - C:\Program Files (x86)\blekkotb_005\blekkotb_005X.dll ()
BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - blekko search bar - {5ce808f4-c861-4392-b55e-c97a89fbe2dd} - C:\Program Files (x86)\blekkotb_005\blekkotb_005X.dll ()
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.145.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-09-30]

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
R2 CrypKey License; C:\Windows\system32\crypserv.exe [126976 2010-03-18] (CrypKey (Canada) Ltd.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-06-06] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-06-06] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-12-11] (LogMeIn, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [140424 2014-04-23] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-12-11] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R1 NetworkX; C:\Windows\System32\ckldrv.sys [30272 2010-03-18] ()
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SPorts; C:\Windows\System32\DRIVERS\SPorts.sys [122880 2009-08-17] ()
R0 vidsflt61; C:\Windows\System32\DRIVERS\vsflt61.sys [142944 2012-09-23] (Acronis)
S2 WinRT; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-10 11:35 - 2014-06-10 11:35 - 00009367 _____ () C:\Windows\system32\config\systemprofile\Desktop\FRST.txt
2014-06-10 11:29 - 2014-06-10 11:29 - 02080768 _____ (Farbar) C:\Windows\system32\config\systemprofile\Desktop\FRST64.exe
2014-06-10 10:30 - 2014-06-10 11:35 - 00000000 ____D () C:\FRST
2014-06-10 09:17 - 2014-06-10 10:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 09:17 - 2014-06-10 10:23 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-10 09:17 - 2014-06-10 09:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-10 09:17 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-10 09:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-09 18:41 - 2014-06-09 18:41 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-06-09 15:01 - 2014-06-09 15:01 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-05-14 16:03 - 2014-05-05 23:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 16:03 - 2014-05-05 23:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 16:03 - 2014-05-05 22:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 16:03 - 2014-05-05 22:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 16:03 - 2014-05-05 22:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 16:03 - 2014-05-05 21:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 08:26 - 2014-05-09 01:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 08:26 - 2014-05-09 01:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 08:26 - 2014-03-24 21:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 08:26 - 2014-03-24 21:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 08:25 - 2014-04-11 21:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 08:25 - 2014-04-11 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 08:25 - 2014-04-11 21:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 08:25 - 2014-04-11 21:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 08:25 - 2014-04-11 21:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 08:25 - 2014-04-11 21:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 08:25 - 2014-04-11 21:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 08:25 - 2014-04-11 21:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 08:25 - 2014-04-11 21:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 08:25 - 2014-03-04 04:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 08:25 - 2014-03-04 04:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 08:25 - 2014-03-04 04:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 08:25 - 2014-03-04 04:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 08:25 - 2014-03-04 04:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 08:25 - 2014-03-04 04:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 08:25 - 2014-03-04 04:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 08:25 - 2014-03-04 04:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 08:25 - 2014-03-04 04:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 08:25 - 2014-03-04 04:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 08:25 - 2014-03-04 04:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 08:25 - 2014-03-04 04:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 08:25 - 2014-03-04 04:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 08:25 - 2014-03-04 04:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 08:25 - 2014-03-04 04:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 08:25 - 2014-03-04 04:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 08:25 - 2014-03-04 04:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 08:25 - 2014-03-04 04:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 08:25 - 2014-03-04 04:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 08:25 - 2014-03-04 04:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 08:25 - 2014-03-04 04:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 08:25 - 2014-03-04 04:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 08:25 - 2014-03-04 04:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 08:25 - 2014-03-04 04:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 08:25 - 2014-03-04 04:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 08:25 - 2014-03-04 04:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 08:25 - 2014-03-04 04:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 08:25 - 2014-03-04 04:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 08:25 - 2014-03-04 04:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 08:25 - 2014-03-04 04:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 08:25 - 2014-03-04 04:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 08:25 - 2014-03-04 04:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-13 14:14 - 2014-05-13 14:14 - 00000000 _____ () C:\Windows\SysWOW64\FAP8A49.tmp
2014-05-13 14:14 - 2014-05-13 14:14 - 00000000 _____ () C:\Windows\SysWOW64\FAP80E3.tmp
2014-05-13 13:24 - 2014-05-13 13:24 - 00000000 _____ () C:\Windows\SysWOW64\FAP9228.tmp
2014-05-13 13:24 - 2014-05-13 13:24 - 00000000 _____ () C:\Windows\SysWOW64\FAP911B.tmp
2014-05-13 13:24 - 2014-05-13 13:24 - 00000000 _____ () C:\Windows\SysWOW64\FAP44F.tmp
2014-05-13 12:46 - 2014-05-13 12:46 - 00000000 _____ () C:\Windows\SysWOW64\FAP6CF4.tmp
2014-05-13 12:45 - 2014-05-13 12:45 - 00000000 _____ () C:\Windows\SysWOW64\FAP9FB3.tmp
2014-05-13 12:45 - 2014-05-13 12:45 - 00000000 _____ () C:\Windows\SysWOW64\FAP9E96.tmp
2014-05-13 11:07 - 2014-05-13 11:07 - 00000000 _____ () C:\Windows\SysWOW64\FAP84AA.tmp
2014-05-13 10:58 - 2014-05-13 10:58 - 00000000 _____ () C:\Windows\SysWOW64\FAPB4E9.tmp
2014-05-13 10:58 - 2014-05-13 10:58 - 00000000 _____ () C:\Windows\SysWOW64\FAPB37E.tmp
2014-05-13 10:24 - 2014-05-13 10:24 - 00000000 _____ () C:\Windows\SysWOW64\FAPFE10.tmp
2014-05-13 09:09 - 2014-05-13 09:09 - 00000000 _____ () C:\Windows\SysWOW64\FAP329.tmp
2014-05-13 09:09 - 2014-05-13 09:09 - 00000000 _____ () C:\Windows\SysWOW64\FAP1AF.tmp
2014-05-13 09:03 - 2014-05-13 09:03 - 00000000 _____ () C:\Windows\SysWOW64\FAPD29F.tmp
2014-05-13 08:24 - 2014-05-13 08:24 - 00000000 _____ () C:\Windows\SysWOW64\FAP41D3.tmp
2014-05-13 08:24 - 2014-05-13 08:24 - 00000000 _____ () C:\Windows\SysWOW64\FAP4039.tmp
2014-05-13 08:24 - 2014-05-13 08:24 - 00000000 _____ () C:\Windows\SysWOW64\FAP4006.tmp
2014-05-13 08:24 - 2014-05-13 08:24 - 00000000 _____ () C:\Windows\SysWOW64\FAP3FD4.tmp
2014-05-13 08:24 - 2014-05-13 08:24 - 00000000 _____ () C:\Windows\SysWOW64\FAP35A2.tmp
2014-05-13 08:24 - 2014-05-13 08:24 - 00000000 _____ () C:\Windows\SysWOW64\FAP31A8.tmp
2014-05-13 08:24 - 2014-05-13 08:24 - 00000000 _____ () C:\Windows\SysWOW64\FAP2DED.tmp
2014-05-13 08:24 - 2014-05-13 08:24 - 00000000 _____ () C:\Windows\SysWOW64\FAP2986.tmp
2014-05-13 07:46 - 2014-05-13 07:46 - 00000000 _____ () C:\Windows\SysWOW64\FAPF087.tmp
2014-05-13 07:45 - 2014-05-13 07:45 - 00000000 _____ () C:\Windows\SysWOW64\FAPB20.tmp
2014-05-13 07:45 - 2014-05-13 07:45 - 00000000 _____ () C:\Windows\SysWOW64\FAP93A4.tmp
2014-05-13 07:44 - 2014-05-13 07:44 - 00000000 _____ () C:\Windows\SysWOW64\FAPA6C.tmp
2014-05-13 07:44 - 2014-05-13 07:44 - 00000000 _____ () C:\Windows\SysWOW64\FAP9A12.tmp
2014-05-13 07:43 - 2014-05-13 07:43 - 00000000 _____ () C:\Windows\SysWOW64\FAPB70B.tmp
2014-05-13 07:43 - 2014-05-13 07:43 - 00000000 _____ () C:\Windows\SysWOW64\FAP71CE.tmp
2014-05-13 07:11 - 2014-05-13 07:11 - 00000000 _____ () C:\Windows\SysWOW64\FAPA40F.tmp
2014-05-13 07:11 - 2014-05-13 07:11 - 00000000 _____ () C:\Windows\SysWOW64\FAPA237.tmp
2014-05-13 07:11 - 2014-05-13 07:11 - 00000000 _____ () C:\Windows\SysWOW64\FAPA0FB.tmp
2014-05-13 07:11 - 2014-05-13 07:11 - 00000000 _____ () C:\Windows\SysWOW64\FAP9554.tmp
2014-05-13 07:11 - 2014-05-13 07:11 - 00000000 _____ () C:\Windows\SysWOW64\FAP781F.tmp
2014-05-13 07:11 - 2014-05-13 07:11 - 00000000 _____ () C:\Windows\SysWOW64\FAP7416.tmp
2014-05-13 07:11 - 2014-05-13 07:11 - 00000000 _____ () C:\Windows\SysWOW64\FAP727C.tmp
2014-05-13 07:08 - 2014-05-13 07:08 - 00000000 _____ () C:\Windows\SysWOW64\FAPE21B.tmp
2014-05-13 07:08 - 2014-05-13 07:08 - 00000000 _____ () C:\Windows\SysWOW64\FAPE1C9.tmp
2014-05-13 07:08 - 2014-05-13 07:08 - 00000000 _____ () C:\Windows\SysWOW64\FAPDED8.tmp
2014-05-13 07:08 - 2014-05-13 07:08 - 00000000 _____ () C:\Windows\SysWOW64\FAPD765.tmp
2014-05-13 07:08 - 2014-05-13 07:08 - 00000000 _____ () C:\Windows\SysWOW64\FAPCFF2.tmp
2014-05-13 07:08 - 2014-05-13 07:08 - 00000000 _____ () C:\Windows\SysWOW64\FAPCA43.tmp
2014-05-13 07:08 - 2014-05-13 07:08 - 00000000 _____ () C:\Windows\SysWOW64\FAP6EB8.tmp
2014-05-13 07:08 - 2014-05-13 07:08 - 00000000 _____ () C:\Windows\SysWOW64\FAP6AFC.tmp
2014-05-13 07:08 - 2014-05-13 07:08 - 00000000 _____ () C:\Windows\SysWOW64\FAP684A.tmp
2014-05-13 07:08 - 2014-05-13 07:08 - 00000000 _____ () C:\Windows\SysWOW64\FAP66B0.tmp
2014-05-13 07:08 - 2014-05-13 07:08 - 00000000 _____ () C:\Windows\SysWOW64\FAP5C31.tmp
2014-05-13 07:08 - 2014-05-13 07:08 - 00000000 _____ () C:\Windows\SysWOW64\FAP578B.tmp
2014-05-13 07:07 - 2014-05-13 07:07 - 00000000 _____ () C:\Windows\SysWOW64\FAP9C25.tmp
2014-05-13 07:07 - 2014-05-13 07:07 - 00000000 _____ () C:\Windows\SysWOW64\FAP9A5D.tmp
2014-05-13 07:07 - 2014-05-13 07:07 - 00000000 _____ () C:\Windows\SysWOW64\FAP8D8D.tmp
2014-05-13 07:07 - 2014-05-13 07:07 - 00000000 _____ () C:\Windows\SysWOW64\FAP8A9C.tmp
2014-05-13 07:07 - 2014-05-13 07:07 - 00000000 _____ () C:\Windows\SysWOW64\FAP804B.tmp
2014-05-13 07:06 - 2014-05-13 07:06 - 00000000 _____ () C:\Windows\SysWOW64\FAP1F06.tmp
2014-05-13 07:06 - 2014-05-13 07:06 - 00000000 _____ () C:\Windows\SysWOW64\FAP1DBA.tmp
2014-05-13 07:06 - 2014-05-13 07:06 - 00000000 _____ () C:\Windows\SysWOW64\FAP1C4F.tmp
2014-05-13 07:06 - 2014-05-13 07:06 - 00000000 _____ () C:\Windows\SysWOW64\FAP1AE5.tmp
2014-05-13 07:05 - 2014-05-13 07:05 - 00000000 _____ () C:\Windows\SysWOW64\FAPED7.tmp
2014-05-13 07:05 - 2014-05-13 07:05 - 00000000 _____ () C:\Windows\SysWOW64\FAP716.tmp
2014-05-13 07:05 - 2014-05-13 07:05 - 00000000 _____ () C:\Windows\SysWOW64\FAP250E.tmp
2014-05-13 07:05 - 2014-05-13 07:05 - 00000000 _____ () C:\Windows\SysWOW64\FAP227A.tmp
2014-05-13 07:05 - 2014-05-13 07:05 - 00000000 _____ () C:\Windows\SysWOW64\FAP10.tmp
2014-05-13 07:04 - 2014-05-13 07:04 - 00000000 _____ () C:\Windows\SysWOW64\FAPA88A.tmp
2014-05-13 07:04 - 2014-05-13 07:04 - 00000000 _____ () C:\Windows\SysWOW64\FAPA175.tmp
2014-05-13 07:04 - 2014-05-13 07:04 - 00000000 _____ () C:\Windows\SysWOW64\FAP9FEB.tmp
2014-05-13 07:04 - 2014-05-13 07:04 - 00000000 _____ () C:\Windows\SysWOW64\FAP8DBE.tmp
2014-05-13 07:04 - 2014-05-13 07:04 - 00000000 _____ () C:\Windows\SysWOW64\FAP86A8.tmp
2014-05-13 07:04 - 2014-05-13 07:04 - 00000000 _____ () C:\Windows\SysWOW64\FAP84D0.tmp
2014-05-13 07:04 - 2014-05-13 07:04 - 00000000 _____ () C:\Windows\SysWOW64\FAP7BB8.tmp
2014-05-13 07:03 - 2014-05-13 07:03 - 00000000 _____ () C:\Windows\SysWOW64\FAPEAEE.tmp
2014-05-13 07:03 - 2014-05-13 07:03 - 00000000 _____ () C:\Windows\SysWOW64\FAP26F0.tmp
2014-05-13 07:03 - 2014-05-13 07:03 - 00000000 _____ () C:\Windows\SysWOW64\FAP2585.tmp
2014-05-13 07:03 - 2014-05-13 07:03 - 00000000 _____ () C:\Windows\SysWOW64\FAP21CA.tmp
2014-05-11 07:47 - 2014-06-10 10:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-06-10 11:35 - 2014-06-10 11:35 - 00009367 _____ () C:\Windows\system32\config\systemprofile\Desktop\FRST.txt
2014-06-10 11:35 - 2014-06-10 10:30 - 00000000 ____D () C:\FRST
2014-06-10 11:35 - 2014-04-28 08:04 - 00000000 ____D () C:\Windows\system32\config\systemprofile\AppData\Local\Temp
2014-06-10 11:30 - 2012-09-17 13:38 - 00000000 ____D () C:\FOPro
2014-06-10 11:29 - 2014-06-10 11:29 - 02080768 _____ (Farbar) C:\Windows\system32\config\systemprofile\Desktop\FRST64.exe
2014-06-10 10:59 - 2012-09-17 13:40 - 00000000 ____D () C:\Batcher
2014-06-10 10:59 - 2012-09-17 13:33 - 00000000 ____D () C:\FOP DATA
2014-06-10 10:36 - 2012-09-17 11:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-10 10:23 - 2014-06-10 09:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 10:23 - 2014-06-10 09:17 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-10 10:13 - 2009-07-13 23:45 - 00015376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-10 10:13 - 2009-07-13 23:45 - 00015376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-10 10:00 - 2014-05-11 07:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-10 09:17 - 2014-06-10 09:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-10 09:08 - 2012-09-16 17:53 - 01801032 _____ () C:\Windows\WindowsUpdate.log
2014-06-10 07:55 - 2012-09-16 16:09 - 00000692 _____ () C:\Windows\ODBC.INI
2014-06-10 07:53 - 2012-09-17 10:25 - 00155976 _____ () C:\Windows\errord.log
2014-06-10 07:49 - 2013-05-31 13:54 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-06-10 07:49 - 2012-09-17 10:25 - 00107480 _____ () C:\Windows\error.log
2014-06-10 07:49 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-10 07:49 - 2009-07-13 23:51 - 00070062 _____ () C:\Windows\setupact.log
2014-06-09 18:41 - 2014-06-09 18:41 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-06-09 15:01 - 2014-06-09 15:01 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-09 12:58 - 2012-09-17 10:28 - 00135136 _____ () C:\Windows\PFRO.log
2014-06-09 12:08 - 2009-07-14 00:13 - 00799078 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-09 12:01 - 2014-02-27 08:30 - 00000000 ____D () C:\Program Files (x86)\Free RAR Extract Frog
2014-06-09 09:39 - 2012-09-16 17:50 - 61435904 _____ () C:\Windows\system32\config\RegBack\SOFTWARE
2014-06-09 09:39 - 2012-09-16 17:50 - 14401536 _____ () C:\Windows\system32\config\RegBack\SYSTEM
2014-06-09 09:39 - 2012-09-16 17:50 - 00745472 _____ () C:\Windows\system32\config\RegBack\DEFAULT
2014-06-09 09:39 - 2012-09-16 17:50 - 00028672 _____ () C:\Windows\system32\config\RegBack\SAM
2014-06-09 09:38 - 2012-09-16 17:50 - 00028672 _____ () C:\Windows\system32\config\RegBack\SECURITY
2014-06-08 08:10 - 2012-09-17 10:10 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-06-06 14:01 - 2012-09-17 10:10 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-06-06 14:01 - 2012-09-17 10:10 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-06-06 14:01 - 2012-09-17 10:10 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-05-22 06:34 - 2012-09-30 14:18 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-05-15 14:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 09:02 - 2014-04-28 08:04 - 00000000 ___RD () C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 09:02 - 2014-04-28 08:04 - 00000000 ___RD () C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 07:29 - 2014-05-06 14:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 07:29 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-14 16:02 - 2013-08-14 15:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 16:01 - 2012-09-18 11:31 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 10:38 - 2012-09-17 11:57 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 10:38 - 2012-09-17 11:57 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 10:38 - 2012-09-17 11:57 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 14:14 - 2014-05-13 14:14 - 00000000 _____ () C:\Windows\SysWOW64\FAP8A49.tmp
2014-05-13 14:14 - 2014-05-13 14:14 - 00000000 _____ () C:\Windows\SysWOW64\FAP80E3.tmp
2014-05-13 13:24 - 2014-05-13 13:24 - 00000000 _____ () C:\Windows\SysWOW64\FAP9228.tmp
2014-05-13 13:24 - 2014-05-13 13:24 - 00000000 _____ () C:\Windows\SysWOW64\FAP911B.tmp
2014-05-13 13:24 - 2014-05-13 13:24 - 00000000 _____ () C:\Windows\SysWOW64\FAP44F.tmp
2014-05-13 12:46 - 2014-05-13 12:46 - 00000000 _____ () C:\Windows\SysWOW64\FAP6CF4.tmp
2014-05-13 12:45 - 2014-05-13 12:45 - 00000000 _____ () C:\Windows\SysWOW64\FAP9FB3.tmp
2014-05-13 12:45 - 2014-05-13 12:45 - 00000000 _____ () C:\Windows\SysWOW64\FAP9E96.tmp
2014-05-13 11:07 - 2014-05-13 11:07 - 00000000 _____ () C:\Windows\SysWOW64\FAP84AA.tmp
2014-05-13 10:58 - 2014-05-13 10:58 - 00000000 _____ () C:\Windows\SysWOW64\FAPB4E9.tmp
2014-05-13 10:58 - 2014-05-13 10:58 - 00000000 _____ () C:\Windows\SysWOW64\FAPB37E.tmp
2014-05-13 10:24 - 2014-05-13 10:24 - 00000000 _____ () C:\Windows\SysWOW64\FAPFE10.tmp
2014-05-13 09:09 - 2014-05-13 09:09 - 00000000 _____ () C:\Windows\SysWOW64\FAP329.tmp
2014-05-13 09:09 - 2014-05-13 09:09 - 00000000 _____ () C:\Windows\SysWOW64\FAP1AF.tmp
2014-05-13 09:03 - 2014-05-13 09:03 - 00000000 _____ () C:\Windows\SysWOW64\FAPD29F.tmp
2014-05-13 08:24 - 2014-05-13 08:24 - 00000000 _____ () C:\Windows\SysWOW64\FAP41D3.tmp
2014-05-13 08:24 - 2014-05-13 08:24 - 00000000 _____ () C:\Windows\SysWOW64\FAP4039.tmp
2014-05-13 08:24 - 2014-05-13 08:24 - 00000000 _____ () C:\Windows\SysWOW64\FAP4006.tmp
2014-05-13 08:24 - 2014-05-13 08:24 - 00000000 _____ () C:\Windows\SysWOW64\FAP3FD4.tmp
2014-05-13 08:24 - 2014-05-13 08:24 - 00000000 _____ () C:\Windows\SysWOW64\FAP35A2.tmp
2014-05-13 08:24 - 2014-05-13 08:24 - 00000000 _____ () C:\Windows\SysWOW64\FAP31A8.tmp
2014-05-13 08:24 - 2014-05-13 08:24 - 00000000 _____ () C:\Windows\SysWOW64\FAP2DED.tmp
2014-05-13 08:24 - 2014-05-13 08:24 - 00000000 _____ () C:\Windows\SysWOW64\FAP2986.tmp
2014-05-13 07:46 - 2014-05-13 07:46 - 00000000 _____ () C:\Windows\SysWOW64\FAPF087.tmp
2014-05-13 07:45 - 2014-05-13 07:45 - 00000000 _____ () C:\Windows\SysWOW64\FAPB20.tmp
2014-05-13 07:45 - 2014-05-13 07:45 - 00000000 _____ () C:\Windows\SysWOW64\FAP93A4.tmp
2014-05-13 07:44 - 2014-05-13 07:44 - 00000000 _____ () C:\Windows\SysWOW64\FAPA6C.tmp
2014-05-13 07:44 - 2014-05-13 07:44 - 00000000 _____ () C:\Windows\SysWOW64\FAP9A12.tmp
2014-05-13 07:43 - 2014-05-13 07:43 - 00000000 _____ () C:\Windows\SysWOW64\FAPB70B.tmp
2014-05-13 07:43 - 2014-05-13 07:43 - 00000000 _____ () C:\Windows\SysWOW64\FAP71CE.tmp
2014-05-13 07:11 - 2014-05-13 07:11 - 00000000 _____ () C:\Windows\SysWOW64\FAPA40F.tmp
2014-05-13 07:11 - 2014-05-13 07:11 - 00000000 _____ () C:\Windows\SysWOW64\FAPA237.tmp
2014-05-13 07:11 - 2014-05-13 07:11 - 00000000 _____ () C:\Windows\SysWOW64\FAPA0FB.tmp
2014-05-13 07:11 - 2014-05-13 07:11 - 00000000 _____ () C:\Windows\SysWOW64\FAP9554.tmp
2014-05-13 07:11 - 2014-05-13 07:11 - 00000000 _____ () C:\Windows\SysWOW64\FAP781F.tmp
2014-05-13 07:11 - 2014-05-13 07:11 - 00000000 _____ () C:\Windows\SysWOW64\FAP7416.tmp
2014-05-13 07:11 - 2014-05-13 07:11 - 00000000 _____ () C:\Windows\SysWOW64\FAP727C.tmp
2014-05-13 07:08 - 2014-05-13 07:08 - 00000000 _____ () C:\Windows\SysWOW64\FAPE21B.tmp
2014-05-13 07:08 - 2014-05-13 07:08 - 00000000 _____ () C:\Windows\SysWOW64\FAPE1C9.tmp
2014-05-13 07:08 - 2014-05-13 07:08 - 00000000 _____ () C:\Windows\SysWOW64\FAPDED8.tmp
2014-05-13 07:08 - 2014-05-13 07:08 - 00000000 _____ () C:\Windows\SysWOW64\FAPD765.tmp
2014-05-13 07:08 - 2014-05-13 07:08 - 00000000 _____ () C:\Windows\SysWOW64\FAPCFF2.tmp
2014-05-13 07:08 - 2014-05-13 07:08 - 00000000 _____ () C:\Windows\SysWOW64\FAPCA43.tmp
2014-05-13 07:08 - 2014-05-13 07:08 - 00000000 _____ () C:\Windows\SysWOW64\FAP6EB8.tmp
2014-05-13 07:08 - 2014-05-13 07:08 - 00000000 _____ () C:\Windows\SysWOW64\FAP6AFC.tmp
2014-05-13 07:08 - 2014-05-13 07:08 - 00000000 _____ () C:\Windows\SysWOW64\FAP684A.tmp
2014-05-13 07:08 - 2014-05-13 07:08 - 00000000 _____ () C:\Windows\SysWOW64\FAP66B0.tmp
2014-05-13 07:08 - 2014-05-13 07:08 - 00000000 _____ () C:\Windows\SysWOW64\FAP5C31.tmp
2014-05-13 07:08 - 2014-05-13 07:08 - 00000000 _____ () C:\Windows\SysWOW64\FAP578B.tmp
2014-05-13 07:07 - 2014-05-13 07:07 - 00000000 _____ () C:\Windows\SysWOW64\FAP9C25.tmp
2014-05-13 07:07 - 2014-05-13 07:07 - 00000000 _____ () C:\Windows\SysWOW64\FAP9A5D.tmp
2014-05-13 07:07 - 2014-05-13 07:07 - 00000000 _____ () C:\Windows\SysWOW64\FAP8D8D.tmp
2014-05-13 07:07 - 2014-05-13 07:07 - 00000000 _____ () C:\Windows\SysWOW64\FAP8A9C.tmp
2014-05-13 07:07 - 2014-05-13 07:07 - 00000000 _____ () C:\Windows\SysWOW64\FAP804B.tmp
2014-05-13 07:06 - 2014-05-13 07:06 - 00000000 _____ () C:\Windows\SysWOW64\FAP1F06.tmp
2014-05-13 07:06 - 2014-05-13 07:06 - 00000000 _____ () C:\Windows\SysWOW64\FAP1DBA.tmp
2014-05-13 07:06 - 2014-05-13 07:06 - 00000000 _____ () C:\Windows\SysWOW64\FAP1C4F.tmp
2014-05-13 07:06 - 2014-05-13 07:06 - 00000000 _____ () C:\Windows\SysWOW64\FAP1AE5.tmp
2014-05-13 07:05 - 2014-05-13 07:05 - 00000000 _____ () C:\Windows\SysWOW64\FAPED7.tmp
2014-05-13 07:05 - 2014-05-13 07:05 - 00000000 _____ () C:\Windows\SysWOW64\FAP716.tmp
2014-05-13 07:05 - 2014-05-13 07:05 - 00000000 _____ () C:\Windows\SysWOW64\FAP250E.tmp
2014-05-13 07:05 - 2014-05-13 07:05 - 00000000 _____ () C:\Windows\SysWOW64\FAP227A.tmp
2014-05-13 07:05 - 2014-05-13 07:05 - 00000000 _____ () C:\Windows\SysWOW64\FAP10.tmp
2014-05-13 07:04 - 2014-05-13 07:04 - 00000000 _____ () C:\Windows\SysWOW64\FAPA88A.tmp
2014-05-13 07:04 - 2014-05-13 07:04 - 00000000 _____ () C:\Windows\SysWOW64\FAPA175.tmp
2014-05-13 07:04 - 2014-05-13 07:04 - 00000000 _____ () C:\Windows\SysWOW64\FAP9FEB.tmp
2014-05-13 07:04 - 2014-05-13 07:04 - 00000000 _____ () C:\Windows\SysWOW64\FAP8DBE.tmp
2014-05-13 07:04 - 2014-05-13 07:04 - 00000000 _____ () C:\Windows\SysWOW64\FAP86A8.tmp
2014-05-13 07:04 - 2014-05-13 07:04 - 00000000 _____ () C:\Windows\SysWOW64\FAP84D0.tmp
2014-05-13 07:04 - 2014-05-13 07:04 - 00000000 _____ () C:\Windows\SysWOW64\FAP7BB8.tmp
2014-05-13 07:03 - 2014-05-13 07:03 - 00000000 _____ () C:\Windows\SysWOW64\FAPEAEE.tmp
2014-05-13 07:03 - 2014-05-13 07:03 - 00000000 _____ () C:\Windows\SysWOW64\FAP26F0.tmp
2014-05-13 07:03 - 2014-05-13 07:03 - 00000000 _____ () C:\Windows\SysWOW64\FAP2585.tmp
2014-05-13 07:03 - 2014-05-13 07:03 - 00000000 _____ () C:\Windows\SysWOW64\FAP21CA.tmp
2014-05-13 06:40 - 2014-05-08 08:18 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-05-13 06:25 - 2012-09-17 10:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-12 07:50 - 2014-04-28 08:17 - 00000000 ____D () C:\Windows\SysWOW64\cache
2014-05-12 07:26 - 2014-06-10 09:17 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-10 09:17 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-09 09:39

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-06-2014
Ran by Batch Op at 2014-06-10 11:35:36
Running from C:\Windows\System32\config\systemprofile\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acronis True Image Home 2011 (HKLM-x32\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6574 - Acronis)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Anti-phishing Domain Advisor (HKLM-x32\...\Anti-phishing Domain Advisor) (Version: 1.0.0.0 - Visicom Media Inc. (Powered by Panda Security))
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4570 - AVG Technologies)
AVG 2014 (Version: 14.0.3955 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4570 - AVG Technologies) Hidden
blekko search bar (HKLM-x32\...\blekkotb_005) (Version: 1.9.5.12 - Visicom Media Inc.) <==== ATTENTION
CoDeSys for Automation Alliance (HKLM-x32\...\{07976ABB-1EBD-4A65-A7C7-155A0DC17173}) (Version:  - 3S-Smart Software Solutions GmbH)
Feed Batch Pro (HKLM-x32\...\{1D7E76CF-CC23-4DE5-94CC-5E0FEFE5A834}) (Version: 6.2.00 - Easy Automation Inc.)
Feed Office Pro (HKLM-x32\...\{867A21D9-A5AE-4160-85A7-BF6A2D302EF8}) (Version: 8.3.13 - Easy Automation Inc.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
LogMeIn (HKLM-x32\...\{F8511796-1457-4A92-BEF7-71080FCF297A}) (Version: 4.1.4132 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.6.129 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR)
NVIDIA 3D Vision Controller Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Control Panel 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
Plus Pack for Acronis True Image Home 2011 (HKLM-x32\...\{F1ED5BD7-4770-4037-9CBD-5DF9A5BEC408}) (Version: 14.0.6574 - Acronis)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

==================== Restore Points  =========================

06-05-2014 19:17:07 Windows Update
14-05-2014 14:46:24 Scheduled Checkpoint
14-05-2014 21:00:58 Windows Update
22-05-2014 13:21:45 Scheduled Checkpoint
29-05-2014 16:26:07 Scheduled Checkpoint
05-06-2014 19:26:36 Scheduled Checkpoint
09-06-2014 17:02:21 Removed SketchUp 8
09-06-2014 18:20:51 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {8E769E01-6F8C-4ABC-8A40-AF716C34F26E} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{E0126A9C-8128-4387-9949-CC1507C785DD}.exe
Task: {C5489F21-5488-461E-9992-BDB972F8C64B} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {D8C80AA3-E4AF-42E8-B45E-245AEA080A68} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {EFAB67E3-FE33-409A-AA15-BA34EAD8AE17} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{E0126A9C-8128-4387-9949-CC1507C785DD}.exe

==================== Loaded Modules (whitelisted) =============

2012-11-19 15:56 - 2013-03-14 23:16 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-06-09 09:23 - 2010-06-09 09:23 - 02623328 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\x64\QtCore4.dll
2010-06-09 09:23 - 2010-06-09 09:23 - 09953120 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\x64\QtGui4.dll
2010-10-27 01:25 - 2010-10-27 01:25 - 00827402 _____ () C:\FOPro\CRP32002.NGN

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/10/2014 10:23:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xd5c
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (06/10/2014 10:19:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x9ac
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (06/10/2014 10:16:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1168
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (06/10/2014 09:17:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x6e0
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (06/10/2014 09:17:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xd24
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (06/10/2014 09:00:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x68c
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (06/10/2014 08:29:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/10/2014 07:53:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xe78
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (06/10/2014 07:49:27 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: BatchOp-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.

Error: (06/09/2014 03:36:27 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: BatchOp-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

 DETAIL - Access is denied.


System errors:
=============
Error: (06/10/2014 07:51:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (06/10/2014 07:51:33 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (06/10/2014 07:50:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/10/2014 07:49:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinRT service failed to start due to the following error:
%%2

Error: (06/09/2014 03:35:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinRT service failed to start due to the following error:
%%2

Error: (06/09/2014 03:32:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/09/2014 03:31:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinRT service failed to start due to the following error:
%%2

Error: (06/09/2014 03:00:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (06/09/2014 03:00:24 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (06/09/2014 02:59:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================
Error: (06/10/2014 10:23:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdd5c01cf84bff3e31c16C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll38fb3111-f0b3-11e3-9382-001b216d6ab2

Error: (06/10/2014 10:19:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd9ac01cf84bf56de8805C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll9cccd8d9-f0b2-11e3-9382-001b216d6ab2

Error: (06/10/2014 10:16:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd116801cf84b77f12baceC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll26c795f8-f0b2-11e3-9382-001b216d6ab2

Error: (06/10/2014 09:17:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd6e001cf84b6b4770dccC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllf4f99c60-f0a9-11e3-9382-001b216d6ab2

Error: (06/10/2014 09:17:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdd2401cf84b6abf2a151C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllec5d6222-f0a9-11e3-9382-001b216d6ab2

Error: (06/10/2014 09:00:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd68c01cf84b2d6985683C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll8ff9729f-f0a7-11e3-9382-001b216d6ab2

Error: (06/10/2014 08:29:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Acronis\TrueImageHome\BartPE\Files\TrueImage.exe

Error: (06/10/2014 07:53:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fde7801cf84aad7c311c1C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll2e302bbb-f09e-11e3-9382-001b216d6ab2

Error: (06/10/2014 07:49:27 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: BatchOp-PC)
Description: Access is denied.

Error: (06/09/2014 03:36:27 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: BatchOp-PC)
Description: Access is denied.


==================== Memory info ===========================

Percentage of memory in use: 43%
Total physical RAM: 4095.12 MB
Available physical RAM: 2333.41 MB
Total Pagefile: 8188.41 MB
Available Pagefile: 6281.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:415.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: FCE26525)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

I have no idea how to continue, thanks in advance for your help.

Link to post
Share on other sites

Welcome to the forum.

Please uninstall blekko search bar from your add/remove programs.

---------------------------------

Please run a Quick Scan with Malwarebytes (if you can)

For Malwarebytes ver: 1.75
Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.
Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.
Make sure that everything is checked, and click Remove Selected.

For Malwarebytes 2.0, please run a Threat Scan
Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware
Same for PUM (Potentially Unwanted Modifications)
Quarantine all that's found

General P2P/Piracy Warning:
 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.


Then.......

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes and use the default font)

MrC


Note:
Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly


Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive


<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.


<+>The removal of malware isn't instantaneous, please be patient.


<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs


<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.


------->Your topic will be closed if you haven't replied within 3 days!<--------
If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

Dear MrCharlie

Unfortunately I can't even get through the first step on your list. I can't get blekko search bar uninstalled in the control panel.

In uninstalled Firefox, opened up IE and tried to remove it through the wrench icon and that wouldn't work. Disabled all and tried again to uninstall from the control panel and it's still there. The uninstall wizards won't eve run when I click "uninstall"

Link to post
Share on other sites

RogueKiller V9.0.3.0 (x64) [Jun 17 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Batch Op [Admin rights]
Mode : Scan -- Date : 06/17/2014  12:28:40

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 14 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1830158309-3378503613-1987438657-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1830158309-3378503613-1987438657-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[suspicious.Path] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job -- C:\Windows\TEMP\{E0126A9C-8128-4387-9949-CC1507C785DD}.exe (--uninstall=1) -> FOUND
[suspicious.Path] \\AVG-Secure-Search-Update_JUNE2013_TB_rmv -- C:\Windows\TEMP\{E0126A9C-8128-4387-9949-CC1507C785DD}.exe (--uninstall=1) -> FOUND

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500DM002-1BD142 ATA Device +++++
--- User ---
[MBR] 80f3f6b8e49020052abd096bc39802ee
[bSP] b12c831300bd08ef799ed9d166f2f9d8 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SanDisk Ultra USB Device +++++
--- User ---
[MBR] a124dc1f32b91ceacb765c7a5ad6ec2e
[bSP] df4f83c1f72e36823a12b0dfc7617313 : Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 32 | Size: 15266 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic STORAGE DEVICE USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic STORAGE DEVICE USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic STORAGE DEVICE USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic STORAGE DEVICE USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive6: Generic STORAGE DEVICE USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_06172014_120605.log - RKreport_SCN_06172014_122318.log

Link to post
Share on other sites

Make sure you have created a restore point and.....

bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • [color-red]Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    -----------------------

    Download the attached fixlist.txt to the same folder as FRST.exe.

    Run FRST.exe and click Fix only once and wait

    The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Please download AdwCleaner from HERE or HERE to your desktop.

    • Double click on AdwCleaner.exe to run the tool.

      Vista/Windows 7/8 users right-click and select Run As Administrator

    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
    • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Look over the log especially under Files/Folders for any program you want to save.
    • If there's a program you may want to save, just uncheck it from AdwCleaner.
    • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
    • If you're ready to clean it all up.....click the Clean button.
    • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
    • To restore an item that has been deleted:
    • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
    Next..................

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.

    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    MrC
Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-06-2014
Ran by Batch Op at 2014-06-17 15:38:28 Run:1
Running from C:\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: blekko search bar - {5ce808f4-c861-4392-b55e-c97a89fbe2dd} - C:\Program Files (x86)\blekkotb_005\blekkotb_005X.dll ()
BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM-x32 - blekko search bar - {5ce808f4-c861-4392-b55e-c97a89fbe2dd} - C:\Program Files (x86)\blekkotb_005\blekkotb_005X.dll ()
C:\Program Files (x86)\blekkotb_005


*****************

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ce808f4-c861-4392-b55e-c97a89fbe2dd}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{5ce808f4-c861-4392-b55e-c97a89fbe2dd}' => Key deleted successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{5ce808f4-c861-4392-b55e-c97a89fbe2dd} => value deleted successfully.
'HKCR\Wow6432Node\CLSID\{5ce808f4-c861-4392-b55e-c97a89fbe2dd}'=> Key not found.
"C:\Program Files (x86)\blekkotb_005" => File/Directory not found.

==== End of Fixlog ====

Link to post
Share on other sites

# AdwCleaner v3.212 - Report created 17/06/2014 at 15:39:59
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Batch Op - BATCHOP-PC
# Running from : C:\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : \AVG SafeGuard toolbar
Folder Found : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\Optimizer Pro
Folder Found : C:\ProgramData\Anti-phishing Domain Advisor
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\blekko toolbars

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


*************************

AdwCleaner[R0].txt - [1954 octets] - [17/06/2014 15:39:59]

########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [2014 octets] ##########

Link to post
Share on other sites

# AdwCleaner v3.212 - Report created 18/06/2014 at 15:56:59
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Batch Op - BATCHOP-PC
# Running from : C:\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : \AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Optimizer Pro

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


*************************

AdwCleaner[R0].txt - [2092 octets] - [17/06/2014 15:39:59]
AdwCleaner[R1].txt - [2152 octets] - [18/06/2014 15:56:28]
AdwCleaner[s0].txt - [2115 octets] - [18/06/2014 15:56:59]

########## EOF - \AdwCleaner\AdwCleaner[s0].txt - [2175 octets] ##########

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by SYSTEM on Wed 06/18/2014 at 16:03:46.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 06/18/2014 at 16:09:02.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

OK...Next:

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)

    tds2.jpg

  • Put a checkmark beside loaded modules.

    13040712472913819.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Then...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

11:10:39.0836 0x0ff4  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
11:10:45.0677 0x0ff4  ============================================================
11:10:45.0677 0x0ff4  Current date / time: 2014/06/19 11:10:45.0677
11:10:45.0677 0x0ff4  SystemInfo:
11:10:45.0677 0x0ff4  
11:10:45.0677 0x0ff4  OS Version: 6.1.7601 ServicePack: 1.0
11:10:45.0677 0x0ff4  Product type: Workstation
11:10:45.0677 0x0ff4  ComputerName: BATCHOP-PC
11:10:45.0677 0x0ff4  UserName: Batch Op
11:10:45.0677 0x0ff4  Windows directory: C:\Windows
11:10:45.0677 0x0ff4  System windows directory: C:\Windows
11:10:45.0677 0x0ff4  Running under WOW64
11:10:45.0677 0x0ff4  Processor architecture: Intel x64
11:10:45.0677 0x0ff4  Number of processors: 2
11:10:45.0677 0x0ff4  Page size: 0x1000
11:10:45.0677 0x0ff4  Boot type: Normal boot
11:10:45.0677 0x0ff4  ============================================================
11:10:46.0729 0x0ff4  KLMD registered as C:\Windows\system32\drivers\28924963.sys
11:10:47.0003 0x0ff4  System UUID: {FCEC2586-0E61-9579-EBD0-E272A22CF647}
11:10:47.0368 0x0ff4  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0x38080, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
11:10:47.0395 0x0ff4  ============================================================
11:10:47.0395 0x0ff4  \Device\Harddisk0\DR0:
11:10:47.0395 0x0ff4  MBR partitions:
11:10:47.0395 0x0ff4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:10:47.0395 0x0ff4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
11:10:47.0395 0x0ff4  ============================================================
11:10:47.0414 0x0ff4  C: <-> \Device\Harddisk0\DR0\Partition2
11:10:47.0415 0x0ff4  ============================================================
11:10:47.0415 0x0ff4  Initialize success
11:10:47.0415 0x0ff4  ============================================================
11:10:53.0473 0x0808  KLMD registered as C:\Windows\system32\drivers\88425314.sys
11:10:54.0752 0x0808  Deinitialize success

Link to post
Share on other sites

Hey MrC

I forgot all about this as I'm on vacation. It's amazing how all work related information can fly out of your brain as soon as the vacation begins.

I ran combofix and let it go for about 40 minutes buts the .txt file didn't run as I can't find it...do I need to run it again?

Link to post
Share on other sites

Hi,  I am posting to this thread since it seems I have the same problem with Malwarebytes 2.0.2.1012 that fails to update and displays the "stopped working" error message.  I tried Camelion and whenever it launches Malwarebytes it throws the same error.  This is what the DOS window shows after I manually shut down Malwarebytes during a Camelion scan:

 

MBAM-Chameleon ver. 3.1.4
Press any key to continue
Installing Driver...
Protected Path: C:\Users\Laptop\Downloads\chameleon\Windows\
...Done!
Trying to start Malwarebytes Anti-Malware, please wait...
...Done!
 
Updating MBAM...
 
Failed to determine update state - press a key when the update is complete.
Killing known malicious processes, please wait...
 
Mbam-killer Timeout set to 1800 seconds.
Mbam-killer is scanning - Press C to cancel...
Mbam-killer scan is complete.
Mbam-killer is exiting.
 
Malwarebytes Anti-Malware has terminated - unable to start the scan.
Removing protection driver...
...Done!
Press any key to continue
 
I tried it only 7 times then stopped since I didn't think it was working.  Can you help me here or does this require a new thread?  Thanks in advance for your help.

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.