Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91819 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Knock on problems from tackling Trojan RamnitA [Solved]

RamnitA Firewall Avira

  • This topic is locked This topic is locked
33 replies to this topic

#1 vealie

vealie

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 19 February 2014 - 09:21 AM

Hi,

 

I am helping a friend with an infected Dell laptop.  The machine was delivered to me with warnings of infection by RamnitA and suggesting a full scan was required to clean it up.  It also suggested turning on Security Centre.  Attempts to do this failed and scans did not prevent the warnings returning.  The machine was slow and would frequently hang.  On further investigation the windows firewall and security centre were absent from the services list as was defender.

 

I downloaded Malwarebytes and spybot and ran scans.  mwb apparently picked up the trojan and deleted it.

 

I created a new admin account and then I uninstalled MSE and downloaded a fresh copy.  I Re-installed MSE and then checked the services.  Firewall and Defender were back in the list and set to Manual startup.  Any attempt to start them fails with Firewall: 'Access Denied error 5' and Defender: 'The service started and stopped, some services stop automatically, etc'

 

mwb and spybot now run without reporting errors.

 

I have now uninstalled MSE and loaded avira free.  During the initial scan avira froze and hung for about 1.5 hours before I terminated.

 

Help!

 

Steve


Edited by vealie, 19 February 2014 - 09:23 AM.

    Advertisements

Register to Remove


#2 vealie

vealie

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 19 February 2014 - 09:42 AM

This is my HJT log.

 

Logfile of HijackThis v1.99.1
Scan saved at 15:40:15, on 19/02/2014
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
 
Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Users\Admin2\AppData\Local\VNT\vntldr.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Admin2\Desktop\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Avira SearchFree Toolbar BHO - {41564952-412D-5637-4300-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
O3 - Toolbar: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" (file missing)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
O4 - HKLM\..\Run: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKLM\..\Run: [VNT] C:\Program Files (x86)\VNT\vntldr.exe
O4 - HKLM\..\RunOnce: [PIP] C:\Users\Admin2\AppData\Local\Temp\Offercast_AVIRAV7_.exe -pid AVIRAV7 -rebootRetry
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\bonjour\mdnsnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix: 
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creat...102/CTSUEng.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creat...13/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creat...10926/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)


#3 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 21 February 2014 - 10:00 AM

Hi vealie,

  :welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Unfortunately... I consider Ramnit a "game over" situation. I think you should reformat and then reinstall the operating system.

However, I'm willing to look at some logs and see what we see if you want:
 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#4 vealie

vealie

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 21 February 2014 - 11:44 AM

TomK,

 

Thanks for your time and help.....

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-02-2014
Ran by Admin2 at 2014-02-21 17:09:15
Running from C:\Users\Admin2\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Advanced Audio FX Engine (x32 Version: 1.12.05 - Creative Technology Ltd)
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Fuel (Version: 2011.0712.44.42597 - AMD) Hidden
AMD Media Foundation Decoders (Version: 1.0.60712.0005 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0712.44.42597 - ATI) Hidden
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.10712 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (Version: 3.0.829.0 - ATI Technologies, Inc.)
Avira Free Antivirus (x32 Version: 14.0.3.338 - Avira)
Avira SearchFree Toolbar (x32 Version: 12.10.3.4488 - APN, LLC)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (x32 Version: 7.3.124.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (x32 Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0712.44.42597 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0712.44.42597 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0712.44.42597 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0712.44.42597 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0712.0043.42597 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0712.0043.42597 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0712.0043.42597 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0712.0043.42597 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0712.0043.42597 - ATI) Hidden
CCC Help English (x32 Version: 2011.0712.0043.42597 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0712.0043.42597 - ATI) Hidden
CCC Help French (x32 Version: 2011.0712.0043.42597 - ATI) Hidden
CCC Help German (x32 Version: 2011.0712.0043.42597 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0712.0043.42597 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0712.0043.42597 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0712.0043.42597 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0712.0043.42597 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0712.0043.42597 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0712.0043.42597 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0712.0043.42597 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0712.0043.42597 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0712.0043.42597 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0712.0043.42597 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0712.0043.42597 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0712.0043.42597 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0712.0043.42597 - ATI) Hidden
ccc-utility64 (Version: 2011.0712.44.42597 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
Dell DataSafe Local Backup - Support Software (x32 Version: 9.4.60 - Dell Inc.)
Dell DataSafe Local Backup (x32 Version: 9.4.60 - Dell Inc.)
Dell Edoc Viewer (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (x32 Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (x32 Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (x32 Version: 1.5.0.65 - ArcSoft)
Dell Product Registration (x32 Version: 1.0.6 - Dell Inc.)
Dell Stage (x32 Version: 1.5.420.0 - Fingertapps)
Dell Stage Remote (x32 Version: 2.0.0.43 - ArcSoft)
Dell Touchpad (Version: 7.1207.101.225 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (x32 Version: 2.00.44 - Creative Technology Ltd)
Dell Wireless Driver Installation (x32 Version: 9.0 - Dell)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DivX Setup (x32 Version: 2.6.1.8 - DivX, LLC)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
eBay (x32 Version: 1.4.0 - eBay Inc.)
Escape Whisper Valley ™ (x32 Version: 2.2.0.95 - WildTangent) Hidden
Facebook Messenger 2.1.4814.0 (x32 Version: 2.1.4814.0 - Facebook)
Facebook Video Calling 2.0.0.447 (x32 Version: 2.0.447 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
GIMP 2.8.2 (Version: 2.8.2 - The GIMP Team)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
HiJackThis (x32 Version: 1.0.0 - Trend Micro)
HijackThis 1.99.1 (x32 Version: 1.99.1 - Soeperman Enterprises Ltd.)
IDT Audio (x32 Version: 1.0.6341.0 - IDT)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 27 (64-bit) (Version: 6.0.270 - Oracle)
Jewel Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Luxor (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (Version: 3.4.6422.14 - PC-Doctor, Inc.)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20012 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.13000.0.11 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.19900.9.11 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (x32 Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Quickset64 (Version: 10.09.25 - Dell Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (x32 Version: 7.45.516.2011 - Realtek)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Samantha Swift (x32 Version: 2.2.0.95 - WildTangent) Hidden
Skype Click to Call (x32 Version: 5.8.8855 - Skype Technologies S.A.)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sony Ericsson Update Engine (x32 Version: 2.13.6.201305161305 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.188 (x32 Version: 2.10.188 - Sony)
SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
SyncUP (x32 Version: 10.2.13500 - Nero AG)
Update for Microsoft Office 2010 (KB2494150) (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (x32 Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Dell Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Restore Points  =========================
 
17-02-2014 15:01:13 Sony PC Companion
17-02-2014 15:13:59 Installed HiJackThis
18-02-2014 00:07:07 Windows Update
18-02-2014 00:37:21 Removed Java™ 6 Update 37
18-02-2014 00:40:57 Installed Java 7 Update 51
18-02-2014 03:00:27 Windows Update
18-02-2014 23:35:29 Windows Update
19-02-2014 02:04:21 Windows Update
19-02-2014 14:55:21 OTL Restore Point - 19/02/2014 14:55:19
20-02-2014 10:53:36 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0DB0BE1D-C3A4-4CAE-A419-F5682C3F7580} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {135A49EB-56C7-4214-9ECD-DC1812CAAE6E} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {1A618BD9-DB57-4173-A4E1-EC4EEA95AF79} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1111199960-1227256506-274844869-1001Core => C:\Users\Chloe\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {35CFEC24-1E81-4D40-A711-979350CB8D04} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1111199960-1227256506-274844869-1001
Task: {4937D1F7-E6E6-45BC-8AD3-A33BD97E92A7} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-09-05] (PC-Doctor, Inc.)
Task: {52E56857-94C0-41F1-A6F9-89EE9DF846F6} - System32\Tasks\AutoKMSDaily => C:\windows\AutoKMS.exe
Task: {854AB1BA-38ED-4629-AED1-411891B0D468} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9A4BA43E-C52C-49AD-B689-2836BB01E9C2} - System32\Tasks\AutoKMS => C:\windows\AutoKMS.exe
Task: {A8DDB28D-7123-40B5-9E86-D3C2915AC124} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-10] (Google Inc.)
Task: {B68865BF-A426-4D27-B779-75665FF3697D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-10] (Google Inc.)
Task: {BD9AE85B-EFDC-4B51-915E-1E271E8BD36F} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-12-07] (PC-Doctor, Inc.)
Task: {DC418B27-0CF0-45D6-B628-FC0642106BE0} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {F7CBAFF3-2A1F-4707-8440-F37F31CABAD4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1111199960-1227256506-274844869-1001UA => C:\Users\Chloe\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1111199960-1227256506-274844869-1001Core.job => C:\Users\Chloe\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1111199960-1227256506-274844869-1001UA.job => C:\Users\Chloe\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-07-12 05:53 - 2011-07-12 05:53 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-10-06 11:58 - 2011-08-18 16:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2011-06-28 00:26 - 2011-06-28 00:26 - 02022976 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
2011-06-29 13:52 - 2011-06-29 13:52 - 00474176 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
2010-11-17 15:35 - 2010-11-17 15:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2011-05-30 10:30 - 2011-05-30 10:30 - 00885760 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
2011-07-12 05:52 - 2011-07-12 05:52 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-07-12 05:42 - 2011-07-12 05:42 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-22 15:17 - 2011-03-22 15:17 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-02-19 11:59 - 2014-02-14 11:00 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-17 01:28 - 2010-03-17 01:28 - 01926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
2010-03-22 20:52 - 2010-03-22 20:52 - 06776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
2010-03-17 01:28 - 2010-03-17 01:28 - 00635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
2010-03-17 01:28 - 2010-03-17 01:28 - 00326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
2011-06-25 04:20 - 2011-06-25 04:20 - 00565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
2011-06-28 00:25 - 2011-06-28 00:25 - 00058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
2011-06-25 04:21 - 2011-06-25 04:21 - 00322624 _____ () C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll
2010-03-12 00:52 - 2010-03-12 00:52 - 00028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
2010-03-05 20:07 - 2010-03-05 20:07 - 00031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
2010-03-05 20:07 - 2010-03-05 20:07 - 00125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
2010-03-12 00:52 - 2010-03-12 00:52 - 00225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-11-25 03:44 - 2010-11-25 03:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2011-05-30 10:25 - 2011-05-30 10:25 - 07938048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2011-05-30 10:25 - 2011-05-30 10:25 - 02225664 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2014-02-05 20:34 - 2014-02-01 23:41 - 00715592 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-05 20:34 - 2014-02-01 23:41 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-05 20:35 - 2014-02-01 23:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-05 20:35 - 2014-02-01 23:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-05 20:34 - 2014-02-01 23:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/21/2014 00:11:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14103
 
Error: (02/21/2014 00:11:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14103
 
Error: (02/21/2014 00:11:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/21/2014 00:11:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12433
 
Error: (02/21/2014 00:11:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12433
 
Error: (02/21/2014 00:11:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/21/2014 00:11:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11388
 
Error: (02/21/2014 00:11:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11388
 
Error: (02/21/2014 00:11:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/21/2014 00:11:17 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10265
 
 
System errors:
=============
Error: (02/20/2014 11:40:53 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.
 
Error: (02/20/2014 02:03:39 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (02/20/2014 11:28:07 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147024891
 
Error: (02/20/2014 11:28:05 AM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.
 
Error: (02/20/2014 11:26:36 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (02/19/2014 03:10:22 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.
 
Error: (02/19/2014 01:56:16 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
 
Error: (02/19/2014 01:54:29 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
 
Error: (02/19/2014 00:19:36 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.
 
Error: (02/19/2014 00:18:39 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.
 
 
Microsoft Office Sessions:
=========================
Error: (02/21/2014 00:11:20 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14103
 
Error: (02/21/2014 00:11:20 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14103
 
Error: (02/21/2014 00:11:20 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/21/2014 00:11:19 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12433
 
Error: (02/21/2014 00:11:19 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12433
 
Error: (02/21/2014 00:11:19 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/21/2014 00:11:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11388
 
Error: (02/21/2014 00:11:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11388
 
Error: (02/21/2014 00:11:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/21/2014 00:11:17 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10265
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-07-29 15:34:53.903
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Chloe\AppData\Local\Temp\bvpnjlro.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-07-29 15:34:53.825
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Chloe\AppData\Local\Temp\bvpnjlro.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-07-29 11:38:39.125
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Chloe\AppData\Local\Temp\bvpnjlro.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-07-29 11:38:39.047
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Chloe\AppData\Local\Temp\bvpnjlro.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 44%
Total physical RAM: 2668.02 MB
Available physical RAM: 1480.69 MB
Total Pagefile: 5334.23 MB
Available Pagefile: 3438.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:147.51 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: EDB1DD74)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#5 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 21 February 2014 - 01:30 PM

That is addition.txt.  I also need to see FRST.txt.


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#6 vealie

vealie

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 21 February 2014 - 04:04 PM

Sorry!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-02-2014
Ran by Admin2 (administrator) on CHLOE-LAPTOP on 21-02-2014 17:04:18
Running from C:\Users\Admin2\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(AMD) C:\windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\windows\system32\msiexec.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(APN LLC.) C:\Users\Admin2\AppData\Local\VNT\vntldr.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [Stage Remote] - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-28] ()
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055816 2011-05-30] ()
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell Registration] - C:\Program Files (x86)\System Registration\prodreg.exe [4144448 2010-11-10] (Dell, Inc.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [RoxWatchTray] - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [NeroLauncher] - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-05-30] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-13] (APN)
HKLM-x32\...\Run: [VNT] - C:\Program Files (x86)\VNT\vntldr.exe [195536 2014-02-13] (APN LLC.)
Startup: C:\Users\Chloe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Docs) - C:\Users\Admin2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-19]
CHR Extension: (Google Drive) - C:\Users\Admin2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-19]
CHR Extension: (YouTube) - C:\Users\Admin2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-19]
CHR Extension: (Google Search) - C:\Users\Admin2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-19]
CHR Extension: (Google Wallet) - C:\Users\Admin2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-19]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Admin2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-02-19]
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Admin2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcoohmdcpejoeggdnihdfhohjgdbllgm [2014-02-19]
CHR Extension: (Gmail) - C:\Users\Admin2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-19]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM-x32\...\Chrome\Extension: [pcoohmdcpejoeggdnihdfhohjgdbllgm] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7C\CRX\ToolbarCR.crx [2014-02-20]
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-12] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)
 
==================== Drivers (Whitelisted) ====================
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2014-02-14] (Avira Operations GmbH & Co. KG)
S1 abdphysh; \??\C:\windows\system32\drivers\abdphysh.sys [X]
S1 brbhpior; \??\C:\windows\system32\drivers\brbhpior.sys [X]
S1 cjphkwwo; \??\C:\windows\system32\drivers\cjphkwwo.sys [X]
S1 eppfhhqj; \??\C:\windows\system32\drivers\eppfhhqj.sys [X]
S1 eqxynqhw; \??\C:\windows\system32\drivers\eqxynqhw.sys [X]
S1 forwuxqf; \??\C:\windows\system32\drivers\forwuxqf.sys [X]
S1 fpdhymzr; \??\C:\windows\system32\drivers\fpdhymzr.sys [X]
S1 futajjvw; \??\C:\windows\system32\drivers\futajjvw.sys [X]
S1 fzqvqgpj; \??\C:\windows\system32\drivers\fzqvqgpj.sys [X]
S1 gzgrafqo; \??\C:\windows\system32\drivers\gzgrafqo.sys [X]
S1 hocdoobh; \??\C:\windows\system32\drivers\hocdoobh.sys [X]
S1 jpvghcuv; \??\C:\windows\system32\drivers\jpvghcuv.sys [X]
S1 kdxeszml; \??\C:\windows\system32\drivers\kdxeszml.sys [X]
S1 nxvasbjr; \??\C:\windows\system32\drivers\nxvasbjr.sys [X]
S1 odcqkjnv; \??\C:\windows\system32\drivers\odcqkjnv.sys [X]
S1 osvyqtzg; \??\C:\windows\system32\drivers\osvyqtzg.sys [X]
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]
S1 pxtcjnpy; \??\C:\windows\system32\drivers\pxtcjnpy.sys [X]
S1 rsgqtkwf; \??\C:\windows\system32\drivers\rsgqtkwf.sys [X]
S1 ughcqatp; \??\C:\windows\system32\drivers\ughcqatp.sys [X]
S1 vjmizuks; \??\C:\windows\system32\drivers\vjmizuks.sys [X]
S1 xlariapw; \??\C:\windows\system32\drivers\xlariapw.sys [X]
S1 xlszhgck; \??\C:\windows\system32\drivers\xlszhgck.sys [X]
S1 xsckdilr; \??\C:\windows\system32\drivers\xsckdilr.sys [X]
S1 yebjmdjg; \??\C:\windows\system32\drivers\yebjmdjg.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-21 17:04 - 2014-02-21 17:05 - 00017474 _____ () C:\Users\Admin2\Desktop\FRST.txt
2014-02-21 17:03 - 2014-02-21 17:04 - 00000000 ____D () C:\FRST
2014-02-21 17:02 - 2014-02-21 17:02 - 02153984 _____ (Farbar) C:\Users\Admin2\Desktop\FRST64.exe
2014-02-20 23:38 - 2014-02-20 23:38 - 00000000 ____D () C:\Users\Admin2\AppData\Local\CrashDumps
2014-02-19 21:12 - 2014-02-19 21:12 - 00000000 ____D () C:\Users\Admin2\AppData\Local\Apple
2014-02-19 15:40 - 2014-02-19 15:40 - 00015964 _____ () C:\Users\Admin2\Desktop\hijackthis.log
2014-02-19 15:37 - 2014-02-19 15:37 - 00049678 _____ () C:\Users\Admin2\Desktop\Extras.Txt
2014-02-19 15:32 - 2014-02-19 15:32 - 00148034 _____ () C:\Users\Admin2\Desktop\OTL.Txt
2014-02-19 15:19 - 2014-02-19 15:20 - 00000000 ____D () C:\Program Files\HijackThis
2014-02-19 15:19 - 2014-02-19 15:19 - 00251392 _____ () C:\Users\Admin2\Desktop\hijackthis_sfx.exe
2014-02-19 14:47 - 2014-02-19 14:47 - 00602112 _____ (OldTimer Tools) C:\Users\Admin2\Desktop\OTL.exe
2014-02-19 14:33 - 2014-02-19 14:34 - 00000000 ____D () C:\Users\Admin2\Desktop\tdsskiller
2014-02-19 14:32 - 2014-02-19 14:32 - 04102163 _____ () C:\Users\Admin2\Desktop\tdsskiller.zip
2014-02-19 12:03 - 2014-02-19 12:03 - 00000000 ____D () C:\Users\Admin2\AppData\Roaming\Avira
2014-02-19 12:02 - 2014-02-21 17:03 - 00000000 ____D () C:\Users\Admin2\AppData\Local\VNT
2014-02-19 12:02 - 2014-02-21 17:03 - 00000000 ____D () C:\Program Files (x86)\VNT
2014-02-19 12:02 - 2014-02-19 12:02 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-02-19 12:02 - 2014-02-19 12:02 - 00000000 ____D () C:\ProgramData\APN
2014-02-19 12:02 - 2014-02-19 12:02 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-02-19 11:59 - 2014-02-19 11:59 - 00002068 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-02-19 11:58 - 2014-02-19 11:58 - 00000000 ____D () C:\ProgramData\Avira
2014-02-19 11:58 - 2014-02-19 11:58 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-02-19 11:58 - 2014-02-14 11:00 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-02-19 11:58 - 2014-02-14 11:00 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-02-19 11:58 - 2014-02-14 11:00 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2014-02-19 11:58 - 2014-02-14 11:00 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2014-02-19 11:51 - 2014-02-19 11:54 - 137044488 _____ () C:\Users\Admin2\Downloads\avira_free_antivirus_en.exe
2014-02-19 11:48 - 2014-02-19 11:48 - 00000000 ____D () C:\Users\Admin2\AppData\Local\Adobe
2014-02-19 11:46 - 2014-02-19 11:46 - 00000000 ____D () C:\Users\Admin2\AppData\Local\Google
2014-02-19 11:43 - 2014-02-19 11:43 - 00000000 ____D () C:\Users\Admin2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
2014-02-19 11:43 - 2014-02-19 11:43 - 00000000 ____D () C:\Users\Admin2\AppData\Local\AMD
2014-02-19 11:42 - 2014-02-19 11:48 - 00000000 ____D () C:\Users\Admin2\AppData\Roaming\Adobe
2014-02-19 11:42 - 2014-02-19 11:42 - 00126528 _____ () C:\Users\Admin2\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-19 11:42 - 2014-02-19 11:42 - 00001415 _____ () C:\Users\Admin2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-19 11:42 - 2014-02-19 11:42 - 00000000 ____D () C:\Users\Admin2\AppData\Roaming\Roxio
2014-02-19 11:42 - 2014-02-19 11:42 - 00000000 ____D () C:\Users\Admin2\AppData\Roaming\Leadertech
2014-02-19 11:42 - 2014-02-19 11:42 - 00000000 ____D () C:\Users\Admin2\AppData\Roaming\Dell Touch Zone
2014-02-19 11:42 - 2014-02-19 11:42 - 00000000 ____D () C:\Users\Admin2\AppData\Roaming\Dell
2014-02-19 11:42 - 2014-02-19 11:42 - 00000000 ____D () C:\Users\Admin2\AppData\Roaming\ATI
2014-02-19 11:42 - 2014-02-19 11:42 - 00000000 ____D () C:\Users\Admin2\AppData\Roaming\Apple Computer
2014-02-19 11:42 - 2014-02-19 11:42 - 00000000 ____D () C:\Users\Admin2\AppData\Local\Dell
2014-02-19 11:42 - 2014-02-19 11:42 - 00000000 ____D () C:\Users\Admin2\AppData\Local\ATI
2014-02-19 11:41 - 2014-02-19 11:42 - 00000000 ___RD () C:\Users\Admin2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-19 11:41 - 2014-02-19 11:42 - 00000000 ___RD () C:\Users\Admin2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-19 11:41 - 2014-02-19 11:41 - 00000020 ___SH () C:\Users\Admin2\ntuser.ini
2014-02-19 11:41 - 2014-02-19 11:41 - 00000000 ____D () C:\Users\Admin2\AppData\Local\SoftThinks
2014-02-19 11:41 - 2014-02-19 11:41 - 00000000 ____D () C:\Users\Admin2
2014-02-19 11:41 - 2011-10-06 11:49 - 00000000 ___RD () C:\Users\Admin2\Desktop\Play Games
2014-02-19 11:41 - 2011-10-06 10:25 - 00000000 ____D () C:\Users\Admin2\AppData\Roaming\Macromedia
2014-02-19 11:41 - 2009-07-14 04:54 - 00000000 ___RD () C:\Users\Admin2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-19 11:41 - 2009-07-14 04:49 - 00000000 ___RD () C:\Users\Admin2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-19 11:14 - 2014-02-19 11:15 - 13670584 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\mseinstall.exe
2014-02-19 11:13 - 2014-02-19 11:13 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-02-19 02:44 - 2014-02-19 02:44 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-02-19 02:42 - 2014-02-19 02:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Roxio
2014-02-19 02:42 - 2014-02-19 02:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
2014-02-19 02:42 - 2014-02-19 02:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Dell
2014-02-19 02:42 - 2014-02-19 02:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-02-19 02:42 - 2014-02-19 02:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2014-02-19 02:42 - 2014-02-19 02:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-02-19 02:42 - 2014-02-19 02:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\AMD
2014-02-19 02:41 - 2014-02-19 11:04 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Dell
2014-02-19 02:41 - 2014-02-19 02:41 - 00126528 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-19 02:41 - 2014-02-19 02:41 - 00001415 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-19 02:41 - 2014-02-19 02:41 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-19 02:41 - 2014-02-19 02:41 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-19 02:41 - 2014-02-19 02:41 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Leadertech
2014-02-19 02:41 - 2014-02-19 02:41 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Dell Touch Zone
2014-02-19 02:41 - 2014-02-19 02:41 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-02-19 02:39 - 2014-02-19 02:41 - 00000000 ____D () C:\Users\Administrator
2014-02-19 02:39 - 2014-02-19 02:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\SoftThinks
2014-02-19 02:39 - 2014-02-19 02:39 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-02-19 02:39 - 2011-10-06 11:49 - 00000000 ___RD () C:\Users\Administrator\Desktop\Play Games
2014-02-19 02:39 - 2011-10-06 10:25 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-02-19 02:39 - 2009-07-14 04:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-19 02:39 - 2009-07-14 04:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-19 01:04 - 2014-02-19 01:04 - 01056768 _____ () C:\windows\system32\defltbase.sdb
2014-02-19 00:53 - 2014-02-19 00:53 - 00007586 _____ () C:\Users\Chloe\Downloads\WinDefend.reg
2014-02-19 00:53 - 2014-02-19 00:53 - 00005256 _____ () C:\Users\Chloe\Downloads\wscsvc.reg
2014-02-19 00:37 - 2014-02-19 00:37 - 00176940 _____ () C:\Users\Chloe\Downloads\BFE.reg
2014-02-19 00:37 - 2014-02-19 00:37 - 00006396 _____ () C:\Users\Chloe\Downloads\MpsSvc.reg
2014-02-19 00:09 - 2013-05-10 05:56 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2014-02-19 00:09 - 2013-05-10 05:56 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2014-02-19 00:09 - 2013-05-10 04:56 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2014-02-19 00:09 - 2013-05-10 04:56 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2014-02-18 23:39 - 2013-12-21 09:53 - 00548864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-18 23:39 - 2013-12-21 08:56 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-02-18 23:37 - 2014-02-06 11:30 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-18 23:37 - 2014-02-06 10:52 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-18 23:37 - 2014-02-06 10:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-18 23:37 - 2014-02-06 10:17 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-18 23:37 - 2014-02-06 09:49 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-18 23:37 - 2014-02-06 09:25 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-18 23:36 - 2014-02-06 12:16 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-18 23:36 - 2014-02-06 11:30 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-18 23:36 - 2014-02-06 11:12 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-18 23:36 - 2014-02-06 11:07 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-18 23:36 - 2014-02-06 11:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-18 23:36 - 2014-02-06 10:57 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-18 23:36 - 2014-02-06 10:56 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-18 23:36 - 2014-02-06 10:49 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-18 23:36 - 2014-02-06 10:48 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-18 23:36 - 2014-02-06 10:48 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-18 23:36 - 2014-02-06 10:38 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-18 23:36 - 2014-02-06 10:32 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-18 23:36 - 2014-02-06 10:11 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-18 23:36 - 2014-02-06 10:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-18 23:36 - 2014-02-06 10:00 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-18 23:36 - 2014-02-06 09:57 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-18 23:36 - 2014-02-06 09:57 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-18 23:36 - 2014-02-06 09:52 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-18 23:36 - 2014-02-06 09:52 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-18 23:36 - 2014-02-06 09:50 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-18 23:36 - 2014-02-06 09:47 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-18 23:36 - 2014-02-06 09:46 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-18 23:36 - 2014-02-06 09:25 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-18 23:36 - 2014-02-06 09:24 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-18 23:36 - 2014-02-06 09:22 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-18 23:36 - 2014-02-06 09:13 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-18 23:36 - 2014-02-06 09:09 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-18 23:36 - 2014-02-06 09:03 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-18 23:36 - 2014-02-06 08:55 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-18 23:36 - 2014-02-06 08:41 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-18 23:36 - 2014-02-06 08:40 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-18 23:36 - 2014-02-06 08:36 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-18 23:36 - 2014-02-06 08:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-18 22:49 - 2014-02-18 22:51 - 101026576 _____ (Microsoft Corporation) C:\Users\Chloe\Downloads\msert (1).exe
2014-02-18 22:48 - 2014-02-18 22:48 - 00142083 _____ () C:\Users\Chloe\Downloads\msert.exe
2014-02-18 22:03 - 2014-02-18 22:03 - 13670584 _____ (Microsoft Corporation) C:\Users\Chloe\Downloads\mseinstall.exe
2014-02-18 12:07 - 2014-02-18 12:07 - 00000159 _____ () C:\windows\wininit.ini
2014-02-18 12:04 - 2014-02-18 12:04 - 00000000 ____D () C:\Users\Chloe\Documents\OneNote Notebooks
2014-02-18 03:19 - 2013-10-30 02:32 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2014-02-18 03:19 - 2013-10-30 02:19 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2014-02-18 03:18 - 2013-12-31 23:05 - 00420008 _____ () C:\windows\SysWOW64\locale.nls
2014-02-18 03:18 - 2013-12-31 23:04 - 00420008 _____ () C:\windows\system32\locale.nls
2014-02-18 03:18 - 2013-11-23 18:26 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2014-02-18 03:18 - 2013-11-23 17:47 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2014-02-18 03:18 - 2013-11-12 02:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-02-18 03:18 - 2013-11-12 02:07 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-02-18 03:18 - 2013-10-19 02:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2014-02-18 03:18 - 2013-10-19 01:36 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2014-02-18 03:17 - 2013-12-06 02:30 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-02-18 03:17 - 2013-12-06 02:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-02-18 03:17 - 2013-12-06 02:02 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-02-18 03:17 - 2013-12-06 02:02 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-02-18 03:16 - 2013-12-04 02:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-02-18 03:16 - 2013-12-04 02:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-02-18 03:16 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-02-18 03:16 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-02-18 03:16 - 2013-12-04 02:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-02-18 03:16 - 2013-12-04 02:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-02-18 03:16 - 2013-12-04 02:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-02-18 03:16 - 2013-12-04 02:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-02-18 03:16 - 2013-12-04 02:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-02-18 03:16 - 2013-12-04 02:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll
2014-02-18 03:16 - 2013-12-04 02:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll
2014-02-18 03:16 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll
2014-02-18 03:16 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll
2014-02-18 03:16 - 2013-12-04 02:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2014-02-18 03:16 - 2013-12-04 01:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe
2014-02-18 03:16 - 2013-12-04 01:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe
2014-02-18 03:16 - 2013-12-04 01:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe
2014-02-18 03:16 - 2013-12-04 01:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-18 03:16 - 2013-10-04 02:16 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2014-02-18 03:16 - 2013-10-04 01:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2014-02-18 03:15 - 2013-12-24 23:09 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-02-18 03:15 - 2013-12-24 22:48 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-02-18 03:15 - 2013-11-27 01:42 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-02-18 03:15 - 2013-11-27 01:42 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-02-18 03:15 - 2013-11-27 01:42 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-02-18 03:15 - 2013-11-27 01:42 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-02-18 03:15 - 2013-11-27 01:42 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-02-18 03:15 - 2013-11-27 01:42 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-02-18 03:15 - 2013-11-27 01:42 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-02-18 03:15 - 2013-11-26 11:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-02-18 03:15 - 2013-11-26 10:32 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-02-18 03:15 - 2013-11-26 08:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-02-18 03:15 - 2013-11-22 22:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-02-18 03:15 - 2013-10-12 02:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2014-02-18 03:15 - 2013-10-12 02:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2014-02-18 03:15 - 2013-10-12 02:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2014-02-18 03:15 - 2013-10-12 02:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2014-02-18 03:15 - 2013-10-12 01:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2014-02-18 03:15 - 2013-10-12 01:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2014-02-18 03:15 - 2013-10-12 01:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2014-02-18 03:15 - 2013-10-12 01:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2014-02-18 01:59 - 2014-02-18 01:59 - 00280204 _____ () C:\Users\Chloe\Downloads\WindowsUpdateDiagnostic.diagcab
2014-02-18 01:13 - 2014-02-18 01:11 - 00000402 _____ () C:\Users\Chloe\Desktop\repair.bat
2014-02-18 00:44 - 2014-02-18 00:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-18 00:43 - 2014-02-18 00:42 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-02-18 00:42 - 2014-02-18 00:42 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-02-18 00:42 - 2014-02-18 00:42 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-02-18 00:42 - 2014-02-18 00:42 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-18 00:41 - 2014-02-18 00:41 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-18 00:19 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\windows\system32\IEUDINIT.EXE
2014-02-18 00:12 - 2014-02-18 00:12 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-02-18 00:12 - 2014-02-18 00:12 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2014-02-18 00:12 - 2014-02-18 00:12 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-02-18 00:12 - 2014-02-18 00:12 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-02-18 00:12 - 2014-02-18 00:12 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-02-18 00:12 - 2014-02-18 00:12 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2014-02-18 00:12 - 2014-02-18 00:12 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2014-02-18 00:12 - 2014-02-18 00:12 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2014-02-18 00:12 - 2014-02-18 00:12 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-02-18 00:12 - 2014-02-18 00:12 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2014-02-18 00:12 - 2014-02-18 00:12 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-02-18 00:11 - 2014-02-18 00:12 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2014-02-18 00:11 - 2014-02-18 00:11 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2014-02-18 00:11 - 2014-02-18 00:11 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-02-18 00:11 - 2014-02-18 00:11 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2014-02-18 00:11 - 2014-02-18 00:11 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2014-02-18 00:11 - 2014-02-18 00:11 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2014-02-18 00:11 - 2014-02-18 00:11 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2014-02-18 00:11 - 2014-02-18 00:11 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2014-02-18 00:11 - 2014-02-18 00:11 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-02-18 00:11 - 2014-02-18 00:11 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2014-02-18 00:11 - 2014-02-18 00:11 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2014-02-18 00:11 - 2014-02-18 00:11 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-02-18 00:11 - 2014-02-18 00:11 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-02-18 00:11 - 2014-02-18 00:11 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-02-18 00:11 - 2014-02-18 00:11 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-02-18 00:08 - 2014-02-18 00:20 - 00007469 _____ () C:\windows\IE11_main.log
2014-02-17 15:17 - 2014-02-17 15:17 - 00000000 ____D () C:\Users\Chloe\AppData\Roaming\Malwarebytes
2014-02-17 15:17 - 2014-02-17 15:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-17 15:16 - 2014-02-17 15:16 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Chloe\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-17 15:14 - 2014-02-17 15:14 - 00002975 _____ () C:\Users\Chloe\Desktop\HiJackThis.lnk
2014-02-17 15:14 - 2014-02-17 15:14 - 00000000 ____D () C:\Users\Chloe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-02-17 15:14 - 2014-02-17 15:14 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-02-17 15:13 - 2014-02-17 15:13 - 01402880 _____ () C:\Users\Chloe\Downloads\HijackThis.msi
2014-02-17 14:49 - 2014-02-17 14:50 - 235680752 _____ () C:\regold.reg
2014-02-17 14:47 - 2014-02-17 14:45 - 00002629 _____ () C:\fix.reg
2014-02-17 12:47 - 2010-12-27 21:55 - 00119808 _____ () C:\Users\Chloe\Documents\waiting.avi
2014-02-17 12:47 - 2010-12-18 21:10 - 00152064 ____S () C:\Users\Chloe\Documents\Thumbs.db
2014-02-17 12:46 - 2012-03-11 14:34 - 02357774 _____ () C:\Users\Chloe\Documents\juliet talking weirdly.3gp
2014-02-17 12:46 - 2011-03-12 17:06 - 103926992 _____ () C:\Users\Chloe\Documents\isis.avi
2014-02-17 12:46 - 2010-03-07 11:55 - 237162520 _____ () C:\Users\Chloe\Documents\Picture 038.avi
2014-02-17 12:46 - 2010-03-07 11:55 - 157765128 _____ () C:\Users\Chloe\Documents\Picture 037.avi
2014-02-17 12:44 - 2014-02-17 12:44 - 00000000 ____D () C:\Users\Chloe\Documents\Sardinia
2014-02-17 12:43 - 2014-02-17 12:44 - 00000000 ____D () C:\Users\Chloe\Documents\New York
2014-02-17 12:43 - 2014-02-17 12:43 - 00000000 ____D () C:\Users\Chloe\Documents\Mummyy
2014-02-17 12:42 - 2014-02-17 12:43 - 00000000 ____D () C:\Users\Chloe\Documents\Me and Lottie
2014-02-17 12:40 - 2014-02-17 12:42 - 00000000 ____D () C:\Users\Chloe\Documents\Granny and Grandad
2014-02-17 12:25 - 2014-02-17 12:26 - 00000000 ____D () C:\Users\Chloe\Documents\Films
2014-02-17 12:25 - 2014-02-17 12:25 - 00000000 ____D () C:\Users\Chloe\Documents\DivX Movies
2014-02-17 12:25 - 2012-02-04 22:04 - 00000000 ____D () C:\Users\Chloe\Documents\Dell WebCam Central
2014-02-17 12:24 - 2014-02-17 12:24 - 00000000 ____D () C:\Users\Chloe\Documents\Composition
2014-02-17 12:24 - 2014-02-17 12:24 - 00000000 ____D () C:\Users\Chloe\Documents\Clover
2014-02-11 10:21 - 2014-02-19 11:19 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-11 10:21 - 2014-02-19 11:19 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-02-11 10:12 - 2014-02-11 10:08 - 16409960 _____ (Safer Networking Limited ) C:\Users\Chloe\Desktop\spybotsd162.exe
2014-02-10 23:37 - 2014-02-19 14:33 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Admin2\Desktop\TDSSKiller.exe
 
==================== One Month Modified Files and Folders =======
 
2014-02-21 17:05 - 2014-02-21 17:04 - 00017474 _____ () C:\Users\Admin2\Desktop\FRST.txt
2014-02-21 17:04 - 2014-02-21 17:03 - 00000000 ____D () C:\FRST
2014-02-21 17:03 - 2014-02-19 12:02 - 00000000 ____D () C:\Users\Admin2\AppData\Local\VNT
2014-02-21 17:03 - 2014-02-19 12:02 - 00000000 ____D () C:\Program Files (x86)\VNT
2014-02-21 17:02 - 2014-02-21 17:02 - 02153984 _____ (Farbar) C:\Users\Admin2\Desktop\FRST64.exe
2014-02-21 17:02 - 2012-04-02 10:05 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 17:02 - 2012-04-02 10:05 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-02-21 17:02 - 2012-04-02 10:04 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 17:02 - 2011-12-30 18:53 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 17:01 - 2012-07-10 18:35 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-21 17:01 - 2011-12-27 19:39 - 00000926 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1111199960-1227256506-274844869-1001UA.job
2014-02-21 17:01 - 2011-10-06 09:36 - 01653214 _____ () C:\windows\WindowsUpdate.log
2014-02-21 00:11 - 2012-07-10 18:35 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-20 23:38 - 2014-02-20 23:38 - 00000000 ____D () C:\Users\Admin2\AppData\Local\CrashDumps
2014-02-20 23:38 - 2011-12-27 19:39 - 00000904 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1111199960-1227256506-274844869-1001Core.job
2014-02-20 14:03 - 2011-12-22 00:01 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-02-20 14:03 - 2011-12-22 00:01 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-02-20 14:03 - 2011-10-06 11:57 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-02-20 11:36 - 2009-07-14 04:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-20 11:36 - 2009-07-14 04:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-20 11:28 - 2009-07-14 05:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-20 11:28 - 2009-07-14 04:51 - 00069385 _____ () C:\windows\setupact.log
2014-02-20 11:27 - 2010-11-21 03:47 - 00688884 _____ () C:\windows\PFRO.log
2014-02-20 10:58 - 2011-10-06 10:03 - 00770932 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-02-20 10:58 - 2009-07-14 05:13 - 00770932 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-19 21:12 - 2014-02-19 21:12 - 00000000 ____D () C:\Users\Admin2\AppData\Local\Apple
2014-02-19 15:40 - 2014-02-19 15:40 - 00015964 _____ () C:\Users\Admin2\Desktop\hijackthis.log
2014-02-19 15:37 - 2014-02-19 15:37 - 00049678 _____ () C:\Users\Admin2\Desktop\Extras.Txt
2014-02-19 15:32 - 2014-02-19 15:32 - 00148034 _____ () C:\Users\Admin2\Desktop\OTL.Txt
2014-02-19 15:20 - 2014-02-19 15:19 - 00000000 ____D () C:\Program Files\HijackThis
2014-02-19 15:19 - 2014-02-19 15:19 - 00251392 _____ () C:\Users\Admin2\Desktop\hijackthis_sfx.exe
2014-02-19 14:47 - 2014-02-19 14:47 - 00602112 _____ (OldTimer Tools) C:\Users\Admin2\Desktop\OTL.exe
2014-02-19 14:34 - 2014-02-19 14:33 - 00000000 ____D () C:\Users\Admin2\Desktop\tdsskiller
2014-02-19 14:33 - 2014-02-10 23:37 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Admin2\Desktop\TDSSKiller.exe
2014-02-19 14:32 - 2014-02-19 14:32 - 04102163 _____ () C:\Users\Admin2\Desktop\tdsskiller.zip
2014-02-19 12:03 - 2014-02-19 12:03 - 00000000 ____D () C:\Users\Admin2\AppData\Roaming\Avira
2014-02-19 12:02 - 2014-02-19 12:02 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-02-19 12:02 - 2014-02-19 12:02 - 00000000 ____D () C:\ProgramData\APN
2014-02-19 12:02 - 2014-02-19 12:02 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-02-19 11:59 - 2014-02-19 11:59 - 00002068 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-02-19 11:58 - 2014-02-19 11:58 - 00000000 ____D () C:\ProgramData\Avira
2014-02-19 11:58 - 2014-02-19 11:58 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-02-19 11:54 - 2014-02-19 11:51 - 137044488 _____ () C:\Users\Admin2\Downloads\avira_free_antivirus_en.exe
2014-02-19 11:52 - 2013-11-26 21:37 - 00001945 _____ () C:\windows\epplauncher.mif
2014-02-19 11:48 - 2014-02-19 11:48 - 00000000 ____D () C:\Users\Admin2\AppData\Local\Adobe
2014-02-19 11:48 - 2014-02-19 11:42 - 00000000 ____D () C:\Users\Admin2\AppData\Roaming\Adobe
2014-02-19 11:46 - 2014-02-19 11:46 - 00000000 ____D () C:\Users\Admin2\AppData\Local\Google
2014-02-19 11:43 - 2014-02-19 11:43 - 00000000 ____D () C:\Users\Admin2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
2014-02-19 11:43 - 2014-02-19 11:43 - 00000000 ____D () C:\Users\Admin2\AppData\Local\AMD
2014-02-19 11:42 - 2014-02-19 11:42 - 00126528 _____ () C:\Users\Admin2\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-19 11:42 - 2014-02-19 11:42 - 00001415 _____ () C:\Users\Admin2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-19 11:42 - 2014-02-19 11:42 - 00000000 ____D () C:\Users\Admin2\AppData\Roaming\Roxio
2014-02-19 11:42 - 2014-02-19 11:42 - 00000000 ____D () C:\Users\Admin2\AppData\Roaming\Leadertech
2014-02-19 11:42 - 2014-02-19 11:42 - 00000000 ____D () C:\Users\Admin2\AppData\Roaming\Dell Touch Zone
2014-02-19 11:42 - 2014-02-19 11:42 - 00000000 ____D () C:\Users\Admin2\AppData\Roaming\Dell
2014-02-19 11:42 - 2014-02-19 11:42 - 00000000 ____D () C:\Users\Admin2\AppData\Roaming\ATI
2014-02-19 11:42 - 2014-02-19 11:42 - 00000000 ____D () C:\Users\Admin2\AppData\Roaming\Apple Computer
2014-02-19 11:42 - 2014-02-19 11:42 - 00000000 ____D () C:\Users\Admin2\AppData\Local\Dell
2014-02-19 11:42 - 2014-02-19 11:42 - 00000000 ____D () C:\Users\Admin2\AppData\Local\ATI
2014-02-19 11:42 - 2014-02-19 11:41 - 00000000 ___RD () C:\Users\Admin2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-19 11:42 - 2014-02-19 11:41 - 00000000 ___RD () C:\Users\Admin2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-19 11:42 - 2011-10-06 11:17 - 00000000 ____D () C:\ProgramData\Sonic
2014-02-19 11:41 - 2014-02-19 11:41 - 00000020 ___SH () C:\Users\Admin2\ntuser.ini
2014-02-19 11:41 - 2014-02-19 11:41 - 00000000 ____D () C:\Users\Admin2\AppData\Local\SoftThinks
2014-02-19 11:41 - 2014-02-19 11:41 - 00000000 ____D () C:\Users\Admin2
2014-02-19 11:31 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\Registration
2014-02-19 11:19 - 2014-02-11 10:21 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-19 11:19 - 2014-02-11 10:21 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-02-19 11:15 - 2014-02-19 11:14 - 13670584 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\mseinstall.exe
2014-02-19 11:13 - 2014-02-19 11:13 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-02-19 11:04 - 2014-02-19 02:41 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Dell
2014-02-19 02:44 - 2014-02-19 02:44 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-02-19 02:42 - 2014-02-19 02:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Roxio
2014-02-19 02:42 - 2014-02-19 02:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
2014-02-19 02:42 - 2014-02-19 02:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Dell
2014-02-19 02:42 - 2014-02-19 02:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-02-19 02:42 - 2014-02-19 02:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2014-02-19 02:42 - 2014-02-19 02:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-02-19 02:42 - 2014-02-19 02:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\AMD
2014-02-19 02:41 - 2014-02-19 02:41 - 00126528 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-19 02:41 - 2014-02-19 02:41 - 00001415 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-19 02:41 - 2014-02-19 02:41 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-19 02:41 - 2014-02-19 02:41 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-19 02:41 - 2014-02-19 02:41 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Leadertech
2014-02-19 02:41 - 2014-02-19 02:41 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Dell Touch Zone
2014-02-19 02:41 - 2014-02-19 02:41 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-02-19 02:41 - 2014-02-19 02:39 - 00000000 ____D () C:\Users\Administrator
2014-02-19 02:40 - 2014-02-19 02:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\SoftThinks
2014-02-19 02:39 - 2014-02-19 02:39 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-02-19 02:33 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-02-19 02:10 - 2011-12-27 19:47 - 00000000 ____D () C:\Users\Chloe\AppData\Roaming\Skype
2014-02-19 02:10 - 2011-10-06 11:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-19 02:10 - 2011-10-06 11:40 - 00000000 ____D () C:\ProgramData\Skype
2014-02-19 01:04 - 2014-02-19 01:04 - 01056768 _____ () C:\windows\system32\defltbase.sdb
2014-02-19 00:59 - 2011-12-22 00:22 - 00000000 ____D () C:\Users\Chloe\AppData\Local\Nero
2014-02-19 00:53 - 2014-02-19 00:53 - 00007586 _____ () C:\Users\Chloe\Downloads\WinDefend.reg
2014-02-19 00:53 - 2014-02-19 00:53 - 00005256 _____ () C:\Users\Chloe\Downloads\wscsvc.reg
2014-02-19 00:44 - 2011-12-23 18:51 - 00000000 ____D () C:\Users\Chloe\AppData\Roaming\Spotify
2014-02-19 00:37 - 2014-02-19 00:37 - 00176940 _____ () C:\Users\Chloe\Downloads\BFE.reg
2014-02-19 00:37 - 2014-02-19 00:37 - 00006396 _____ () C:\Users\Chloe\Downloads\MpsSvc.reg
2014-02-19 00:29 - 2009-07-14 05:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-02-19 00:25 - 2009-07-14 04:45 - 00463384 _____ () C:\windows\system32\FNTCACHE.DAT
2014-02-19 00:08 - 2013-08-17 02:16 - 00000000 ____D () C:\windows\system32\MRT
2014-02-18 23:39 - 2012-01-14 14:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-18 22:51 - 2014-02-18 22:49 - 101026576 _____ (Microsoft Corporation) C:\Users\Chloe\Downloads\msert (1).exe
2014-02-18 22:48 - 2014-02-18 22:48 - 00142083 _____ () C:\Users\Chloe\Downloads\msert.exe
2014-02-18 22:38 - 2011-12-22 00:39 - 00000000 ____D () C:\ProgramData\Norton
2014-02-18 22:03 - 2014-02-18 22:03 - 13670584 _____ (Microsoft Corporation) C:\Users\Chloe\Downloads\mseinstall.exe
2014-02-18 15:28 - 2012-04-06 10:55 - 00000000 ____D () C:\Users\Chloe\AppData\Local\CrashDumps
2014-02-18 13:40 - 2013-06-06 10:24 - 00003440 _____ () C:\windows\System32\Tasks\PCDEventLauncherTask
2014-02-18 12:07 - 2014-02-18 12:07 - 00000159 _____ () C:\windows\wininit.ini
2014-02-18 12:07 - 2011-12-22 00:05 - 00000000 ___RD () C:\Users\Chloe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-18 12:04 - 2014-02-18 12:04 - 00000000 ____D () C:\Users\Chloe\Documents\OneNote Notebooks
2014-02-18 01:59 - 2014-02-18 01:59 - 00280204 _____ () C:\Users\Chloe\Downloads\WindowsUpdateDiagnostic.diagcab
2014-02-18 01:11 - 2014-02-18 01:13 - 00000402 _____ () C:\Users\Chloe\Desktop\repair.bat
2014-02-18 00:44 - 2014-02-18 00:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-18 00:42 - 2014-02-18 00:43 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-02-18 00:42 - 2014-02-18 00:42 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-02-18 00:42 - 2014-02-18 00:42 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-02-18 00:42 - 2014-02-18 00:42 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-18 00:41 - 2014-02-18 00:41 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-18 00:25 - 2011-12-22 00:05 - 00001415 _____ () C:\Users\Chloe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-18 00:20 - 2014-02-18 00:08 - 00007469 _____ () C:\windows\IE11_main.log
2014-02-18 00:12 - 2014-02-18 00:12 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-02-18 00:12 - 2014-02-18 00:12 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2014-02-18 00:12 - 2014-02-18 00:12 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-02-18 00:12 - 2014-02-18 00:12 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-02-18 00:12 - 2014-02-18 00:12 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-02-18 00:12 - 2014-02-18 00:12 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2014-02-18 00:12 - 2014-02-18 00:12 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2014-02-18 00:12 - 2014-02-18 00:12 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2014-02-18 00:12 - 2014-02-18 00:12 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-02-18 00:12 - 2014-02-18 00:12 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2014-02-18 00:12 - 2014-02-18 00:12 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-02-18 00:12 - 2014-02-18 00:11 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2014-02-18 00:11 - 2014-02-18 00:11 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2014-02-18 00:11 - 2014-02-18 00:11 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-02-18 00:11 - 2014-02-18 00:11 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2014-02-18 00:11 - 2014-02-18 00:11 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2014-02-18 00:11 - 2014-02-18 00:11 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2014-02-18 00:11 - 2014-02-18 00:11 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2014-02-18 00:11 - 2014-02-18 00:11 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2014-02-18 00:11 - 2014-02-18 00:11 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-02-18 00:11 - 2014-02-18 00:11 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2014-02-18 00:11 - 2014-02-18 00:11 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2014-02-18 00:11 - 2014-02-18 00:11 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2014-02-18 00:11 - 2014-02-18 00:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-02-18 00:11 - 2014-02-18 00:11 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-02-18 00:11 - 2014-02-18 00:11 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-02-18 00:11 - 2014-02-18 00:11 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-02-18 00:06 - 2012-07-10 18:35 - 00003892 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-18 00:06 - 2012-07-10 18:35 - 00003640 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-17 15:17 - 2014-02-17 15:17 - 00000000 ____D () C:\Users\Chloe\AppData\Roaming\Malwarebytes
2014-02-17 15:17 - 2014-02-17 15:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-17 15:16 - 2014-02-17 15:16 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Chloe\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-17 15:14 - 2014-02-17 15:14 - 00002975 _____ () C:\Users\Chloe\Desktop\HiJackThis.lnk
2014-02-17 15:14 - 2014-02-17 15:14 - 00000000 ____D () C:\Users\Chloe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-02-17 15:14 - 2014-02-17 15:14 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-02-17 15:13 - 2014-02-17 15:13 - 01402880 _____ () C:\Users\Chloe\Downloads\HijackThis.msi
2014-02-17 15:02 - 2011-10-06 10:15 - 00365046 _____ () C:\windows\DPINST.LOG
2014-02-17 14:58 - 2013-11-08 15:50 - 00002028 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-02-17 14:58 - 2011-10-06 09:53 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-17 14:57 - 2013-12-21 23:57 - 00000000 ____D () C:\Users\Chloe\AppData\Local\lynphoaq
2014-02-17 14:51 - 2012-07-29 10:48 - 00000000 _____ () C:\Users\Chloe\AppData\Local\saafwmse.log
2014-02-17 14:50 - 2014-02-17 14:49 - 235680752 _____ () C:\regold.reg
2014-02-17 14:50 - 2012-07-16 12:18 - 00000028 _____ () C:\Users\Chloe\AppData\Local\ulrxkneb.log
2014-02-17 14:47 - 2012-07-29 10:39 - 00267197 _____ () C:\Users\Chloe\AppData\Local\wyobagjq.log
2014-02-17 14:45 - 2014-02-17 14:47 - 00002629 _____ () C:\fix.reg
2014-02-17 14:29 - 2014-01-10 17:08 - 00682302 _____ () C:\Users\Chloe\AppData\Local\ekbfsfmo.log
2014-02-17 14:29 - 2014-01-10 17:08 - 00003676 _____ () C:\Users\Chloe\AppData\Local\cohlggii.log
2014-02-17 14:04 - 2012-01-15 16:53 - 00000000 ____D () C:\Users\Chloe\AppData\Roaming\IDT
2014-02-17 12:44 - 2014-02-17 12:44 - 00000000 ____D () C:\Users\Chloe\Documents\Sardinia
2014-02-17 12:44 - 2014-02-17 12:43 - 00000000 ____D () C:\Users\Chloe\Documents\New York
2014-02-17 12:43 - 2014-02-17 12:43 - 00000000 ____D () C:\Users\Chloe\Documents\Mummyy
2014-02-17 12:43 - 2014-02-17 12:42 - 00000000 ____D () C:\Users\Chloe\Documents\Me and Lottie
2014-02-17 12:42 - 2014-02-17 12:40 - 00000000 ____D () C:\Users\Chloe\Documents\Granny and Grandad
2014-02-17 12:26 - 2014-02-17 12:25 - 00000000 ____D () C:\Users\Chloe\Documents\Films
2014-02-17 12:25 - 2014-02-17 12:25 - 00000000 ____D () C:\Users\Chloe\Documents\DivX Movies
2014-02-17 12:24 - 2014-02-17 12:24 - 00000000 ____D () C:\Users\Chloe\Documents\Composition
2014-02-17 12:24 - 2014-02-17 12:24 - 00000000 ____D () C:\Users\Chloe\Documents\Clover
2014-02-17 11:52 - 2014-01-10 17:08 - 00003288 _____ () C:\Users\Chloe\AppData\Local\ivquuojm.log
2014-02-17 11:52 - 2012-07-16 12:19 - 00005370 _____ () C:\Users\Chloe\AppData\Local\aumsmgur.log
2014-02-14 11:00 - 2014-02-19 11:58 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-02-14 11:00 - 2014-02-19 11:58 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-02-14 11:00 - 2014-02-19 11:58 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2014-02-14 11:00 - 2014-02-19 11:58 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2014-02-11 10:42 - 2012-05-08 16:18 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-02-11 10:08 - 2014-02-11 10:12 - 16409960 _____ (Safer Networking Limited ) C:\Users\Chloe\Desktop\spybotsd162.exe
2014-02-09 11:15 - 2011-12-23 18:51 - 00000000 ____D () C:\Users\Chloe\AppData\Local\Spotify
2014-02-06 12:16 - 2014-02-18 23:36 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-06 11:30 - 2014-02-18 23:37 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-06 11:30 - 2014-02-18 23:36 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-06 11:12 - 2014-02-18 23:36 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-06 11:07 - 2014-02-18 23:36 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-06 11:06 - 2014-02-18 23:36 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-18 23:36 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-06 10:56 - 2014-02-18 23:36 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-06 10:52 - 2014-02-18 23:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-06 10:49 - 2014-02-18 23:36 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-06 10:48 - 2014-02-18 23:36 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-06 10:48 - 2014-02-18 23:36 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-06 10:38 - 2014-02-18 23:36 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-06 10:32 - 2014-02-18 23:36 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-06 10:20 - 2014-02-18 23:37 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-06 10:17 - 2014-02-18 23:37 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-06 10:11 - 2014-02-18 23:36 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-06 10:01 - 2014-02-18 23:36 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-06 10:00 - 2014-02-18 23:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-06 09:57 - 2014-02-18 23:36 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-06 09:57 - 2014-02-18 23:36 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-06 09:52 - 2014-02-18 23:36 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-06 09:52 - 2014-02-18 23:36 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-06 09:50 - 2014-02-18 23:36 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-06 09:49 - 2014-02-18 23:37 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-06 09:47 - 2014-02-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-06 09:46 - 2014-02-18 23:36 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-06 09:25 - 2014-02-18 23:37 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-06 09:25 - 2014-02-18 23:36 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-06 09:24 - 2014-02-18 23:36 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-06 09:22 - 2014-02-18 23:36 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-06 09:13 - 2014-02-18 23:36 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-06 09:09 - 2014-02-18 23:36 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-06 09:03 - 2014-02-18 23:36 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-06 08:55 - 2014-02-18 23:36 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-06 08:41 - 2014-02-18 23:36 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-06 08:40 - 2014-02-18 23:36 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-06 08:36 - 2014-02-18 23:36 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-06 08:34 - 2014-02-18 23:36 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-05 20:35 - 2013-07-21 20:33 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-04 19:09 - 2011-12-26 12:34 - 88567024 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\Admin2\AppData\Local\Temp\avgnt.exe
C:\Users\Admin2\AppData\Local\Temp\Offercast_AVIRAV7_.exe
C:\Users\Chloe\AppData\Local\Temp\airF273.exe
C:\Users\Chloe\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\Chloe\AppData\Local\Temp\install_flashplayer11x32ax_gtba_aih.exe
C:\Users\Chloe\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Chloe\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Chloe\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Chloe\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Chloe\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Chloe\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Chloe\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Chloe\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Chloe\AppData\Local\Temp\photostage_1.0.0.1_1.5.0.67_update_all.exe
C:\Users\Chloe\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Chloe\AppData\Local\Temp\SpotifyUpgrader.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-08-30 17:58
 
==================== End Of Log ============================


#7 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 21 February 2014 - 04:43 PM

Good.

 

New tool to run:

 

Download ComboFix from here:  http://download.blee...Bs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html 
     
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.


Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix.  If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#8 vealie

vealie

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 21 February 2014 - 05:53 PM

Done.  Ran it as administrator.....

 

 

ComboFix 14-02-20.01 - Admin2 21/02/2014  23:13:30.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.2668.1263 [GMT 0:00]
Running from: c:\users\Admin2\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6422\AddOnDownloaded\1b8965d5-1ace-460f-9f9d-51d4c6c7c534.dll
c:\programdata\PCDr\6422\AddOnDownloaded\236515c7-c29a-41e6-873d-b9e2673e11c3.dll
c:\programdata\PCDr\6422\AddOnDownloaded\2b605d7d-d0d9-4054-adbf-4b49c7319932.dll
c:\programdata\PCDr\6422\AddOnDownloaded\46396106-fa11-4329-87bf-ed5a85069e89.dll
c:\programdata\PCDr\6422\AddOnDownloaded\46f8f9b8-a6d9-4ac9-a82f-2c79e2a75546.dll
c:\programdata\PCDr\6422\AddOnDownloaded\4f436db1-def5-4137-a084-15125ef65010.dll
c:\programdata\PCDr\6422\AddOnDownloaded\5dc25d30-0116-4ea0-9e12-f329c60c603b.dll
c:\programdata\PCDr\6422\AddOnDownloaded\667e2f17-0031-40e7-a376-b390959abbb8.dll
c:\programdata\PCDr\6422\AddOnDownloaded\6ff7e11c-29c5-4891-bc9e-fae289e9c9fe.dll
c:\programdata\PCDr\6422\AddOnDownloaded\7bc69e73-3dda-484f-af68-bb19598a4b32.dll
c:\programdata\PCDr\6422\AddOnDownloaded\9c39bb99-9a2d-442b-9a53-fc7bd3d32368.dll
c:\programdata\PCDr\6422\AddOnDownloaded\9c91892f-68c1-49f2-9c84-27a2e4701c64.dll
c:\programdata\PCDr\6422\AddOnDownloaded\a5fe6876-4636-4d79-8440-3ce56e4f4416.dll
c:\programdata\PCDr\6422\AddOnDownloaded\a9d9bdb2-283c-48d2-b6ea-df9f6bc83b04.dll
c:\programdata\PCDr\6422\AddOnDownloaded\ade7fb72-009e-483b-8dbb-a94667c9efee.dll
c:\programdata\PCDr\6422\AddOnDownloaded\b1cd2350-1a70-4fd2-9b75-98208aace99a.dll
c:\programdata\PCDr\6422\AddOnDownloaded\cdf86821-bbfe-4586-8cae-bf998bb8d498.dll
c:\programdata\PCDr\6422\AddOnDownloaded\e6166583-b575-4093-a3ca-d9c4587d4bb7.dll
c:\programdata\PCDr\6422\AddOnDownloaded\fdae1379-f1f4-49e3-a1cc-0a3d1c8ae2a5.dll
c:\programdata\PCDr\6422\AddOnDownloaded\ffa288d5-37d2-4036-812e-1b7722ec86ed.dll
c:\users\Chloe\AppData\Local\aumsmgur.log
c:\users\Chloe\AppData\Local\cohlggii.log
c:\users\Chloe\AppData\Local\ekbfsfmo.log
c:\users\Chloe\AppData\Local\ivquuojm.log
c:\users\Chloe\AppData\Local\Microsoft\Windows\Temporary Internet Files\{07B18517-5F27-46A0-B214-C281DD07CD3A}.xps
c:\users\Chloe\AppData\Local\ulrxkneb.log
c:\users\Chloe\AppData\Local\wyobagjq.log
c:\users\Chloe\Documents\~WRL0680.tmp
c:\users\Chloe\Documents\~WRL0899.tmp
c:\windows\SysWow64\DEBUG.log
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-21 to 2014-02-21  )))))))))))))))))))))))))))))))
.
.
2014-02-21 17:03 . 2014-02-21 17:11 -------- d-----w- C:\FRST
2014-02-19 15:19 . 2014-02-19 15:20 -------- d-----w- c:\program files\HijackThis
2014-02-19 12:02 . 2014-02-21 17:03 -------- d-----w- c:\program files (x86)\VNT
2014-02-19 12:02 . 2014-02-19 12:02 -------- d-----w- c:\programdata\AskPartnerNetwork
2014-02-19 12:02 . 2014-02-19 12:02 -------- d-----w- c:\program files (x86)\AskPartnerNetwork
2014-02-19 12:02 . 2014-02-19 12:02 -------- d-----w- c:\programdata\APN
2014-02-19 11:58 . 2014-02-14 11:00 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-02-19 11:58 . 2014-02-14 11:00 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-02-19 11:58 . 2014-02-14 11:00 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-02-19 11:58 . 2014-02-14 11:00 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-02-19 11:58 . 2014-02-19 11:58 -------- d-----w- c:\programdata\Avira
2014-02-19 11:58 . 2014-02-19 11:58 -------- d-----w- c:\program files (x86)\Avira
2014-02-19 11:41 . 2014-02-19 11:41 -------- d-----w- c:\users\Admin2
2014-02-19 02:39 . 2014-02-19 02:41 -------- d-----w- c:\users\Administrator
2014-02-19 02:14 . 2014-02-19 02:14 -------- d-----w- c:\windows\Migration
2014-02-19 02:10 . 2014-02-19 02:10 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-02-19 00:09 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-02-19 00:09 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-02-19 00:09 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-02-19 00:09 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-02-19 00:09 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-02-18 23:39 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-18 23:39 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-18 23:37 . 2014-02-06 11:30 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-18 23:37 . 2014-02-06 10:20 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-02-18 23:37 . 2014-02-06 10:17 195584 ----a-w- c:\windows\system32\msrating.dll
2014-02-18 23:37 . 2014-02-06 22:55 293080 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2014-02-18 23:37 . 2014-02-06 22:24 235224 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2014-02-18 23:37 . 2014-02-06 08:47 353280 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2014-02-18 23:37 . 2014-02-06 08:37 251392 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2014-02-18 23:37 . 2014-02-06 10:52 574976 ----a-w- c:\windows\system32\ieui.dll
2014-02-18 23:37 . 2014-02-06 08:29 271360 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2014-02-18 03:19 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2014-02-18 03:19 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2014-02-18 03:18 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-02-18 03:18 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2014-02-18 03:18 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2014-02-18 03:18 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2014-02-18 03:18 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-02-18 03:18 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-02-18 03:17 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-02-18 03:17 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-18 03:17 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-02-18 03:17 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-02-18 03:15 . 2013-11-27 01:42 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-02-18 00:44 . 2014-02-18 00:44 -------- d-----w- c:\programdata\Oracle
2014-02-18 00:43 . 2014-02-18 00:43 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-02-18 00:42 . 2014-02-18 00:42 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-18 00:41 . 2014-02-18 00:41 -------- d-----w- c:\program files (x86)\Java
2014-02-18 00:19 . 2013-10-14 18:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-02-18 00:11 . 2014-02-18 00:11 999936 ----a-w- c:\program files (x86)\Internet Explorer\networkinspection.dll
2014-02-17 15:17 . 2014-02-17 15:17 -------- d-----w- c:\users\Chloe\AppData\Roaming\Malwarebytes
2014-02-17 15:17 . 2014-02-17 15:17 -------- d-----w- c:\programdata\Malwarebytes
2014-02-17 15:16 . 2014-02-17 15:16 -------- d-----w- c:\users\Chloe\AppData\Local\Programs
2014-02-17 15:14 . 2014-02-17 15:14 388096 ----a-r- c:\users\Chloe\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-02-17 15:14 . 2014-02-17 15:14 -------- d-----w- c:\program files (x86)\Trend Micro
2014-02-17 14:49 . 2014-02-17 14:50 235680752 ----a-w- C:\regold.reg
2014-02-17 14:47 . 2014-02-17 14:45 2629 ----a-w- C:\fix.reg
2014-02-11 10:21 . 2014-02-19 11:19 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2014-02-11 10:21 . 2014-02-19 11:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 17:24 . 2012-04-02 10:04 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-21 17:24 . 2011-12-30 18:53 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-17 01:32 . 2014-02-19 11:26 10536864 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E917D9EE-52BB-44E2-A32B-8A8D688F3050}\mpengine.dll
2014-02-04 19:09 . 2011-12-26 12:34 88567024 ----a-w- c:\windows\system32\MRT.exe
2013-12-18 06:13 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7}]
2014-02-13 05:22 12240 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-4300-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" [2014-02-13 12240]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-4300-7a786e7484d7}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-12 336384]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-12-18 40312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-14 689744]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2014-02-13 1758160]
"VNT"="c:\program files (x86)\VNT\vntldr.exe" [2014-02-13 195536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
.
R1 abdphysh;abdphysh;c:\windows\system32\drivers\abdphysh.sys;c:\windows\SYSNATIVE\drivers\abdphysh.sys [x]
R1 brbhpior;brbhpior;c:\windows\system32\drivers\brbhpior.sys;c:\windows\SYSNATIVE\drivers\brbhpior.sys [x]
R1 cjphkwwo;cjphkwwo;c:\windows\system32\drivers\cjphkwwo.sys;c:\windows\SYSNATIVE\drivers\cjphkwwo.sys [x]
R1 eppfhhqj;eppfhhqj;c:\windows\system32\drivers\eppfhhqj.sys;c:\windows\SYSNATIVE\drivers\eppfhhqj.sys [x]
R1 eqxynqhw;eqxynqhw;c:\windows\system32\drivers\eqxynqhw.sys;c:\windows\SYSNATIVE\drivers\eqxynqhw.sys [x]
R1 forwuxqf;forwuxqf;c:\windows\system32\drivers\forwuxqf.sys;c:\windows\SYSNATIVE\drivers\forwuxqf.sys [x]
R1 fpdhymzr;fpdhymzr;c:\windows\system32\drivers\fpdhymzr.sys;c:\windows\SYSNATIVE\drivers\fpdhymzr.sys [x]
R1 futajjvw;futajjvw;c:\windows\system32\drivers\futajjvw.sys;c:\windows\SYSNATIVE\drivers\futajjvw.sys [x]
R1 fzqvqgpj;fzqvqgpj;c:\windows\system32\drivers\fzqvqgpj.sys;c:\windows\SYSNATIVE\drivers\fzqvqgpj.sys [x]
R1 gzgrafqo;gzgrafqo;c:\windows\system32\drivers\gzgrafqo.sys;c:\windows\SYSNATIVE\drivers\gzgrafqo.sys [x]
R1 hocdoobh;hocdoobh;c:\windows\system32\drivers\hocdoobh.sys;c:\windows\SYSNATIVE\drivers\hocdoobh.sys [x]
R1 jpvghcuv;jpvghcuv;c:\windows\system32\drivers\jpvghcuv.sys;c:\windows\SYSNATIVE\drivers\jpvghcuv.sys [x]
R1 kdxeszml;kdxeszml;c:\windows\system32\drivers\kdxeszml.sys;c:\windows\SYSNATIVE\drivers\kdxeszml.sys [x]
R1 nxvasbjr;nxvasbjr;c:\windows\system32\drivers\nxvasbjr.sys;c:\windows\SYSNATIVE\drivers\nxvasbjr.sys [x]
R1 odcqkjnv;odcqkjnv;c:\windows\system32\drivers\odcqkjnv.sys;c:\windows\SYSNATIVE\drivers\odcqkjnv.sys [x]
R1 osvyqtzg;osvyqtzg;c:\windows\system32\drivers\osvyqtzg.sys;c:\windows\SYSNATIVE\drivers\osvyqtzg.sys [x]
R1 pxtcjnpy;pxtcjnpy;c:\windows\system32\drivers\pxtcjnpy.sys;c:\windows\SYSNATIVE\drivers\pxtcjnpy.sys [x]
R1 rsgqtkwf;rsgqtkwf;c:\windows\system32\drivers\rsgqtkwf.sys;c:\windows\SYSNATIVE\drivers\rsgqtkwf.sys [x]
R1 ughcqatp;ughcqatp;c:\windows\system32\drivers\ughcqatp.sys;c:\windows\SYSNATIVE\drivers\ughcqatp.sys [x]
R1 vjmizuks;vjmizuks;c:\windows\system32\drivers\vjmizuks.sys;c:\windows\SYSNATIVE\drivers\vjmizuks.sys [x]
R1 xlariapw;xlariapw;c:\windows\system32\drivers\xlariapw.sys;c:\windows\SYSNATIVE\drivers\xlariapw.sys [x]
R1 xlszhgck;xlszhgck;c:\windows\system32\drivers\xlszhgck.sys;c:\windows\SYSNATIVE\drivers\xlszhgck.sys [x]
R1 xsckdilr;xsckdilr;c:\windows\system32\drivers\xsckdilr.sys;c:\windows\SYSNATIVE\drivers\xsckdilr.sys [x]
R1 yebjmdjg;yebjmdjg;c:\windows\system32\drivers\yebjmdjg.sys;c:\windows\SYSNATIVE\drivers\yebjmdjg.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\my dell\pcdsrvc_x64.pkms;c:\program files\my dell\pcdsrvc_x64.pkms [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-05 20:09 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 17:24]
.
2014-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-10 18:34]
.
2014-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-10 18:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7}]
2014-02-13 05:22 13776 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-4300-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll" [2014-02-13 13776]
.
[HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-4300-7A786E7484D7}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{D3412D80-CF3B4A27-06020200}_0]
"ImagePath"="\??\c:\program files\my dell\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell\Stage Remote\StageRemoteService.exe
c:\users\Admin2\AppData\Local\VNT\vntldr.exe
.
**************************************************************************
.
Completion time: 2014-02-21  23:50:53 - machine was rebooted
ComboFix-quarantined-files.txt  2014-02-21 23:50
.
Pre-Run: 166,744,043,520 bytes free
Post-Run: 172,949,753,856 bytes free
.
- - End Of File - - 75457C2CA0FBB28F3EDA77A4C4994301
A36C5E4F47E84449FF07ED3517B43A31


#9 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 21 February 2014 - 07:50 PM

Better... but you've got a bunch of services left over from the infection.

 

I think you should read this:

 

Win32/Ramnit.A is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll  and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

 

With this particular infection the safest solution and only sure way to remove it effectively is to Reformat and reinstall the OS.

 

Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary.

 

Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a vast variety of malware and are a major source of system infection.

 

In my opinion, Ramnit.A is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.

 

Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

 

When should I re-format? How should I reinstall?

 

Where to draw the line? When to recommend a format and reinstall?

 

Backdoors and what they mean to you

 

http://technet.microsoft.com/en-us/library/cc512587.aspx

 

If you want to continue:

 

COMBOFIX-Script
 

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    
    File::
    
    c:\windows\SYSNATIVE\drivers\abdphysh.sys
    
    c:\windows\SYSNATIVE\drivers\brbhpior.sys
    
    c:\windows\SYSNATIVE\drivers\cjphkwwo.sys
    
    c:\windows\SYSNATIVE\drivers\eppfhhqj.sys
    
    c:\windows\SYSNATIVE\drivers\eqxynqhw.sys
    
    c:\windows\SYSNATIVE\drivers\forwuxqf.sys
    
    c:\windows\SYSNATIVE\drivers\fpdhymzr.sys
    
    c:\windows\SYSNATIVE\drivers\futajjvw.sys
    
    c:\windows\SYSNATIVE\drivers\fzqvqgpj.sys
    
    c:\windows\SYSNATIVE\drivers\gzgrafqo.sys
    
    c:\windows\SYSNATIVE\drivers\hocdoobh.sys
    
    c:\windows\SYSNATIVE\drivers\jpvghcuv.sys
    
    c:\windows\SYSNATIVE\drivers\kdxeszml.sys
    
    c:\windows\SYSNATIVE\drivers\nxvasbjr.sys
    
    c:\windows\SYSNATIVE\drivers\odcqkjnv.sys
    
    c:\windows\SYSNATIVE\drivers\osvyqtzg.sys
    
    c:\windows\SYSNATIVE\drivers\pxtcjnpy.sys
    
    c:\windows\SYSNATIVE\drivers\rsgqtkwf.sys
    
    c:\windows\SYSNATIVE\drivers\ughcqatp.sys
    
    c:\windows\SYSNATIVE\drivers\vjmizuks.sys
    
    c:\windows\SYSNATIVE\drivers\xlariapw.sys
    
    c:\windows\SYSNATIVE\drivers\xlszhgck.sys
    
    c:\windows\SYSNATIVE\drivers\xsckdilr.sys
    
    c:\windows\SYSNATIVE\drivers\yebjmdjg.sys
    
    
    
    Driver::
    
    abdphysh
    
    brbhpior
    
    cjphkwwo
    
    eppfhhqj
    
    eqxynqhw
    
    forwuxqf
    
    fpdhymzr
    
    futajjvw
    
    fzqvqgpj
    
    gzgrafqo
    
    hocdoobh
    
    jpvghcuv
    
    kdxeszml
    
    nxvasbjr
    
    odcqkjnv
    
    osvyqtzg
    
    pxtcjnpy
    
    rsgqtkwf
    
    ughcqatp
    
    vjmizuks
    
    xlariapw
    
    xlszhgck
    
    xsckdilr
    
    yebjmdjg
    
    
    
    
    
    
    
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
 

 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#10 vealie

vealie

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 22 February 2014 - 06:30 AM

TomK,

 

Thanks for persevering!

 

When Combofix ran I got a popup dialogue stating 'PEV.EXE A problem caused the program to stop working.  Windows will close the program and notifiy you if a solution is found.'

 

 

ComboFix 14-02-20.01 - Admin2 22/02/2014  11:55:52.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.2668.1377 [GMT 0:00]
Running from: c:\users\Admin2\Desktop\ComboFix.exe
Command switches used :: c:\users\Admin2\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\abdphysh.sys"
"c:\windows\system32\drivers\brbhpior.sys"
"c:\windows\system32\drivers\cjphkwwo.sys"
"c:\windows\system32\drivers\eppfhhqj.sys"
"c:\windows\system32\drivers\eqxynqhw.sys"
"c:\windows\system32\drivers\forwuxqf.sys"
"c:\windows\system32\drivers\fpdhymzr.sys"
"c:\windows\system32\drivers\futajjvw.sys"
"c:\windows\system32\drivers\fzqvqgpj.sys"
"c:\windows\system32\drivers\gzgrafqo.sys"
"c:\windows\system32\drivers\hocdoobh.sys"
"c:\windows\system32\drivers\jpvghcuv.sys"
"c:\windows\system32\drivers\kdxeszml.sys"
"c:\windows\system32\drivers\nxvasbjr.sys"
"c:\windows\system32\drivers\odcqkjnv.sys"
"c:\windows\system32\drivers\osvyqtzg.sys"
"c:\windows\system32\drivers\pxtcjnpy.sys"
"c:\windows\system32\drivers\rsgqtkwf.sys"
"c:\windows\system32\drivers\ughcqatp.sys"
"c:\windows\system32\drivers\vjmizuks.sys"
"c:\windows\system32\drivers\xlariapw.sys"
"c:\windows\system32\drivers\xlszhgck.sys"
"c:\windows\system32\drivers\xsckdilr.sys"
"c:\windows\system32\drivers\yebjmdjg.sys"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_abdphysh
-------\Service_brbhpior
-------\Service_cjphkwwo
-------\Service_eppfhhqj
-------\Service_eqxynqhw
-------\Service_forwuxqf
-------\Service_fpdhymzr
-------\Service_futajjvw
-------\Service_fzqvqgpj
-------\Service_gzgrafqo
-------\Service_hocdoobh
-------\Service_jpvghcuv
-------\Service_kdxeszml
-------\Service_nxvasbjr
-------\Service_odcqkjnv
-------\Service_osvyqtzg
-------\Service_pxtcjnpy
-------\Service_rsgqtkwf
-------\Service_ughcqatp
-------\Service_vjmizuks
-------\Service_xlariapw
-------\Service_xlszhgck
-------\Service_xsckdilr
-------\Service_yebjmdjg
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-22 to 2014-02-22  )))))))))))))))))))))))))))))))
.
.
2014-02-22 12:13 . 2014-02-22 12:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-21 17:03 . 2014-02-21 17:11 -------- d-----w- C:\FRST
2014-02-19 15:19 . 2014-02-19 15:20 -------- d-----w- c:\program files\HijackThis
2014-02-19 12:02 . 2014-02-21 17:03 -------- d-----w- c:\program files (x86)\VNT
2014-02-19 12:02 . 2014-02-19 12:02 -------- d-----w- c:\programdata\AskPartnerNetwork
2014-02-19 12:02 . 2014-02-19 12:02 -------- d-----w- c:\program files (x86)\AskPartnerNetwork
2014-02-19 12:02 . 2014-02-19 12:02 -------- d-----w- c:\programdata\APN
2014-02-19 11:58 . 2014-02-14 11:00 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-02-19 11:58 . 2014-02-14 11:00 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-02-19 11:58 . 2014-02-14 11:00 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-02-19 11:58 . 2014-02-14 11:00 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-02-19 11:58 . 2014-02-19 11:58 -------- d-----w- c:\programdata\Avira
2014-02-19 11:58 . 2014-02-19 11:58 -------- d-----w- c:\program files (x86)\Avira
2014-02-19 11:41 . 2014-02-19 11:41 -------- d-----w- c:\users\Admin2
2014-02-19 11:26 . 2014-02-17 01:32 10536864 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E917D9EE-52BB-44E2-A32B-8A8D688F3050}\mpengine.dll
2014-02-19 02:39 . 2014-02-19 02:41 -------- d-----w- c:\users\Administrator
2014-02-19 02:14 . 2014-02-19 02:14 -------- d-----w- c:\windows\Migration
2014-02-19 02:10 . 2014-02-19 02:10 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-02-19 00:09 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-02-19 00:09 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-02-19 00:09 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-02-19 00:09 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-02-19 00:09 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-02-18 23:39 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-18 23:39 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-18 23:37 . 2014-02-06 11:30 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-18 23:37 . 2014-02-06 10:20 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-02-18 23:37 . 2014-02-06 10:17 195584 ----a-w- c:\windows\system32\msrating.dll
2014-02-18 23:37 . 2014-02-06 22:55 293080 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2014-02-18 23:37 . 2014-02-06 22:24 235224 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2014-02-18 23:37 . 2014-02-06 08:47 353280 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2014-02-18 23:37 . 2014-02-06 08:37 251392 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2014-02-18 23:37 . 2014-02-06 10:52 574976 ----a-w- c:\windows\system32\ieui.dll
2014-02-18 23:37 . 2014-02-06 08:29 271360 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2014-02-18 03:19 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2014-02-18 03:19 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2014-02-18 03:18 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-02-18 03:18 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2014-02-18 03:18 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2014-02-18 03:18 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2014-02-18 03:18 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-02-18 03:18 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-02-18 03:17 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-02-18 03:17 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-18 03:17 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-02-18 03:17 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-02-18 03:15 . 2013-11-27 01:42 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-02-18 00:44 . 2014-02-18 00:44 -------- d-----w- c:\programdata\Oracle
2014-02-18 00:43 . 2014-02-18 00:43 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-02-18 00:42 . 2014-02-18 00:42 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-18 00:41 . 2014-02-18 00:41 -------- d-----w- c:\program files (x86)\Java
2014-02-18 00:19 . 2013-10-14 18:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-02-18 00:11 . 2014-02-18 00:11 999936 ----a-w- c:\program files (x86)\Internet Explorer\networkinspection.dll
2014-02-17 15:17 . 2014-02-17 15:17 -------- d-----w- c:\users\Chloe\AppData\Roaming\Malwarebytes
2014-02-17 15:17 . 2014-02-17 15:17 -------- d-----w- c:\programdata\Malwarebytes
2014-02-17 15:16 . 2014-02-17 15:16 -------- d-----w- c:\users\Chloe\AppData\Local\Programs
2014-02-17 15:14 . 2014-02-17 15:14 388096 ----a-r- c:\users\Chloe\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-02-17 15:14 . 2014-02-17 15:14 -------- d-----w- c:\program files (x86)\Trend Micro
2014-02-17 14:49 . 2014-02-17 14:50 235680752 ----a-w- C:\regold.reg
2014-02-17 14:47 . 2014-02-17 14:45 2629 ----a-w- C:\fix.reg
2014-02-11 10:21 . 2014-02-19 11:19 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2014-02-11 10:21 . 2014-02-19 11:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 17:24 . 2012-04-02 10:04 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-21 17:24 . 2011-12-30 18:53 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-04 19:09 . 2011-12-26 12:34 88567024 ----a-w- c:\windows\system32\MRT.exe
2013-12-18 06:13 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7}]
2014-02-13 05:22 12240 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-4300-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" [2014-02-13 12240]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-4300-7a786e7484d7}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-12 336384]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-12-18 40312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-14 689744]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2014-02-13 1758160]
"VNT"="c:\program files (x86)\VNT\vntldr.exe" [2014-02-13 195536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\my dell\pcdsrvc_x64.pkms;c:\program files\my dell\pcdsrvc_x64.pkms [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-05 20:09 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 17:24]
.
2014-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-10 18:34]
.
2014-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-10 18:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7}]
2014-02-13 05:22 13776 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-4300-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll" [2014-02-13 13776]
.
[HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-4300-7A786E7484D7}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{D3412D80-CF3B4A27-06020200}_0]
"ImagePath"="\??\c:\program files\my dell\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
.
**************************************************************************
.
Completion time: 2014-02-22  12:25:15 - machine was rebooted
ComboFix-quarantined-files.txt  2014-02-22 12:25
ComboFix2.txt  2014-02-21 23:50
.
Pre-Run: 172,562,780,160 bytes free
Post-Run: 172,059,062,272 bytes free
.
- - End Of File - - C8FE21A3CE6502CD5038CAD55738F40D
A36C5E4F47E84449FF07ED3517B43A31

    Advertisements

Register to Remove


#11 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 22 February 2014 - 09:46 AM

Looking good.

 

 

  • Download RogueKiller and save it to your desktop.
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
    RGKRScan.png
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
    RGKRDelete.png
  • Next click on the ShortcutsFix
    RGKRShortcutsFix.png
  • another report will be created on your desktop.

Please post: All RKreport.txt text files located on your desktop.
 

 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#12 vealie

vealie

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 22 February 2014 - 05:46 PM

Done!

 

Report 1

 

RogueKiller V8.8.8 [Feb 19 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Admin2 [Admin rights]
Mode : Scan -- Date : 02/22/2014 23:38:33
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] setup.exe -- C:\windows\TEMP\CR_71B16.tmp\setup.exe [x] -> KILLED [TermThr]
 
¤¤¤ Registry Entries : 8 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK3275GSX SATA Disk Device +++++
--- User ---
[MBR] 573c170eda6603caa0000ab58eff0314
[BSP] 891e61b27be377e6bdf57fee7aa51f38 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 290143 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_02222014_233833.txt >>
 
 
 
Report 2 
 
RogueKiller V8.8.8 [Feb 19 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Admin2 [Admin rights]
Mode : Remove -- Date : 02/22/2014 23:40:12
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] setup.exe -- C:\windows\TEMP\CR_71B16.tmp\setup.exe [x] -> KILLED [TermThr]
 
¤¤¤ Registry Entries : 8 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified. 
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK3275GSX SATA Disk Device +++++
--- User ---
[MBR] 573c170eda6603caa0000ab58eff0314
[BSP] 891e61b27be377e6bdf57fee7aa51f38 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 290143 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_02222014_234012.txt >>
RKreport[0]_S_02222014_233833.txt
 
 
Report 3
 
RogueKiller V8.8.8 [Feb 19 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Admin2 [Admin rights]
Mode : Shortcuts HJfix -- Date : 02/22/2014 23:40:39
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] setup.exe -- C:\windows\TEMP\CR_71B16.tmp\setup.exe [x] -> KILLED [TermThr]
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 0 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 7 / Fail 14
Backup: [NOT FOUND]
 
Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
 
¤¤¤ Infection :  ¤¤¤
 
Finished : << RKreport[0]_SC_02222014_234039.txt >>
RKreport[0]_D_02222014_234012.txt;RKreport[0]_S_02222014_233833.txt
 
 
Cheers!
Steve


#13 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 22 February 2014 - 06:02 PM

That looks great.

 

Let's get an online scan.  This one will take hours.

 

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
 

  • Please go here then click on: EOLS1.gif

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option   YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is  checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
 

 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#14 vealie

vealie

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 22 February 2014 - 06:41 PM

Cheers, TomK

 

I'm up for this..  The db download is in progress.  More later.....



#15 vealie

vealie

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 23 February 2014 - 11:56 AM

Done!

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d5cbad9ae200c34d855421669ac1d317
# engine=17186
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-02-23 05:43:54
# local_time=2014-02-23 05:43:54 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 69356 805388 65634 0
# compatibility_mode=5893 16776574 100 94 368272 145642484 0 0
# scanned=251866
# found=37
# cleaned=0
# scan_time=61870
sh=0AB7E14045C76206A8733C6E4D36220A58C85A77 ft=1 fh=9f671b8e7a289dd3 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe"
sh=B506B2465FD10608020D30ED9047B5E11DE63FA0 ft=1 fh=10102a51b62618f2 vn="Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe"
sh=408E55A7D2D56C02EF844CA63C1EA8D440D1F8B2 ft=1 fh=cf5f3ba9cab9d1c3 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll"
sh=EC5913DE16698FF281FE1F1108602BD300AFDA91 ft=1 fh=400322602d09beb6 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ServiceLocator.exe"
sh=4E3A9EF57C71B5829AC8CD185CBED27AF6610C13 ft=1 fh=83a0e01ca2b69786 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SO.dll"
sh=698FB11D2C5D96C744D8602AD22309F10509063A ft=1 fh=c3312308a781a9fa vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\toolbar.dll"
sh=0111559B94F5572B6777EBE3E85CB9F9C94BC85B ft=1 fh=76e883fd9357c7a4 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Toolbar.exe"
sh=BB237CE0031AFF6ABD4E3626D7C6AE3D6ABEDB5A ft=1 fh=2522929e49563be6 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ToolbarPS.dll"
sh=9C835C702D070F54C59E36FED31696261FEBFDA3 ft=1 fh=29643e02259e76bc vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\toolbar_x64.dll"
sh=B27AA1F8303815E20CE148744957CB3726BCDE96 ft=1 fh=e7bb97c341e31fcc vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe"
sh=6CDE6B1DD298CA47510EB79334AE149F60FEFFCE ft=1 fh=0241d1e8e3e9ed03 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll"
sh=84987AF48F5107F84A12BB7418C0A7A2106906B0 ft=1 fh=6e62188c597b6ea7 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll"
sh=1D8EC6612F09B82BE7D61BB29C69D5E78DD9D677 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\AskToolbarInstaller-12.10.0_AVIRA-V7C.msi"
sh=0AB7E14045C76206A8733C6E4D36220A58C85A77 ft=1 fh=9f671b8e7a289dd3 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe"
sh=408E55A7D2D56C02EF844CA63C1EA8D440D1F8B2 ft=1 fh=cf5f3ba9cab9d1c3 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll"
sh=EC5913DE16698FF281FE1F1108602BD300AFDA91 ft=1 fh=400322602d09beb6 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe"
sh=4E3A9EF57C71B5829AC8CD185CBED27AF6610C13 ft=1 fh=83a0e01ca2b69786 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\SO.dll"
sh=698FB11D2C5D96C744D8602AD22309F10509063A ft=1 fh=c3312308a781a9fa vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll"
sh=0111559B94F5572B6777EBE3E85CB9F9C94BC85B ft=1 fh=76e883fd9357c7a4 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe"
sh=BB237CE0031AFF6ABD4E3626D7C6AE3D6ABEDB5A ft=1 fh=2522929e49563be6 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll"
sh=9C835C702D070F54C59E36FED31696261FEBFDA3 ft=1 fh=29643e02259e76bc vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll"
sh=B27AA1F8303815E20CE148744957CB3726BCDE96 ft=1 fh=e7bb97c341e31fcc vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe"
sh=6CDE6B1DD298CA47510EB79334AE149F60FEFFCE ft=1 fh=0241d1e8e3e9ed03 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll"
sh=84987AF48F5107F84A12BB7418C0A7A2106906B0 ft=1 fh=6e62188c597b6ea7 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll"
sh=75A9BFE798ADFBFDFA8E0155A242E69ACD396E53 ft=1 fh=7e8b040c1a60dd55 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\program files\VNT\vntldr.exe"
sh=B9A96D9AE94C4B42CA5499933F6DF218B3903768 ft=1 fh=966b3592656dc188 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe"
sh=BD3C685B5F9C5FDDBCF46DAF1C89E094C69F87B0 ft=1 fh=62591177f2e83ca9 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"
sh=3963D8A5B82F5DD540BB1DDEE8BA5B8D9098C549 ft=1 fh=d69ca3895677d6e5 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"
sh=75A9BFE798ADFBFDFA8E0155A242E69ACD396E53 ft=1 fh=7e8b040c1a60dd55 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Program Files (x86)\VNT\vntldr.exe"
sh=75A9BFE798ADFBFDFA8E0155A242E69ACD396E53 ft=1 fh=7e8b040c1a60dd55 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Users\Admin2\AppData\Local\VNT\vntldr.exe"
sh=6897DCB0196C03F3ABE48F60D28C7499490A6D54 ft=1 fh=c03fad5bb43dfcfa vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Admin2\Downloads\avira_free_antivirus_en.exe"
sh=B6F9D211A575B167F1793994A4DA909B37706278 ft=1 fh=a80181f394c49539 vn="Win32/Toolbar.Babylon.T potentially unwanted application" ac=I fn="C:\Users\Admin2\Downloads\reimagerepair.exe"
sh=34B00648411794103EBA064C0EEF86CD6DCC4B76 ft=1 fh=2abc27855ebccf84 vn="a variant of MSIL/HackKMS.A potentially unsafe application" ac=I fn="C:\Users\Chloe\Desktop\Office.Professional.2010.exe"
sh=56E4531E58A508B45C43A813DC4DA578DB231886 ft=1 fh=fe40d461b3d99c4c vn="a variant of MSIL/HackKMS.A potentially unsafe application" ac=I fn="C:\Users\Chloe\Desktop\Office Professional 2010\Office 2010 Toolkit.exe"
sh=34B00648411794103EBA064C0EEF86CD6DCC4B76 ft=1 fh=2abc27855ebccf84 vn="a variant of MSIL/HackKMS.A potentially unsafe application" ac=I fn="C:\Users\Chloe\Documents\Stuff I dont know what to do with\Office.Professional.2010.exe"
sh=BA8CF52DF74F9880BBC54907C0443EA990734828 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7C[1].7z"
sh=BA8CF52DF74F9880BBC54907C0443EA990734828 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7C[1].7z"

Related Topics




Also tagged with one or more of these keywords: RamnitA, Firewall, Avira

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users