WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Infection of some sort [Solved]

Started by Jimbo1 , Jun 12 2014 04:13 PM

This topic is locked

48 replies to this topic

#16 Jimbo1

Preacher / Computer Tech

Authentic Member
1,474 posts

Interests:Serving the Lord and Riding motorcycles and computers.

Posted 13 June 2014 - 03:47 PM

yikes, lol ok will try and lets hope I able to get back up or what. the out come may be. BBl

The help you receive here is free.
If you wish, you may Donate to help keep us online.

May your day be blessed by those you love and those you love be blessed by HIM ;-)

Advertisements

Register to Remove

#17 Jimbo1

Preacher / Computer Tech

Authentic Member
1,474 posts

Interests:Serving the Lord and Riding motorcycles and computers.

Posted 13 June 2014 - 04:20 PM

Ok here is what happen.

1st I went and did the updates and got this message, 4 updates succeeded and 7 failed. so when I booted back up I had internet connection.

so after this I went and tried to do a update again second time, the 7 that failed succeeded and when I booted back up, no internet and the 2 network info In the try showed back up 1 was Network No internet access and 2nd was Unidentified Network No internet access.

So I went back to the restore point where the 4 succeeded and booted back up and I have internet connection and came here to post the results.

This is where I stand atm.

The help you receive here is free.
If you wish, you may Donate to help keep us online.

May your day be blessed by those you love and those you love be blessed by HIM ;-)

#18 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 13 June 2014 - 04:30 PM

Not sure whats going on, go ahead and run a new scan with OTL and post the log please

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#19 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 13 June 2014 - 04:36 PM

After you run a new scan with OTL and post the log, run this scanner also

Please download aswMBR to your desktop.

Double click the aswMBR icon to run it.

Click the Scan button to start scan.

If you are asked to update the Avast Virus database please allow it to do so.

When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

I just want to see the report....Please Do Not Fix Anything

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#20 Jimbo1

Preacher / Computer Tech

Authentic Member
1,474 posts

Interests:Serving the Lord and Riding motorcycles and computers.

Posted 13 June 2014 - 04:50 PM

ok will do, I notice after restore back to that restore point the 4 updates that were succeeded, were back because going backwards, so I went ahead and installed them because they were successful and when I rebooted my internet connections were lost again. So I had to go back further of a restore point to get connections back.

So I will do these suggestions' and post the results back. Bangs head upside the wall

The help you receive here is free.
If you wish, you may Donate to help keep us online.

May your day be blessed by those you love and those you love be blessed by HIM ;-)

#21 Jimbo1

Preacher / Computer Tech

Authentic Member
1,474 posts

Interests:Serving the Lord and Riding motorcycles and computers.

Posted 13 June 2014 - 04:51 PM

OTL logfile created on: 6/13/2014 5:43:56 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jim\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.71 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 45.64% Memory free
5.43 Gb Paging File | 3.65 Gb Available in Paging File | 67.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195.21 Gb Total Space | 150.89 Gb Free Space | 77.29% Space Free | Partition Type: NTFS
Drive D: | 736.20 Gb Total Space | 710.60 Gb Free Space | 96.52% Space Free | Partition Type: NTFS

Computer Name: JIM-PC | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jim\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - c:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe ()
PRC - C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe (Elaborate Bytes AG)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\04824fdbd5dce32530ba44ae012e4fb9\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\1ab52f8951c2ab97592ec25830dd5165\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\921861ef36355e6f12a981a188f99b8a\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll ()
MOD - C:\Windows\System32\DLAAPI_W.DLL ()

========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TeamViewer9) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (RealPlayer Cloud Service) -- c:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc.)
SRV - (RealPlayerUpdateSvc) -- C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe ()
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (IEEtwCollectorService) -- C:\Windows\System32\IEEtwCollector.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (ICCS) -- C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (AppleChargerSrv) -- C:\Windows\System32\AppleChargerSrv.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV - (MBAMWebAccessControl) -- C:\Windows\System32\drivers\mwac.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows ® 2000 DDK provider)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (AppleCharger) -- C:\Windows\System32\drivers\AppleCharger.sys ()
DRV - (amd_sata) -- C:\Windows\System32\drivers\amd_sata.sys (Advanced Micro Devices)
DRV - (amd_xata) -- C:\Windows\System32\drivers\amd_xata.sys (Advanced Micro Devices)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (amdxhc) -- C:\Windows\System32\drivers\amdxhc.sys (Advanced Micro Devices, INC.)
DRV - (amdhub30) -- C:\Windows\System32\drivers\amdhub30.sys (Advanced Micro Devices, INC.)
DRV - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MSHUSBVideo) -- C:\Windows\System32\drivers\nx6000.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (RxFilter) -- C:\Windows\System32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (Elaborate Bytes AG)
DRV - (ElbyVCD) -- C:\Windows\System32\drivers\ElbyVCD.sys (Elaborate Bytes AG)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2D 48 18 10 8A 86 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GUEA_enUS565
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.8.22: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=17.0.8: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.8: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=17.0.8: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.8.22: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/04/09 09:00:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0FAA5C82-A094-4541-8811-D3361F972A81}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/04/09 09:00:53 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealPlayer Downloader = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\17.0.8_0\
CHR - Extension: Google Wallet = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/06/13 12:23:53 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CloneCDElbyCDFL] C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65E3F8FD-8177-4D60-A497-2E0867BD5075}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\lbxfile {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files\Libronix DLS\System\FileProt.dll (Libronix Corporation)
O18 - Protocol\Handler\lbxres {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2e1883ca-5e50-11e3-aa66-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2e1883ca-5e50-11e3-aa66-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Run.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/06/13 14:29:33 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/06/13 14:28:34 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Jim\Desktop\JRT.exe
[2014/06/13 12:42:26 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/06/13 12:42:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/13 12:23:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/13 12:12:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
[2014/06/13 09:58:45 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Jim\Desktop\dds.scr
[2014/06/12 15:24:23 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Adobe
[2014/06/12 10:35:41 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/06/11 15:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/05/29 10:33:08 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Acelogix
[2 C:\Users\Jim\AppData\Local\*.tmp files -> C:\Users\Jim\AppData\Local\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/06/13 17:44:29 | 000,015,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/13 17:44:29 | 000,015,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/13 17:41:48 | 000,708,342 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2014/06/13 17:41:48 | 000,671,748 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/06/13 17:41:48 | 000,665,702 | ---- | M] () -- C:\Windows\System32\perfh01F.dat
[2014/06/13 17:41:48 | 000,404,932 | ---- | M] () -- C:\Windows\System32\prfh0404.dat
[2014/06/13 17:41:48 | 000,154,500 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2014/06/13 17:41:48 | 000,145,652 | ---- | M] () -- C:\Windows\System32\perfc01F.dat
[2014/06/13 17:41:48 | 000,126,770 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/06/13 17:41:48 | 000,119,716 | ---- | M] () -- C:\Windows\System32\prfc0404.dat
[2014/06/13 17:41:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/13 17:38:01 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/06/13 17:37:15 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/13 17:37:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/13 17:37:02 | 2185,654,272 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/13 17:33:32 | 000,000,000 | ---- | M] () -- C:\Users\Jim\AppData\Local\{6C6D8402-96F9-4A49-9EA3-C15F487BDF5E}
[2014/06/13 17:09:12 | 000,000,000 | ---- | M] () -- C:\Users\Jim\AppData\Local\{9E042BDD-2755-4238-9F3A-5F8314D8D4CE}
[2014/06/13 15:25:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/13 14:28:35 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Jim\Desktop\JRT.exe
[2014/06/13 12:41:30 | 001,333,465 | ---- | M] () -- C:\Users\Jim\Desktop\AdwCleaner.exe
[2014/06/13 12:37:20 | 000,000,714 | ---- | M] () -- C:\Users\Jim\Desktop\06132014_122351 - Shortcut.lnk
[2014/06/13 12:23:53 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/06/13 12:12:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
[2014/06/13 09:58:45 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Jim\Desktop\dds.scr
[2014/06/12 16:57:51 | 000,000,000 | ---- | M] () -- C:\Users\Jim\AppData\Local\{2656A51C-EE9E-4391-8981-C9193D8CAF1C}
[2014/06/10 17:31:49 | 016,666,679 | ---- | M] () -- C:\Users\Jim\Documents\Our God is an Awesome God!.mp4
[2014/06/10 17:28:54 | 010,975,544 | ---- | M] () -- C:\Users\Jim\Documents\Shout To The Lord (worship video w_ lyrics).mp4
[2014/06/10 17:17:54 | 010,611,780 | ---- | M] () -- C:\Users\Jim\Documents\In Christ Alone (worship video w_ lyrics).mp4
[2014/05/30 15:02:30 | 000,002,977 | ---- | M] () -- C:\Users\Jim\Desktop\config.js
[2014/05/30 13:15:32 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/28 14:11:09 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/05/28 14:11:09 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/05/27 14:43:17 | 1608,954,914 | ---- | M] () -- C:\Users\Jim\Desktop\10 Reasons To Attend Church (Pastor James Thibodeaux).wmv
[2014/05/23 11:58:33 | 012,833,917 | ---- | M] () -- C:\Users\Jim\Documents\Heaven Was Needing A Hero - fallen soldier tribute.mp4
[2014/05/23 11:56:12 | 017,526,212 | ---- | M] () -- C:\Users\Jim\Documents\In The Arms Of An Angel-American Soldiers Tribute.mp4
[2014/05/22 17:01:55 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/20 14:27:00 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/05/16 19:38:50 | 000,000,184 | ---- | M] () -- C:\Users\Jim\Desktop\69.42.211.125 [SSH].moba
[2014/05/16 11:25:01 | 000,002,205 | ---- | M] () -- C:\Users\Jim\Desktop\Logos Bible Software 5.lnk
[2 C:\Users\Jim\AppData\Local\*.tmp files -> C:\Users\Jim\AppData\Local\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/06/13 17:33:32 | 000,000,000 | ---- | C] () -- C:\Users\Jim\AppData\Local\{6C6D8402-96F9-4A49-9EA3-C15F487BDF5E}
[2014/06/13 17:09:12 | 000,000,000 | ---- | C] () -- C:\Users\Jim\AppData\Local\{9E042BDD-2755-4238-9F3A-5F8314D8D4CE}
[2014/06/13 12:41:19 | 001,333,465 | ---- | C] () -- C:\Users\Jim\Desktop\AdwCleaner.exe
[2014/06/13 12:37:20 | 000,000,714 | ---- | C] () -- C:\Users\Jim\Desktop\06132014_122351 - Shortcut.lnk
[2014/06/12 16:57:51 | 000,000,000 | ---- | C] () -- C:\Users\Jim\AppData\Local\{2656A51C-EE9E-4391-8981-C9193D8CAF1C}
[2014/06/10 17:31:49 | 016,666,679 | ---- | C] () -- C:\Users\Jim\Documents\Our God is an Awesome God!.mp4
[2014/06/10 17:28:54 | 010,975,544 | ---- | C] () -- C:\Users\Jim\Documents\Shout To The Lord (worship video w_ lyrics).mp4
[2014/06/10 17:17:39 | 010,611,780 | ---- | C] () -- C:\Users\Jim\Documents\In Christ Alone (worship video w_ lyrics).mp4
[2014/05/30 15:02:30 | 000,002,977 | ---- | C] () -- C:\Users\Jim\Desktop\config.js
[2014/05/27 13:49:28 | 1608,954,914 | ---- | C] () -- C:\Users\Jim\Desktop\10 Reasons To Attend Church (Pastor James Thibodeaux).wmv
[2014/05/23 11:58:15 | 012,833,917 | ---- | C] () -- C:\Users\Jim\Documents\Heaven Was Needing A Hero - fallen soldier tribute.mp4
[2014/05/23 11:55:49 | 017,526,212 | ---- | C] () -- C:\Users\Jim\Documents\In The Arms Of An Angel-American Soldiers Tribute.mp4
[2014/05/03 14:05:07 | 000,000,000 | ---- | C] () -- C:\Users\Jim\ping
[2014/05/03 14:04:52 | 000,000,000 | ---- | C] () -- C:\Users\Jim\trace
[2013/12/12 10:30:51 | 000,006,147 | ---- | C] () -- C:\Windows\PCLICSB.DAT
[2013/12/12 10:30:51 | 000,000,258 | RH-- | C] () -- C:\Windows\System32\LMF.DAT
[2013/12/10 17:51:05 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2013/12/10 16:42:08 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2013/12/07 15:46:03 | 000,090,112 | ---- | C] () -- C:\Program Files\Common Files\PCSBclean.exe
[2013/12/07 15:36:04 | 000,291,840 | ---- | C] () -- C:\Program Files\Common Files\PCSBoff.exe
[2013/12/07 15:19:56 | 000,164,842 | ---- | C] () -- C:\Windows\hpoins29.dat
[2013/12/07 15:19:56 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2013/12/06 18:51:59 | 000,404,932 | ---- | C] () -- C:\Windows\System32\prfh0404.dat
[2013/12/06 18:51:59 | 000,119,716 | ---- | C] () -- C:\Windows\System32\prfc0404.dat
[2013/12/06 18:51:59 | 000,117,840 | ---- | C] () -- C:\Windows\System32\prfi0404.dat
[2013/12/06 18:51:59 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0404.dat
[2013/12/06 18:42:04 | 000,285,034 | ---- | C] () -- C:\Windows\System32\perfi01F.dat
[2013/12/06 18:42:03 | 000,665,702 | ---- | C] () -- C:\Windows\System32\perfh01F.dat
[2013/12/06 18:42:03 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2013/12/06 18:42:03 | 000,145,652 | ---- | C] () -- C:\Windows\System32\perfc01F.dat
[2013/12/06 18:42:03 | 000,037,160 | ---- | C] () -- C:\Windows\System32\perfd01F.dat
[2013/12/06 18:42:02 | 000,708,342 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2013/12/06 18:42:02 | 000,154,500 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2013/12/06 18:42:02 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2013/12/06 15:31:42 | 000,247,868 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2013/12/06 13:55:38 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2013/12/06 13:55:10 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013/12/06 13:47:51 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2013/12/06 13:47:51 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2013/12/06 13:09:28 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/12/06 12:01:35 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys
[2013/12/06 12:01:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/12/06 11:58:07 | 000,031,272 | ---- | C] () -- C:\Windows\System32\AppleChargerSrv.exe
[2013/12/06 11:58:07 | 000,019,608 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys
[2013/12/06 11:56:03 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2013/12/06 11:55:47 | 000,369,117 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2013/12/06 11:53:45 | 000,230,452 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik.dat
[2013/12/06 11:53:45 | 000,230,064 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik_nd.dat
[2013/12/06 11:53:45 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2013/12/06 11:53:45 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2013/12/06 11:53:45 | 000,073,984 | ---- | C] () -- C:\Windows\System32\ativce02.dat
[2013/12/06 11:53:45 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2013/12/06 11:50:30 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2013/01/15 16:57:18 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/12/19 11:42:09 | 000,665,329 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012/12/03 06:04:00 | 000,000,582 | ---- | C] () -- C:\Windows\System32\tx19_ic.ini
[2012/11/27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/04/22 16:23:37 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\AnvSoft
[2014/04/22 18:14:13 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Audacity
[2014/04/22 16:32:37 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\FreeVideoConverter
[2013/12/09 16:29:57 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Libronix DLS
[2014/04/19 09:37:53 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Oracle
[2013/12/06 12:44:22 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\TeamViewer
[2013/12/07 10:25:22 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\TuneUp Software
[2013/12/06 18:10:43 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:037E156FD96C5E82
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:E965A533
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

The help you receive here is free.
If you wish, you may Donate to help keep us online.

May your day be blessed by those you love and those you love be blessed by HIM ;-)

#22 Jimbo1

Preacher / Computer Tech

Authentic Member
1,474 posts

Interests:Serving the Lord and Riding motorcycles and computers.

Posted 13 June 2014 - 04:55 PM

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-06-13 17:52:35
-----------------------------
17:52:35.858    OS Version: Windows 6.1.7601 Service Pack 1
17:52:35.858    Number of processors: 4 586 0x1301
17:52:35.858    ComputerName: JIM-PC UserName: Jim
17:52:36.622    Initialize success
17:53:38.410    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
17:53:38.410    Disk 0 Vendor: WDC_WD10 15.0 Size: 953869MB BusType: 11
17:53:38.488    Disk 0 MBR read successfully
17:53:38.488    Disk 0 MBR scan
17:53:38.488    Disk 0 Windows 7 default MBR code
17:53:38.504    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
17:53:38.519    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       199899 MB offset 206848
17:53:38.535    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       753868 MB offset 409600000
17:53:38.566    Disk 0 scanning sectors +1953521664
17:53:38.706    Disk 0 scanning C:\Windows\system32\drivers
17:53:42.887    Service scanning
17:53:46.444    Service MpKsl0e485c0b C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0B734282-437C-4732-A11D-855464EA7714}\MpKsl0e485c0b.sys **LOCKED** 32
17:53:50.750    Modules scanning
17:53:53.729    Disk 0 trace - called modules:
17:53:54.010    ntkrnlpa.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys halmacpi.dll amd_sata.sys
17:53:54.026    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a5d948]
17:53:54.026    3 CLASSPNP.SYS[8b04d59e] -> nt!IofCallDriver -> [0x8691a840]
17:53:54.041    5 amd_xata.sys[83e85c90] -> nt!IofCallDriver -> \Device\00000068[0x86347220]
17:53:54.041    Scan finished successfully
17:54:12.153    Disk 0 MBR has been saved successfully to "C:\Users\Jim\Desktop\MBR.dat"
17:54:12.153    The log file has been saved successfully to "C:\Users\Jim\Desktop\aswMBR.txt"

The help you receive here is free.
If you wish, you may Donate to help keep us online.

May your day be blessed by those you love and those you love be blessed by HIM ;-)

#23 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 13 June 2014 - 05:02 PM

aswMBR checks for a rootkit type of infection and the log looks ok

While I am looking over your OTL log lets do this

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

See this Link for programs that need to be disabled and instruction on how to disable them.

Remember to re-enable them when we're done.

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#24 Jimbo1

Preacher / Computer Tech

Authentic Member
1,474 posts

Interests:Serving the Lord and Riding motorcycles and computers.

Posted 14 June 2014 - 08:28 AM

Ok done, during the process when it was creating the logs, a error came up dumphive.3exe stopped working. So I had to close it. Here is the CF log

ComboFix 14-06-13.01 - Jim 06/14/2014   9:16.1.4 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.2779.1428 [GMT -5:00]
Running from: c:\users\Jim\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Default\AppData\Roaming\Local
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-14 to 2014-06-14 )))))))))))))))))))))))))))))))
.
.
2014-06-14 14:21 . 2014-06-14 14:21 -------- d-----w- c:\users\Jim\AppData\Local\temp
2014-06-13 22:52 . 2014-06-13 22:52 39464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0B734282-437C-4732-A11D-855464EA7714}\MpKsl0e485c0b.sys ERROR(0x00000005)
2014-06-13 22:49 . 2014-05-02 14:07 765968 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC64F219-A9B6-426F-80D5-FDE5541D20D0}\gapaengine.dll ERROR(0x00000005)
2014-06-13 22:48 . 2014-04-30 23:37 8073384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0B734282-437C-4732-A11D-855464EA7714}\mpengine.dll ERROR(0x00000005)
2014-06-13 22:35 . 2014-06-13 22:35 0 ---ha-w- c:\users\Jim\AppData\Local\BIT642E.tmp
2014-06-13 19:37 . 2014-04-30 23:37 8073384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll ERROR(0x00000005)
2014-06-13 19:29 . 2014-06-13 19:29 -------- d-----w- c:\windows\ERUNT
2014-06-13 17:42 . 2010-08-30 13:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-06-13 17:42 . 2014-06-13 19:25 -------- d-----w- C:\AdwCleaner
2014-06-13 17:23 . 2014-06-13 17:23 -------- d-----w- C:\_OTL
2014-06-12 22:12 . 2014-05-02 14:07 765968 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{09659D90-FB66-40B5-A31C-02D1A4C4D685}\gapaengine.dll ERROR(0x00000005)
2014-06-12 21:59 . 2014-06-12 21:59 0 ---ha-w- c:\users\Jim\AppData\Local\BIT65D3.tmp
2014-06-12 20:24 . 2014-06-12 20:24 -------- d-----w- c:\users\Jim\AppData\Local\Adobe
2014-06-11 20:42 . 2014-06-11 20:42 -------- d-----w- c:\program files\ESET
2014-05-30 20:02 . 2014-05-30 20:02 2977 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{542F9F41-501C-B7DB-6978-F97E1503701E}-config.js ERROR(0x00000005)
2014-05-29 15:33 . 2014-06-12 22:00 -------- d-----w- c:\users\Jim\AppData\Local\Acelogix
2014-05-16 13:56 . 2013-10-28 23:26 1619120 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE12\OGL.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-14 14:04 . 2014-04-14 14:22 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-28 19:11 . 2013-12-07 15:03 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-28 19:11 . 2013-12-07 15:03 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-12 12:26 . 2014-04-14 14:22 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 12:25 . 2014-04-14 14:22 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 12:25 . 2013-12-07 15:19 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-09 07:06 . 2014-05-14 14:11 369664 ----a-w- c:\windows\system32\aepdu.dll
2014-05-09 07:04 . 2014-05-14 14:11 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-05-06 03:07 . 2014-05-14 14:12 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-02 14:07 . 2014-01-23 19:47 765968 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll ERROR(0x00000005)
2014-04-15 01:13 . 2014-02-22 18:08 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-04-12 02:15 . 2014-05-14 14:12 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:15 . 2014-05-14 14:12 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:12 . 2014-05-14 14:12 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:12 . 2014-05-14 14:12 100352 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:12 . 2014-05-14 14:12 22016 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:11 . 2014-05-14 14:12 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:11 . 2014-05-14 14:12 22528 ----a-w- c:\windows\system32\lsass.exe
2014-04-09 14:00 . 2013-12-06 18:25 505416 ----a-w- c:\windows\system32\msvcp71.dll
2014-04-09 14:00 . 2013-12-06 18:25 353864 ----a-w- c:\windows\system32\msvcr71.dll
2014-04-01 02:34 . 2014-04-01 02:34 322248 ----a-w- c:\windows\WLXPGSS.SCR
2014-03-19 20:20 . 2014-03-19 20:20 44752 ----a-w- c:\windows\system32\drivers\point32.sys
2014-03-19 20:20 . 2014-03-19 20:20 1629040 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2004-07-30 15:56 . 2013-12-07 20:46 90112 ----a-w- c:\program files\Common Files\PCSBclean.exe
2004-07-26 21:30 . 2013-12-07 20:36 291840 ----a-w- c:\program files\Common Files\PCSBoff.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-06-11 5626136]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-01-15 642656]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-10-26 11680400]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 45056]
"CloneCDTray"="c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-12-02 73728]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2014-04-09 296520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"Skype"="c:\program files\Skype\Phone\Skype.exe" /minimized /regrun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RoxioDragToDisc"=c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"RemoteControl"=d:\programs\PowerDVD\PDVDServ.exe
"LanguageShortcut"=d:\programs\PowerDVD\Language\Language.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot
.
R2 RealPlayerUpdateSvc;RealPlayer Update Service;c:\program files\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-03-21 23552]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2013-12-07 17488]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-12-06 1343400]
R4 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R4 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R4 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2012-10-11 70824]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2012-10-11 34984]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys [2002-11-28 22016]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2012-10-25 19608]
S1 MpKsl0e485c0b;MpKsl0e485c0b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B734282-437C-4732-A11D-855464EA7714}\MpKsl0e485c0b.sys [2014-06-13 39464]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-07 119024]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-01-15 219136]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-01-15 291840]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-04-09 48256]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-05-12 860472]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-03-15 39568]
S2 RealPlayer Cloud Service;RealPlayer Cloud Service;c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [2014-04-09 1141848]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-04-25 5024576]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2012-08-15 85160]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2012-08-15 177832]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-01-15 80384]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-05-12 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-06-14 110296]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-05-12 51928]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 30576]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-09-29 490088]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2012-08-28 45736]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MPKSL0E485C0B
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 23:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-14 06:43 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-07 19:11]
.
2014-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-07 15:09]
.
2014-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-07 15:09]
.
.
------- Supplementary Scan -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files\GreenTree Applications\YTD Video Downloader\uninstall.exe
AddRemove-{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1 - c:\program files\Free YouTube Downloader\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-638257925-3339158693-2695242537-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-638257925-3339158693-2695242537-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-06-14 09:23:08
ComboFix-quarantined-files.txt 2014-06-14 14:23
.
Pre-Run: 161,547,870,208 bytes free
Post-Run: 161,216,086,016 bytes free
.
- - End Of File - - 7247C6D06B1DD3FDCCAF913E43DD58DA
A36C5E4F47E84449FF07ED3517B43A31

The help you receive here is free.
If you wish, you may Donate to help keep us online.

May your day be blessed by those you love and those you love be blessed by HIM ;-)

#25 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 14 June 2014 - 09:09 AM

Morning,

CF did not remove much and the rest of the log looks ok. I do see some errors that your getting related to Microsoft Security Essentials, you may want to uninstall it then do a fresh install and see if it runs better

If you need it

http://www.microsoft...ls.aspx?id=5201

How is the internet connection going?

1. Turn off your computer

2. Turn off your router by unplugging the power cord on the back of the unit

3. Turn off your Cable / DSL modem by unplugging the power cord on the back of the unit

Leave everything off for about 5 minutes, this lets it all reset

Then

1. Plug in your Cable / DSL modem and wait until all the lights come back on

2. Now do the same thing with your router

3. Turn your computer back on and see if it made a difference

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

Advertisements

Register to Remove

#26 Jimbo1

Preacher / Computer Tech

Authentic Member
1,474 posts

Interests:Serving the Lord and Riding motorcycles and computers.

Posted 14 June 2014 - 01:27 PM

Ok did as you asked, removed MSE and during the reboot process the system took a dump and crashed, but was able to boot back up. When it did the network Icon showed Network Internet access and Unidentified Network internet access.

So shut everything down and turned off all the other stuff Router modems and waited for over 5 min, restarted the modem and router and then came back and booted pc back up. When it did the network icon shows Network no internet access and Unidentified network no internet. So I rebooted and now Got in the network icon Network Internet Access and now here to post this.

Windows still waiting to do updates also

Jimbo

The help you receive here is free.
If you wish, you may Donate to help keep us online.

May your day be blessed by those you love and those you love be blessed by HIM ;-)

#27 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 14 June 2014 - 02:31 PM

Lets try updating those windows updates and see what happens

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#28 Jimbo1

Preacher / Computer Tech

Authentic Member
1,474 posts

Interests:Serving the Lord and Riding motorcycles and computers.

Posted 14 June 2014 - 02:32 PM

ok going for it

The help you receive here is free.
If you wish, you may Donate to help keep us online.

May your day be blessed by those you love and those you love be blessed by HIM ;-)

#29 Jimbo1

Preacher / Computer Tech

Authentic Member
1,474 posts

Interests:Serving the Lord and Riding motorcycles and computers.

Posted 14 June 2014 - 02:55 PM

_{Ok the results are in. I tried something today, when I booted the machine and did not get internet access I went into safe mode and used with networking I would get internet access when I could not get internet when booting normal.}

_{Also after that combo fix run, I did a SFC run and it fixed some files but could not fix a few other looking at the log it related to word in the main one it did not fix.}

_{So on the updates:}

_{Tried the updates out of 12 file pending to be updated 5 succeeded and 7 failed. so I rebooted and in the network icon got Network No Internet Access and Unidentified Network No Internet access.}

_{So I rebooted and this time got Network Internet access, rebooted 2 more times and even shut down the pc and reboot and each time I getting Network Internet access.}

_{But their are still 7 that failed and are pending. Like I did yesterday I came back and tried to update them and they succeeded but each time I rebooted I could not get internet access, so I have not tried this yet. I am thinking of hiding those Security updates updates but not sure yet.}

_{So this is where we stand.}

_Jimbo

The help you receive here is free.
If you wish, you may Donate to help keep us online.

May your day be blessed by those you love and those you love be blessed by HIM ;-)

#30 Jimbo1

Preacher / Computer Tech

Authentic Member
1,474 posts

Interests:Serving the Lord and Riding motorcycles and computers.

Posted 14 June 2014 - 03:00 PM

Forgot sorry when the updates that fail this is the error code80070308, what happen to the fonts on the last post is beyond me

The help you receive here is free.
If you wish, you may Donate to help keep us online.

May your day be blessed by those you love and those you love be blessed by HIM ;-)

Body Background

skin color theme