Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer is not mine, I have not control over it


  • This topic is locked This topic is locked
17 replies to this topic

#1 Poweroo

Poweroo

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Austin Texas
  • Local time:03:11 AM

Posted 17 July 2013 - 11:17 PM

I desperately need help.  It took hours to get on your site.  I finally got my verification email after 4 tries.

 

I have intruders all up in my computer.  I can't open some of the files.  When I go to the security tab to get permissions, there are these clever names like trusted installer, and Everyone, and about 13 others.  I ran a regedit and under users, I am not listed.  There are like 3 with long list of hyphenated names like S-1-15-25-, like that.  I have had to reset my pc about 3 times in the last 3 weeks.  I keep trying to take ownership of my files and when I start doing that whomever or whatever removes everything. 

I see signs of remote access.  I even tried to follow the directions and start by backing my stuff up.  I tried going to the Cobian website, there was no way my laptop nor my desktop would let me in that website. I got all kinds of error messages, or that connection to the server was no available or that I wasn't connected to the internet.

I'm telling you, they even move my cursor sometimes or they do something that when I move my mouse  my cursor sticks and won't move and then it jumps.  When I try to save or even when I was creating my profile I couldn't put my cursor directly on save.  It's pretty serious.  This has been going on for months.  It started In my HP Pavilion dv6 laptop, so I go a new desktop in March, Dell Inspiron 660. I don't do much so I don't need powerful and large machines. It's like they came installed on my new desktop.  My laptop was okay until October of last year. My files get moved. I can't change settings to some items.  There are two removable disks that I have no idea what they are. I had Kaspersky, but somehow they turned it off and it was just a bogus icon.  =arrrrghhhhhhhhhggghghghhguuugguughhh.

help.



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 AM

Posted 18 July 2013 - 02:01 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs
DDS.txt
Attach.txt
Save both reports to your desktop.

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Poweroo

Poweroo
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Austin Texas
  • Local time:03:11 AM

Posted 18 July 2013 - 09:15 AM

Here are the txt files in the order of the directions.  I appreciate your help so much.  I have donated a little something, I hope that was real.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635
Run by Administrator at 8:51:25 on 2013-07-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3999.2397 [GMT -5:00]
.
AV: ZoneAlarm Extreme Security Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Extreme Security Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Extreme Security Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\MyPC Backup\BackupStack.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Acrobat\acrotray.exe
C:\Program Files\Common Files\iTunesHelper.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\PROGRA~2\CHECKP~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
mStart Page = about:blank
mSearch Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
uSearchAssistant = about:blank
mSearchAssistant = about:blank
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: WebCake: {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient.dll
BHO: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\bh\zonealarm.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} -
uRun: [iCloudServices] C:\Users\extra\Downloads\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Users\extra\Downloads\ApplePhotoStreams.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Common Files\Acrobat\Acrotray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files\Common Files\iTunesHelper.exe"
mRun: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{47A0E805-943E-4069-A221-4647280D4D37} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wmh78wvi.default\
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=goughDev3&Lan={dfltLng}&gu=008c0d53091d492fb7075a6d7d7c7991&tu=10GpG00932B0CO0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 904a3507000000000000002100a7b384
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15901
FF - user.js: extensions.zonealarm.vrsn - 1.8.21.15
FF - user.js: extensions.zonealarm.vrsni - 1.8.21.15
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.21.1518:20:41
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 8008
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - goughDev3
FF - user.js: extensions.zonealarm.instlRef - ZLN118902695381579-1043
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - true
FF - user.js: extensions.zonealarm.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]
R2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-5-31 32808]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 WebCake Desktop Updater;WebCake Desktop Updater;C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe [2013-6-30 23552]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2013-6-18 54160]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 PrintNotify;Printer Extensions and Notifications;C:\Windows\System32\svchost.exe -k print [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-1 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-1 1255736]
.
=============== Created Last 30 ================
.
2013-07-16 17:04:48    9460976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B383CA10-6D1A-4935-999E-5794B09C24F5}\mpengine.dll
2013-07-15 04:51:39    --------    d-----w-    C:\Users\Administrator\AppData\Roaming\MailFrontier
2013-07-15 04:42:03    178600    ----a-w-    C:\Windows\System32\drivers\kneps.sys
2013-07-15 04:42:02    54104    ----a-w-    C:\Windows\System32\drivers\kltdi.sys
2013-07-15 04:41:55    458584    ----a-w-    C:\Windows\System32\drivers\kl1.sys
2013-07-15 04:41:49    89944    ----a-w-    C:\Windows\System32\drivers\klflt.sys
2013-07-15 04:34:00    --------    d-----w-    C:\Program Files (x86)\Check Point Software Technologies LTD
2013-07-15 04:33:56    --------    d-----w-    C:\Users\Administrator\AppData\Roaming\Check Point Software Technologies LTD
2013-07-15 04:33:49    --------    d-----w-    C:\Program Files (x86)\CheckPoint
2013-07-15 04:32:52    --------    d-----w-    C:\ProgramData\CheckPoint
2013-07-15 00:33:04    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-15 00:33:04    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-13 04:43:04    --------    d-----r-    C:\Users\Administrator\Dropbox
2013-07-13 04:25:51    --------    d-----w-    C:\Users\Administrator\AppData\Roaming\Dropbox
2013-07-13 03:04:11    --------    d-----w-    C:\Users\Administrator\AppData\Local\Mozilla
2013-07-11 00:06:45    --------    d-----w-    C:\Users\Administrator\AppData\Local\Apple Computer
2013-07-11 00:06:23    33240    ----a-w-    C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-07-11 00:06:16    --------    d-----w-    C:\Program Files\Common Files\Mozilla Plugins
2013-07-11 00:06:16    --------    d-----w-    C:\Program Files\Common Files\iTunesHelper.Resources
2013-07-11 00:05:30    --------    d-----w-    C:\Program Files\Common Files\iTunes.Resources
2013-07-11 00:05:29    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-11 00:05:29    --------    d-----w-    C:\Program Files\iTunes
2013-07-11 00:05:29    --------    d-----w-    C:\Program Files\iPod
2013-07-11 00:05:29    --------    d-----w-    C:\Program Files\Common Files\CD Configuration
2013-07-11 00:04:34    --------    d-----w-    C:\Users\Administrator\AppData\Local\Apple
2013-07-11 00:03:52    --------    d-----w-    C:\Program Files\Bonjour
2013-07-11 00:03:52    --------    d-----w-    C:\Program Files (x86)\Bonjour
2013-07-10 23:35:19    --------    d-----w-    C:\Users\Administrator\AppData\Local\Google
2013-07-10 23:34:48    --------    d-----w-    C:\Users\Administrator\AppData\Local\Apps
2013-07-10 23:34:46    --------    d-----w-    C:\Users\Administrator\AppData\Local\Deployment
2013-07-10 23:28:48    --------    d-----w-    C:\ProgramData\regid.1986-12.com.adobe
2013-07-10 23:28:36    --------    d-----w-    C:\Users\Administrator\AppData\Local\Adobe
2013-07-10 23:26:45    --------    d-----w-    C:\Program Files (x86)\Common Files\FormsCentral
2013-07-10 23:26:04    --------    d-----w-    C:\Program Files (x86)\Common Files\Esl
2013-07-10 23:26:01    --------    d-----w-    C:\Program Files (x86)\Common Files\Acrobat Elements
2013-07-10 23:26:00    --------    d-----w-    C:\Program Files (x86)\Common Files\PDFMaker
2013-07-10 23:25:59    --------    d-----w-    C:\Program Files (x86)\Common Files\Resource
2013-07-10 23:24:09    --------    d-----w-    C:\Program Files (x86)\Common Files\Setup Files
2013-07-10 23:24:09    --------    d-----w-    C:\Program Files (x86)\Common Files\Acrobat
2013-07-10 23:18:44    571904    ----a-w-    C:\Program Files\Windows Defender\MpClient.dll
2013-07-10 23:18:44    392704    ----a-w-    C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-10 23:18:44    1011712    ----a-w-    C:\Program Files\Windows Defender\MpSvc.dll
2013-07-10 23:18:43    9216    ----a-w-    C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 23:18:43    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-07-10 23:18:43    54784    ----a-w-    C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-10 23:18:43    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2013-07-10 23:18:43    4608    ----a-w-    C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 23:18:43    314880    ----a-w-    C:\Program Files\Windows Defender\MpCommu.dll
2013-07-10 23:18:41    1887744    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-07-10 23:18:41    1620480    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-10 23:17:46    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-07-10 23:17:44    1732608    ----a-w-    C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-10 23:17:44    1402880    ----a-w-    C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-10 23:17:44    1393152    ----a-w-    C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-10 23:17:44    1367040    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 23:17:43    936448    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 23:17:31    1643520    ----a-w-    C:\Windows\System32\DWrite.dll
2013-07-10 23:17:31    1247744    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2013-07-07 22:27:08    --------    d-----w-    C:\Users\Administrator\AppData\Roaming\Webroot
2013-07-06 23:39:11    --------    d-----w-    C:\ProgramData\Geek Squad
2013-07-06 21:27:42    --------    d-----w-    C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2013-07-06 21:13:19    --------    d-----w-    C:\Windows\pss
2013-07-04 22:52:08    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2013-07-04 22:52:08    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2013-07-04 13:42:51    2205696    ----a-w-    C:\Windows\SysWow64\PrintConfig.dll
2013-07-03 23:59:06    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-03 01:45:16    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-07-03 01:45:16    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-07-03 01:45:16    144384    ----a-w-    C:\Windows\System32\cdd.dll
2013-07-03 01:45:07    55296    ----a-w-    C:\Windows\System32\dhcpcsvc6.dll
2013-07-03 01:45:07    44032    ----a-w-    C:\Windows\SysWow64\dhcpcsvc6.dll
2013-07-03 01:45:07    226816    ----a-w-    C:\Windows\System32\dhcpcore6.dll
2013-07-03 01:45:07    193536    ----a-w-    C:\Windows\SysWow64\dhcpcore6.dll
2013-07-03 01:45:04    950128    ----a-w-    C:\Windows\System32\drivers\ndis.sys
2013-07-03 01:45:03    41472    ----a-w-    C:\Windows\System32\drivers\RNDISMP.sys
2013-07-03 01:43:55    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2013-07-03 01:40:22    9552976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-07-02 13:47:23    --------    d-----w-    C:\Windows\System32\SPReview
2013-07-02 13:46:56    --------    d-----w-    C:\Windows\System32\EventProviders
2013-07-02 00:39:17    48976    ----a-w-    C:\Windows\System32\netfxperf.dll
2013-07-02 00:39:17    1942856    ----a-w-    C:\Windows\System32\dfshim.dll
2013-07-02 00:39:08    1130824    ----a-w-    C:\Windows\SysWow64\dfshim.dll
2013-07-02 00:39:04    59392    ----a-w-    C:\Windows\System32\drivers\TsUsbFlt.sys
2013-07-02 00:39:04    12288    ----a-w-    C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-07-02 00:39:03    14967808    ----a-w-    C:\Program Files\DVD Maker\OmdBase.dll
2013-07-02 00:37:59    41472    ----a-w-    C:\Windows\System32\mimefilt.dll
2013-07-02 00:35:28    529408    ----a-w-    C:\Windows\System32\wbemcomn.dll
2013-07-02 00:35:28    244736    ----a-w-    C:\Program Files\Windows Portable Devices\sqmapi.dll
2013-07-02 00:35:23    244736    ----a-w-    C:\Windows\System32\sqmapi.dll
2013-07-01 23:47:26    --------    d-----w-    C:\Windows\SysWow64\Wat
2013-07-01 23:47:25    --------    d-----w-    C:\Windows\System32\Wat
2013-07-01 01:29:18    9728    ----a-w-    C:\Windows\System32\Wdfres.dll
2013-07-01 01:29:18    785512    ----a-w-    C:\Windows\System32\drivers\Wdf01000.sys
2013-07-01 01:29:18    54376    ----a-w-    C:\Windows\System32\drivers\WdfLdr.sys
2013-07-01 01:29:18    2560    ----a-w-    C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-07-01 00:51:36    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2013-07-01 00:51:35    70656    ----a-w-    C:\Windows\SysWow64\fontsub.dll
2013-07-01 00:51:35    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2013-07-01 00:51:35    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2013-07-01 00:51:35    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2013-07-01 00:51:35    100864    ----a-w-    C:\Windows\System32\fontsub.dll
2013-07-01 00:50:03    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
2013-07-01 00:50:03    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
2013-07-01 00:50:02    84992    ----a-w-    C:\Windows\System32\WUDFSvc.dll
2013-07-01 00:50:02    744448    ----a-w-    C:\Windows\System32\WUDFx.dll
2013-07-01 00:50:02    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
2013-07-01 00:50:02    229888    ----a-w-    C:\Windows\System32\WUDFHost.exe
2013-07-01 00:50:02    194048    ----a-w-    C:\Windows\System32\WUDFPlatform.dll
2013-07-01 00:43:30    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-07-01 00:43:30    5120    ----a-w-    C:\Windows\SysWow64\wmi.dll
2013-07-01 00:43:30    5120    ----a-w-    C:\Windows\System32\wmi.dll
2013-07-01 00:43:30    23408    ----a-w-    C:\Windows\System32\drivers\fs_rec.sys
2013-07-01 00:43:30    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-06-30 22:21:41    --------    d-----w-    C:\Windows\Panther
2013-06-30 22:21:27    --------    d-sh--w-    C:\Boot
2013-06-30 22:00:08    --------    d-----w-    C:\Temp
2013-06-30 21:18:28    --------    d-----w-    C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-30 21:17:18    --------    d-----w-    C:\Program Files (x86)\MyPC Backup
2013-06-30 21:16:43    --------    d-----w-    C:\Program Files (x86)\WebCake
2013-06-30 21:16:31    --------    d-----w-    C:\ProgramData\Tarma Installer
2013-06-30 20:51:44    --------    d-----w-    C:\Program Files (x86)\Microsoft Synchronization Services
2013-06-30 20:51:26    --------    d-----w-    C:\Windows\PCHEALTH
2013-06-30 20:51:25    --------    d-----w-    C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-30 20:48:24    --------    d-----w-    C:\Program Files (x86)\Microsoft Visual Studio 8
2013-06-30 20:47:10    --------    d-----w-    C:\Program Files (x86)\Microsoft Analysis Services
2013-06-30 20:21:34    3717632    ----a-w-    C:\Windows\System32\mstscax.dll
2013-06-30 20:21:34    3217408    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2013-06-30 20:21:33    44032    ----a-w-    C:\Windows\System32\tsgqec.dll
2013-06-30 20:21:33    36864    ----a-w-    C:\Windows\SysWow64\tsgqec.dll
2013-06-30 20:21:33    158720    ----a-w-    C:\Windows\System32\aaclient.dll
2013-06-30 20:21:33    131584    ----a-w-    C:\Windows\SysWow64\aaclient.dll
2013-06-30 20:21:19    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-06-30 20:21:19    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-06-30 20:18:59    805376    ----a-w-    C:\Windows\SysWow64\cdosys.dll
2013-06-30 20:17:37    94208    ----a-w-    C:\Program Files (x86)\Common Files\System\Ole DB\msdaosp.dll
2013-06-30 20:16:02    2871808    ----a-w-    C:\Windows\explorer.exe
2013-06-30 20:16:01    2616320    ----a-w-    C:\Windows\SysWow64\explorer.exe
2013-06-30 20:14:20    395776    ----a-w-    C:\Windows\System32\webio.dll
2013-06-30 20:14:20    314880    ----a-w-    C:\Windows\SysWow64\webio.dll
2013-06-30 20:14:07    515584    ----a-w-    C:\Windows\System32\timedate.cpl
2013-06-30 20:14:07    478720    ----a-w-    C:\Windows\SysWow64\timedate.cpl
2013-06-30 20:13:19    19968    ----a-w-    C:\Windows\System32\drivers\usb8023.sys
2013-06-30 20:12:50    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-06-30 20:10:29    1731920    ----a-w-    C:\Windows\System32\ntdll.dll
2013-06-30 20:10:28    1292080    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-06-30 20:07:10    605552    ----a-w-    C:\Windows\System32\winload.exe
2013-06-30 20:07:09    642944    ----a-w-    C:\Windows\System32\winload.efi
2013-06-30 20:07:09    63488    ----a-w-    C:\Windows\System32\setbcdlocale.dll
2013-06-30 20:07:09    566208    ----a-w-    C:\Windows\System32\winresume.efi
2013-06-30 20:07:09    518672    ----a-w-    C:\Windows\System32\winresume.exe
2013-06-30 20:07:09    20352    ----a-w-    C:\Windows\System32\kdusb.dll
2013-06-30 20:07:09    19328    ----a-w-    C:\Windows\System32\kd1394.dll
2013-06-30 20:07:09    17792    ----a-w-    C:\Windows\System32\kdcom.dll
2013-06-30 20:07:05    223752    ----a-w-    C:\Windows\System32\drivers\fvevol.sys
2013-06-30 20:07:04    861696    ----a-w-    C:\Windows\System32\oleaut32.dll
2013-06-30 20:07:04    571904    ----a-w-    C:\Windows\SysWow64\oleaut32.dll
2013-06-30 20:07:04    331776    ----a-w-    C:\Windows\System32\oleacc.dll
2013-06-30 20:07:04    233472    ----a-w-    C:\Windows\SysWow64\oleacc.dll
2013-06-30 20:06:59    690688    ----a-w-    C:\Windows\SysWow64\msvcrt.dll
2013-06-30 20:06:59    634880    ----a-w-    C:\Windows\System32\msvcrt.dll
2013-06-30 20:06:54    90624    ----a-w-    C:\Windows\System32\drivers\bowser.sys
2013-06-30 20:06:53    956928    ----a-w-    C:\Windows\System32\localspl.dll
2013-06-30 20:06:53    39424    ----a-w-    C:\Windows\System32\Spool\prtprocs\x64\winprint.dll
2013-06-30 20:06:51    723456    ----a-w-    C:\Windows\System32\EncDec.dll
2013-06-30 20:06:51    534528    ----a-w-    C:\Windows\SysWow64\EncDec.dll
2013-06-30 20:06:48    974336    ----a-w-    C:\Windows\System32\WFS.exe
2013-06-30 20:06:48    267776    ----a-w-    C:\Windows\System32\FXSCOVER.exe
2013-06-30 20:05:44    2164224    ----a-w-    C:\Program Files\Windows Journal\Journal.exe
2013-06-30 20:05:21    67072    ----a-w-    C:\Windows\splwow64.exe
2013-06-30 20:05:21    559104    ----a-w-    C:\Windows\System32\spoolsv.exe
2013-06-30 20:05:19    976896    ----a-w-    C:\Windows\System32\inetcomm.dll
2013-06-30 20:05:19    741376    ----a-w-    C:\Windows\SysWow64\inetcomm.dll
2013-06-30 20:05:15    5550424    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-06-30 20:05:13    3968856    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-06-30 20:05:13    3913560    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-06-30 20:05:12    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2013-06-30 20:05:12    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2013-06-30 20:05:12    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-06-30 20:04:35    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-06-30 19:47:42    77312    ----a-w-    C:\Windows\System32\packager.dll
2013-06-30 19:47:42    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
2013-06-30 19:37:16    826880    ----a-w-    C:\Windows\SysWow64\rdpcore.dll
2013-06-30 19:37:16    23552    ----a-w-    C:\Windows\System32\drivers\tdtcp.sys
2013-06-30 19:37:16    1031680    ----a-w-    C:\Windows\System32\rdpcore.dll
2013-06-30 19:36:02    --------    d-sh--w-    C:\Windows\Installer
2013-06-30 19:31:52    2622464    ----a-w-    C:\Windows\System32\wucltux.dll
2013-06-30 19:31:39    99840    ----a-w-    C:\Windows\System32\wudriver.dll
2013-06-30 19:31:27    36864    ----a-w-    C:\Windows\System32\wuapp.exe
2013-06-30 19:31:27    186752    ----a-w-    C:\Windows\System32\wuwebv.dll
2013-06-30 19:30:30    --------    d-sh--w-    C:\Recovery
.
==================== Find3M  ====================
.
2013-07-03 23:59:06    9728    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-02 16:31:19    152576    ----a-w-    C:\Windows\SysWow64\msclmd.dll
2013-07-02 16:31:18    175616    ----a-w-    C:\Windows\System32\msclmd.dll
2013-06-13 21:34:16    451096    ----a-w-    C:\Windows\System32\drivers\vsdatant.sys
2013-06-11 23:43:37    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-06-11 23:25:16    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-31 16:56:06    293192    ----a-w-    C:\Program Files\Common Files\iTunesOutlookAddIn.dll
2013-05-31 16:56:02    152392    ----a-w-    C:\Program Files\Common Files\iTunesHelper.exe
2013-05-31 16:56:02    148808    ----a-w-    C:\Program Files\Common Files\iTunesHelper.dll
2013-05-31 16:56:00    412488    ----a-w-    C:\Program Files\Common Files\iTunesAdmin.dll
2013-05-31 16:55:58    9789256    ----a-w-    C:\Program Files\Common Files\iTunes.exe
2013-05-31 16:55:42    23411528    ----a-w-    C:\Program Files\Common Files\iTunes.dll
2013-05-31 16:55:38    776216    ----a-w-    C:\Program Files\Common Files\gnsdk_sdkmanager.dll
2013-05-31 16:55:38    3008536    ----a-w-    C:\Program Files\Common Files\gnsdk_dsp.dll
2013-05-31 16:55:38    262680    ----a-w-    C:\Program Files\Common Files\gnsdk_submit.dll
2013-05-31 16:55:38    219672    ----a-w-    C:\Program Files\Common Files\gnsdk_musicid.dll
2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-04-26 04:55:21    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-04-08 08:31:30    112968    ----a-w-    C:\Program Files\Common Files\ITDetector.ocx
.
============= FINISH:  8:52:26.82 ===============

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/30/2013 2:30:33 PM
System Uptime: 7/18/2013 6:56:29 AM (2 hours ago)
.
Motherboard: Hewlett-Packard |  | 3627
Processor: Intel® Core™2 Duo CPU     T6400  @ 2.00GHz | CPU | 2000/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 248 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\ENE0100\4&9D1EA7&0
Manufacturer:
Name:
PNP Device ID: ACPI\ENE0100\4&9D1EA7&0
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP15: 7/7/2013 7:00:55 PM - Windows Update
RP16: 7/10/2013 6:23:20 PM - Installed Adobe Acrobat XI Pro.
RP17: 7/10/2013 7:04:39 PM - Installed iTunes
RP18: 7/10/2013 9:56:20 PM - Windows Update
RP19: 7/13/2013 12:43:21 PM - Installed iCloud
RP20: 7/16/2013 12:03:55 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Acrobat XI Pro
Adobe Flash Player 11 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
Google Chrome
Google Update Helper
iCloud
iTunes
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MyPC Backup
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
WebCake 3.00
ZoneAlarm Antivirus
ZoneAlarm Extreme Security
ZoneAlarm Firewall
ZoneAlarm Security
ZoneAlarm Security Toolbar
.
==== Event Viewer Messages From Past Week ========
.
7/17/2013 8:57:20 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/17/2013 8:04:59 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer ROOM that believes that it is the master browser for the domain on transport NetBT_Tcpip_{47A0E805-943E-4069-A221-4647280D4D37}. The master browser is stopping or an election is being forced.
7/16/2013 12:01:03 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  and APPID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  to the user Laptop-PC\extra SID (S-1-5-21-276219926-3590612070-1233831748-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/16/2013 12:01:03 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  and APPID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  to the user Laptop-PC\extra SID (S-1-5-21-276219926-3590612070-1233831748-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/15/2013 5:14:54 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  KLIF KLIM6
7/15/2013 11:54:18 PM, Error: Service Control Manager [7034]  - The TrueVector Internet Monitor service terminated unexpectedly.  It has done this 1 time(s).
7/15/2013 11:28:14 PM, Error: Service Control Manager [7034]  - The Diagnostic System Host service terminated unexpectedly.  It has done this 1 time(s).
7/15/2013 11:28:14 PM, Error: Service Control Manager [7031]  - The WLAN AutoConfig service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/15/2013 11:28:14 PM, Error: Service Control Manager [7031]  - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/15/2013 11:28:14 PM, Error: Service Control Manager [7031]  - The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/15/2013 11:28:14 PM, Error: Service Control Manager [7031]  - The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/15/2013 11:28:14 PM, Error: Service Control Manager [7031]  - The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/15/2013 11:28:14 PM, Error: Service Control Manager [7031]  - The Portable Device Enumerator Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/15/2013 11:28:14 PM, Error: Service Control Manager [7031]  - The PnP-X IP Bus Enumerator service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/15/2013 11:28:14 PM, Error: Service Control Manager [7031]  - The Network Connections service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
7/15/2013 11:28:14 PM, Error: Service Control Manager [7031]  - The Human Interface Device Access service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/15/2013 11:28:14 PM, Error: Service Control Manager [7031]  - The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/15/2013 11:28:14 PM, Error: Service Control Manager [7031]  - The Desktop Window Manager Session Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/14/2013 7:22:42 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk3\DR4.
7/14/2013 11:48:55 PM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for DeleteFlag with the following error:  Access is denied.
7/14/2013 11:42:44 PM, Error: Service Control Manager [7030]  - The TrueVector Internet Monitor service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
7/13/2013 5:08:40 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
7/13/2013 5:08:40 PM, Error: Service Control Manager [7000]  - The Computer Backup (MyPC Backup) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/13/2013 5:08:05 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa80064ad6f0, 0xfffffa80064ad9d0, 0xfffff80002d87350). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071313-32198-01.
7/12/2013 9:46:53 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
.
==== End Of File ===========================
 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-18 09:01:07
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2320BH_G2 rev.8909 298.09GB
Running: 0f9psi5o.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\uxdirpow.sys


---- Threads - GMER 2.1 ----

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [3844:3972]                                   000007fefc0a2a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [3844:3080]                                   000007fef5cf5124

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e2507a9                      
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e2507a9 (not active ControlSet)  

---- EOF - GMER 2.1 ----
 



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 AM

Posted 18 July 2013 - 09:36 AM

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs

ZoneAlarm Security Toolbar
WebCake 3.00
Mozilla Maintenance Service
MyPC Backup

 



Close the window.

 

 

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Poweroo

Poweroo
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Austin Texas
  • Local time:03:11 AM

Posted 18 July 2013 - 09:54 AM

The program 

 

ZoneAlarm Security Toolbar was not listed.

 

Should I continue with your directions?

 

~hazel



#6 Poweroo

Poweroo
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Austin Texas
  • Local time:03:11 AM

Posted 18 July 2013 - 11:43 AM

ComboFix 13-07-18.02 - Administrator 07/18/2013  11:22:13.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3999.2309 [GMT -5:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
FW: ZoneAlarm Extreme Security Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-18 to 2013-07-18  )))))))))))))))))))))))))))))))
.
.
2013-07-18 16:30 . 2013-07-18 16:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-18 14:51 . 2013-07-18 14:51 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B383CA10-6D1A-4935-999E-5794B09C24F5}\offreg.dll
2013-07-16 17:04 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B383CA10-6D1A-4935-999E-5794B09C24F5}\mpengine.dll
2013-07-15 04:42 . 2013-06-04 13:03 178600 ----a-w- c:\windows\system32\drivers\kneps.sys
2013-07-15 04:42 . 2012-11-16 02:06 54104 ----a-w- c:\windows\system32\drivers\kltdi.sys
2013-07-15 04:41 . 2012-11-16 02:06 458584 ----a-w- c:\windows\system32\drivers\kl1.sys
2013-07-15 04:41 . 2013-02-21 19:44 89944 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-07-15 04:41 . 2013-02-21 19:44 613720 ----a-w- c:\windows\system32\drivers\klif.sys
2013-07-15 04:34 . 2013-07-15 04:34 -------- d-----w- c:\program files (x86)\Check Point Software Technologies LTD
2013-07-15 04:33 . 2013-07-15 04:40 -------- d-----w- c:\program files (x86)\CheckPoint
2013-07-15 04:32 . 2013-07-15 04:32 -------- d-----w- c:\programdata\CheckPoint
2013-07-15 00:33 . 2013-07-15 00:33 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-15 00:33 . 2013-07-15 00:33 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-15 00:33 . 2013-07-15 00:33 -------- d-----w- c:\windows\SysWow64\Macromed
2013-07-15 00:33 . 2013-07-15 00:33 -------- d-----w- c:\windows\system32\Macromed
2013-07-11 00:06 . 2012-08-21 18:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-07-11 00:06 . 2013-07-15 04:42 -------- dc----w- c:\windows\system32\DRVSTORE
2013-07-11 00:06 . 2013-07-11 00:06 -------- d-----w- c:\program files\Common Files\Mozilla Plugins
2013-07-11 00:06 . 2013-07-11 00:06 -------- d-----w- c:\program files\Common Files\iTunesHelper.Resources
2013-07-11 00:05 . 2013-07-11 00:06 -------- d-----w- c:\program files\Common Files\iTunes.Resources
2013-07-11 00:05 . 2013-07-11 00:06 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-11 00:05 . 2013-07-11 00:06 -------- d-----w- c:\program files\iTunes
2013-07-11 00:05 . 2013-07-11 00:05 -------- d-----w- c:\programdata\Apple Computer
2013-07-11 00:05 . 2013-07-11 00:05 -------- d-----w- c:\program files\iPod
2013-07-11 00:05 . 2013-07-11 00:05 -------- d-----w- c:\program files\Common Files\CD Configuration
2013-07-11 00:04 . 2013-07-11 00:04 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-07-11 00:04 . 2013-07-13 17:43 -------- d-----w- c:\program files\Common Files\Apple
2013-07-11 00:03 . 2013-07-11 00:03 -------- d-----w- c:\program files\Bonjour
2013-07-11 00:03 . 2013-07-11 00:03 -------- d-----w- c:\program files (x86)\Bonjour
2013-07-11 00:03 . 2013-07-11 00:05 -------- d-----w- c:\program files (x86)\Common Files\Apple
2013-07-11 00:03 . 2013-07-11 00:04 -------- d-----w- c:\programdata\Apple
2013-07-10 23:28 . 2013-07-16 05:07 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2013-07-10 23:26 . 2013-07-10 23:26 -------- d-----w- c:\program files (x86)\Common Files\FormsCentral
2013-07-10 23:26 . 2013-07-10 23:26 -------- d-----w- c:\program files (x86)\Common Files\Esl
2013-07-10 23:26 . 2013-07-10 23:26 -------- d-----w- c:\program files (x86)\Common Files\Acrobat Elements
2013-07-10 23:26 . 2013-07-10 23:26 -------- d-----w- c:\program files (x86)\Common Files\PDFMaker
2013-07-10 23:25 . 2013-07-10 23:26 -------- d-----w- c:\program files (x86)\Common Files\Resource
2013-07-10 23:24 . 2013-07-10 23:28 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-07-10 23:24 . 2013-07-10 23:26 -------- d-----w- c:\program files (x86)\Common Files\Acrobat
2013-07-10 23:24 . 2013-07-10 23:24 -------- d-----w- c:\program files (x86)\Common Files\Setup Files
2013-07-10 23:18 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-10 23:18 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-10 23:18 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-10 23:18 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 23:18 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-10 23:18 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-10 23:18 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 23:18 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-10 23:18 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 23:18 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-10 23:18 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 23:17 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-10 23:17 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 23:17 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 23:17 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 23:17 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 23:17 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 23:17 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-10 23:17 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-06 23:39 . 2013-07-08 00:06 -------- d-----w- c:\programdata\Geek Squad
2013-07-04 22:52 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-07-04 22:52 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-07-04 13:42 . 2012-07-26 04:03 2205696 ----a-w- c:\windows\SysWow64\PrintConfig.dll
2013-07-04 13:01 . 2013-07-18 15:02 -------- d-----w- c:\users\Administrator
2013-07-03 23:59 . 2013-07-03 23:59 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-03 01:45 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-07-03 01:45 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-07-03 01:45 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-07-03 01:45 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-07-03 01:45 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-07-03 01:45 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2013-07-03 01:45 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2013-07-03 01:45 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-07-03 01:45 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2013-07-03 01:43 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-07-02 13:47 . 2013-07-02 13:47 -------- d-----w- c:\windows\system32\SPReview
2013-07-02 13:46 . 2013-07-02 13:46 -------- d-----w- c:\windows\system32\EventProviders
2013-07-02 13:44 . 2013-07-02 13:44 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-07-02 00:39 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2013-07-02 00:39 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2013-07-02 00:39 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2013-07-02 00:39 . 2010-11-20 13:27 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-07-02 00:39 . 2010-11-20 11:07 59392 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2013-07-02 00:39 . 2010-11-20 13:27 14967808 ----a-w- c:\program files\DVD Maker\OmdBase.dll
2013-07-02 00:37 . 2010-11-20 13:27 316928 ----a-w- c:\windows\system32\tapisrv.dll
2013-07-02 00:35 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2013-07-02 00:35 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2013-07-02 00:35 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2013-07-01 23:47 . 2013-07-01 23:47 -------- d-----w- c:\windows\SysWow64\Wat
2013-07-01 23:47 . 2013-07-01 23:47 -------- d-----w- c:\windows\system32\Wat
2013-07-01 01:29 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-07-01 01:29 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-07-01 01:29 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-07-01 01:29 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-07-01 00:53 . 2013-07-11 03:07 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-07-01 00:51 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-07-01 00:51 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-07-01 00:51 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-07-01 00:51 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-07-01 00:51 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-07-01 00:51 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-07-01 00:50 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-07-01 00:50 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-07-01 00:50 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-07-01 00:50 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-07-01 00:50 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-07-01 00:50 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-07-01 00:50 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-07-01 00:43 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-07-01 00:43 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-07-01 00:43 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-07-01 00:43 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-07-01 00:43 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-06-30 22:21 . 2013-06-30 19:30 -------- d-----w- c:\windows\Panther
2013-06-30 22:21 . 2013-07-02 16:44 -------- d-----w- C:\Boot
2013-06-30 22:00 . 2013-07-07 22:25 -------- d-----w- C:\Temp
2013-06-30 21:18 . 2013-07-18 14:52 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-06-30 21:17 . 2013-07-18 14:52 -------- d-----w- c:\program files (x86)\MyPC Backup
2013-06-30 21:16 . 2013-07-18 14:51 -------- d-----w- c:\programdata\Tarma Installer
2013-06-30 20:51 . 2013-06-30 20:51 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2013-06-30 20:51 . 2013-06-30 20:51 -------- d-----w- c:\windows\PCHEALTH
2013-06-30 20:51 . 2013-07-01 23:59 -------- d-----w- c:\program files (x86)\Microsoft.NET
2013-06-30 20:51 . 2013-06-30 20:51 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2013-06-30 20:51 . 2013-06-30 20:51 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-06-30 20:48 . 2013-06-30 20:48 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-02 16:31 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-07-02 16:31 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-06-13 21:34 . 2013-06-13 21:34 451096 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2013-05-31 16:56 . 2013-05-31 16:56 293192 ----a-w- c:\program files\Common Files\iTunesOutlookAddIn.dll
2013-05-31 16:56 . 2013-05-31 16:56 152392 ----a-w- c:\program files\Common Files\iTunesHelper.exe
2013-05-31 16:56 . 2013-05-31 16:56 148808 ----a-w- c:\program files\Common Files\iTunesHelper.dll
2013-05-31 16:56 . 2013-05-31 16:56 412488 ----a-w- c:\program files\Common Files\iTunesAdmin.dll
2013-05-31 16:55 . 2013-05-31 16:55 9789256 ----a-w- c:\program files\Common Files\iTunes.exe
2013-05-31 16:55 . 2013-05-31 16:55 23411528 ----a-w- c:\program files\Common Files\iTunes.dll
2013-05-31 16:55 . 2013-05-31 16:55 776216 ----a-w- c:\program files\Common Files\gnsdk_sdkmanager.dll
2013-05-31 16:55 . 2013-05-31 16:55 3008536 ----a-w- c:\program files\Common Files\gnsdk_dsp.dll
2013-05-31 16:55 . 2013-05-31 16:55 262680 ----a-w- c:\program files\Common Files\gnsdk_submit.dll
2013-05-31 16:55 . 2013-05-31 16:55 219672 ----a-w- c:\program files\Common Files\gnsdk_musicid.dll
2013-04-08 08:31 . 2013-04-08 08:31 112968 ----a-w- c:\program files\Common Files\ITDetector.ocx
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\users\extra\Downloads\iCloudServices.exe" [2013-04-05 59720]
"ApplePhotoStreams"="c:\users\extra\Downloads\ApplePhotoStreams.exe" [2013-04-05 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
"Acrobat Assistant 8.0"="c:\program files (x86)\Common Files\Acrobat\Acrotray.exe" [2012-09-24 3477640]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files\Common Files\iTunesHelper.exe" [2013-05-31 152392]
.
c:\users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MyPC Backup.lnk.disabled [2013-6-30 1097]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-5 27370808]
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\gstools\RUN\a2ddax64.sys;c:\gstools\RUN\a2ddax64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 PrintNotify;Printer Extensions and Notifications;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - UXDIRPOW
*Deregistered* - uxdirpow
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-16 04:50 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-15 00:33]
.
2013-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-16 04:30]
.
2013-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-16 04:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Supplementary Scan -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = 
mDefault_Search_URL = 
mStart Page = about:blank
mSearch Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
mSearch Bar = 
uSearchAssistant = about:blank
mSearchAssistant = about:blank
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wmh78wvi.default\
FF - ExtSQL: 2013-07-10 18:26; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Common Files\Acrobat\Browser\WCFirefoxExtn
FF - ExtSQL: 2013-07-18 09:01; ffxtlbr@zonealarm.com; c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wmh78wvi.default\extensions\ffxtlbr@zonealarm.com
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=goughDev3&Lan={dfltLng}&gu=008c0d53091d492fb7075a6d7d7c7991&tu=10GpG00932B0CO0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 904a3507000000000000002100a7b384
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15901
FF - user.js: extensions.zonealarm.vrsn - 1.8.21.15
FF - user.js: extensions.zonealarm.vrsni - 1.8.21.15
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.21.1518:20
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 8008
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - goughDev3
FF - user.js: extensions.zonealarm.instlRef - ZLN118902695381579-1043
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - true
FF - user.js: extensions.zonealarm.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-276219926-3590612070-1233831748-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}"=hex:51,66,7a,6c,4c,1d,3b,1b,80,36,4f,
   35,05,69,08,0a,b7,58,70,7d,29,24,b0,0d
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2d,90,
   6d,f0,62,44,09,a9,f4,54,e2,18,72,e6,64
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b4,e6,
   ab,14,5c,3f,0d,a4,2f,1d,ed,05,c4,47,e5
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,06,41,
   35,c3,09,03,02,b6,ae,90,f7,62,64,07,8b
.
[HKEY_USERS\S-1-5-21-276219926-3590612070-1233831748-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:c6,8f,e1,85,8e,7a,ce,01
.
[HKEY_USERS\S-1-5-21-276219926-3590612070-1233831748-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,40,85,0a,41,4d,55,c7,44,b5,99,8a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,40,85,0a,41,4d,55,c7,44,b5,99,8a,\
.
[HKEY_USERS\S-1-5-21-276219926-3590612070-1233831748-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-276219926-3590612070-1233831748-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-276219926-3590612070-1233831748-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-276219926-3590612070-1233831748-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-276219926-3590612070-1233831748-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-18  11:32:48
ComboFix-quarantined-files.txt  2013-07-18 16:32
.
Pre-Run: 265,494,712,320 bytes free
Post-Run: 265,757,609,984 bytes free
.
- - End Of File - - 4483366D6138269D7BA0AD1ACA5F5B55
A36C5E4F47E84449FF07ED3517B43A31


#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 AM

Posted 18 July 2013 - 11:55 PM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Quick Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 Poweroo

Poweroo
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Austin Texas
  • Local time:03:11 AM

Posted 19 July 2013 - 11:29 AM

ComboFix 13-07-18.02 - Administrator 07/19/2013   7:14.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3999.2002 [GMT -5:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
AV: ZoneAlarm Extreme Security Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Extreme Security Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
.
FILE ::
"c:\users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk.disabled"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\MyPC Backup
c:\program files (x86)\MyPC Backup\DEL_UnRegisterExtensions.exe
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll
c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll
c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat
c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe
c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-19 to 2013-07-19  )))))))))))))))))))))))))))))))
.
.
2013-07-19 12:25 . 2013-07-19 12:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-19 12:21 . 2013-07-19 12:21 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B383CA10-6D1A-4935-999E-5794B09C24F5}\offreg.dll
2013-07-18 21:40 . 2013-07-18 21:40 74703 ----a-w- c:\windows\SysWow64\mfc45.dat
2013-07-18 21:40 . 2013-07-18 21:40 -------- d-----w- c:\programdata\iolo
2013-07-18 21:40 . 2013-07-18 21:40 -------- d-----w- c:\program files (x86)\iolo
2013-07-18 21:26 . 2013-07-18 21:26 -------- d-----w- C:\symcache
2013-07-18 21:25 . 2013-07-19 12:14 -------- d-----w- c:\program files\DebugDiag
2013-07-18 18:54 . 2013-07-18 18:54 -------- d-----w- c:\program files (x86)\Common Files\Esl
2013-07-18 17:52 . 2013-07-18 19:05 -------- d-----w- c:\program files (x86)\Cobian Backup 11
2013-07-16 17:04 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B383CA10-6D1A-4935-999E-5794B09C24F5}\mpengine.dll
2013-07-15 04:42 . 2013-06-04 13:03 178600 ----a-w- c:\windows\system32\drivers\kneps.sys
2013-07-15 04:42 . 2012-11-16 02:06 54104 ----a-w- c:\windows\system32\drivers\kltdi.sys
2013-07-15 04:41 . 2012-11-16 02:06 458584 ----a-w- c:\windows\system32\drivers\kl1.sys
2013-07-15 04:41 . 2013-02-21 19:44 89944 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-07-15 04:41 . 2013-02-21 19:44 613720 ----a-w- c:\windows\system32\drivers\klif.sys
2013-07-15 04:34 . 2013-07-15 04:34 -------- d-----w- c:\program files (x86)\Check Point Software Technologies LTD
2013-07-15 04:33 . 2013-07-15 04:40 -------- d-----w- c:\program files (x86)\CheckPoint
2013-07-15 04:32 . 2013-07-15 04:32 -------- d-----w- c:\programdata\CheckPoint
2013-07-15 00:33 . 2013-07-15 00:33 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-15 00:33 . 2013-07-15 00:33 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-15 00:33 . 2013-07-15 00:33 -------- d-----w- c:\windows\SysWow64\Macromed
2013-07-15 00:33 . 2013-07-15 00:33 -------- d-----w- c:\windows\system32\Macromed
2013-07-11 00:06 . 2012-08-21 18:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-07-11 00:06 . 2013-07-15 04:42 -------- dc----w- c:\windows\system32\DRVSTORE
2013-07-11 00:06 . 2013-07-11 00:06 -------- d-----w- c:\program files\Common Files\Mozilla Plugins
2013-07-11 00:06 . 2013-07-11 00:06 -------- d-----w- c:\program files\Common Files\iTunesHelper.Resources
2013-07-11 00:05 . 2013-07-11 00:06 -------- d-----w- c:\program files\Common Files\iTunes.Resources
2013-07-11 00:05 . 2013-07-11 00:06 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-11 00:05 . 2013-07-11 00:06 -------- d-----w- c:\program files\iTunes
2013-07-11 00:05 . 2013-07-11 00:05 -------- d-----w- c:\programdata\Apple Computer
2013-07-11 00:05 . 2013-07-11 00:05 -------- d-----w- c:\program files\iPod
2013-07-11 00:05 . 2013-07-11 00:05 -------- d-----w- c:\program files\Common Files\CD Configuration
2013-07-11 00:04 . 2013-07-11 00:04 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-07-11 00:04 . 2013-07-13 17:43 -------- d-----w- c:\program files\Common Files\Apple
2013-07-11 00:03 . 2013-07-11 00:03 -------- d-----w- c:\program files\Bonjour
2013-07-11 00:03 . 2013-07-11 00:03 -------- d-----w- c:\program files (x86)\Bonjour
2013-07-11 00:03 . 2013-07-11 00:05 -------- d-----w- c:\program files (x86)\Common Files\Apple
2013-07-11 00:03 . 2013-07-11 00:04 -------- d-----w- c:\programdata\Apple
2013-07-10 23:28 . 2013-07-16 05:07 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2013-07-10 23:26 . 2013-07-18 18:54 -------- d-----w- c:\program files (x86)\Common Files\FormsCentral
2013-07-10 23:26 . 2013-07-18 18:54 -------- d-----w- c:\program files (x86)\Common Files\Acrobat Elements
2013-07-10 23:26 . 2013-07-18 18:54 -------- d-----w- c:\program files (x86)\Common Files\PDFMaker
2013-07-10 23:25 . 2013-07-10 23:26 -------- d-----w- c:\program files (x86)\Common Files\Resource
2013-07-10 23:24 . 2013-07-18 18:54 -------- d-----w- c:\program files (x86)\Common Files\Acrobat
2013-07-10 23:24 . 2013-07-10 23:28 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-07-10 23:24 . 2013-07-10 23:24 -------- d-----w- c:\program files (x86)\Common Files\Setup Files
2013-07-10 23:18 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-10 23:18 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-10 23:18 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-10 23:18 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 23:18 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-10 23:18 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-10 23:18 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 23:18 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-10 23:18 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 23:18 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-10 23:18 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 23:17 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-10 23:17 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 23:17 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 23:17 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 23:17 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 23:17 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 23:17 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-10 23:17 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-06 23:39 . 2013-07-08 00:06 -------- d-----w- c:\programdata\Geek Squad
2013-07-04 22:52 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-07-04 22:52 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-07-04 13:42 . 2012-07-26 04:03 2205696 ----a-w- c:\windows\SysWow64\PrintConfig.dll
2013-07-04 13:01 . 2013-07-19 12:01 -------- d-----w- c:\users\Administrator
2013-07-03 23:59 . 2013-07-03 23:59 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-03 01:45 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-07-03 01:45 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-07-03 01:45 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-07-03 01:45 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-07-03 01:45 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-07-03 01:45 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2013-07-03 01:45 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2013-07-03 01:45 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-07-03 01:45 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2013-07-03 01:43 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-07-02 13:47 . 2013-07-02 13:47 -------- d-----w- c:\windows\system32\SPReview
2013-07-02 13:46 . 2013-07-02 13:46 -------- d-----w- c:\windows\system32\EventProviders
2013-07-02 13:44 . 2013-07-02 13:44 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-07-02 00:39 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2013-07-02 00:39 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2013-07-02 00:39 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2013-07-02 00:39 . 2010-11-20 13:27 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-07-02 00:39 . 2010-11-20 11:07 59392 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2013-07-02 00:39 . 2010-11-20 13:27 14967808 ----a-w- c:\program files\DVD Maker\OmdBase.dll
2013-07-02 00:37 . 2010-11-20 13:27 316928 ----a-w- c:\windows\system32\tapisrv.dll
2013-07-02 00:35 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2013-07-02 00:35 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2013-07-02 00:35 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2013-07-01 23:47 . 2013-07-01 23:47 -------- d-----w- c:\windows\SysWow64\Wat
2013-07-01 23:47 . 2013-07-01 23:47 -------- d-----w- c:\windows\system32\Wat
2013-07-01 01:29 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-07-01 01:29 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-07-01 01:29 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-07-01 01:29 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-07-01 00:53 . 2013-07-11 03:07 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-07-01 00:51 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-07-01 00:51 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-07-01 00:51 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-07-01 00:51 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-07-01 00:51 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-07-01 00:51 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-07-01 00:50 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-07-01 00:50 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-07-01 00:50 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-07-01 00:50 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-07-01 00:50 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-07-01 00:50 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-07-01 00:50 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-07-01 00:43 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-07-01 00:43 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-07-01 00:43 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-07-01 00:43 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-07-01 00:43 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-06-30 22:21 . 2013-06-30 19:30 -------- d-----w- c:\windows\Panther
2013-06-30 22:21 . 2013-07-02 16:44 -------- d-----w- C:\Boot
2013-06-30 22:00 . 2013-07-07 22:25 -------- d-----w- C:\Temp
2013-06-30 20:51 . 2013-06-30 20:51 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2013-06-30 20:51 . 2013-06-30 20:51 -------- d-----w- c:\windows\PCHEALTH
2013-06-30 20:51 . 2013-07-01 23:59 -------- d-----w- c:\program files (x86)\Microsoft.NET
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-02 16:31 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-07-02 16:31 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-06-13 21:34 . 2013-06-13 21:34 451096 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2013-05-31 16:56 . 2013-05-31 16:56 293192 ----a-w- c:\program files\Common Files\iTunesOutlookAddIn.dll
2013-05-31 16:56 . 2013-05-31 16:56 152392 ----a-w- c:\program files\Common Files\iTunesHelper.exe
2013-05-31 16:56 . 2013-05-31 16:56 148808 ----a-w- c:\program files\Common Files\iTunesHelper.dll
2013-05-31 16:56 . 2013-05-31 16:56 412488 ----a-w- c:\program files\Common Files\iTunesAdmin.dll
2013-05-31 16:55 . 2013-05-31 16:55 9789256 ----a-w- c:\program files\Common Files\iTunes.exe
2013-05-31 16:55 . 2013-05-31 16:55 23411528 ----a-w- c:\program files\Common Files\iTunes.dll
2013-05-31 16:55 . 2013-05-31 16:55 776216 ----a-w- c:\program files\Common Files\gnsdk_sdkmanager.dll
2013-05-31 16:55 . 2013-05-31 16:55 3008536 ----a-w- c:\program files\Common Files\gnsdk_dsp.dll
2013-05-31 16:55 . 2013-05-31 16:55 262680 ----a-w- c:\program files\Common Files\gnsdk_submit.dll
2013-05-31 16:55 . 2013-05-31 16:55 219672 ----a-w- c:\program files\Common Files\gnsdk_musicid.dll
2013-04-08 08:31 . 2013-04-08 08:31 112968 ----a-w- c:\program files\Common Files\ITDetector.ocx
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Boot ----
.
2013-06-30 22:21 . 2013-07-19 12:03 262144 --sha-w- c:\boot\BCD.LOG
2013-06-30 22:21 . 2013-06-30 22:21 0 --sha-w- c:\boot\BCD.LOG1
2013-06-30 22:21 . 2013-06-30 22:21 0 --sha-w- c:\boot\BCD.LOG2
2013-06-30 22:21 . 2013-07-19 12:03 24576 --sha-w- c:\boot\BCD
2013-06-30 22:21 . 2009-06-10 20:31 47452 ----a-w- c:\boot\Fonts\wgl4_boot.ttf
2013-06-30 22:21 . 2009-06-10 20:31 2371360 ----a-w- c:\boot\Fonts\kor_boot.ttf
2013-06-30 22:21 . 2009-06-10 20:31 1984228 ----a-w- c:\boot\Fonts\jpn_boot.ttf
2013-06-30 22:21 . 2009-06-10 20:31 3876772 ----a-w- c:\boot\Fonts\cht_boot.ttf
2013-06-30 22:21 . 2009-06-10 20:31 3694080 ----a-w- c:\boot\Fonts\chs_boot.ttf
2013-06-30 22:21 . 2013-06-30 22:21 65536 --sha-w- c:\boot\BOOTSTAT.DAT
2013-06-30 22:21 . 2009-07-14 01:17 70208 ----a-w- c:\boot\zh-TW\bootmgr.exe.mui
2013-06-30 22:21 . 2009-07-14 01:17 70720 ----a-w- c:\boot\zh-CN\bootmgr.exe.mui
2013-06-30 22:21 . 2009-07-14 01:17 70224 ----a-w- c:\boot\zh-HK\bootmgr.exe.mui
2013-06-30 22:21 . 2009-07-14 01:17 90192 ----a-w- c:\boot\ru-RU\bootmgr.exe.mui
2013-06-30 22:21 . 2009-07-14 01:17 87616 ----a-w- c:\boot\sv-SE\bootmgr.exe.mui
2013-06-30 22:21 . 2009-07-14 01:17 87104 ----a-w- c:\boot\tr-TR\bootmgr.exe.mui
2013-06-30 22:21 . 2009-07-14 01:17 90176 ----a-w- c:\boot\pt-BR\bootmgr.exe.mui
2013-06-30 22:21 . 2009-07-14 01:17 89664 ----a-w- c:\boot\pt-PT\bootmgr.exe.mui
2013-06-30 22:21 . 2009-07-14 01:17 90704 ----a-w- c:\boot\nl-NL\bootmgr.exe.mui
2013-06-30 22:21 . 2009-07-14 01:17 90704 ----a-w- c:\boot\pl-PL\bootmgr.exe.mui
2013-06-30 22:21 . 2009-07-14 01:17 88144 ----a-w- c:\boot\nb-NO\bootmgr.exe.mui
2013-06-30 22:21 . 2010-11-20 12:30 485760 ----a-w- c:\boot\memtest.exe
2013-06-30 22:21 . 2009-07-14 01:17 76352 ----a-w- c:\boot\ja-JP\bootmgr.exe.mui
2013-06-30 22:21 . 2009-07-14 01:17 75344 ----a-w- c:\boot\ko-KR\bootmgr.exe.mui
2013-06-30 22:21 . 2009-07-14 01:17 90688 ----a-w- c:\boot\hu-HU\bootmgr.exe.mui
2013-06-30 22:21 . 2009-07-14 01:17 90704 ----a-w- c:\boot\it-IT\bootmgr.exe.mui
2013-06-30 22:21 . 2009-07-14 01:17 89152 ----a-w- c:\boot\fi-FI\bootmgr.exe.mui
2013-06-30 22:21 . 2009-07-14 01:17 93248 ----a-w- c:\boot\fr-FR\bootmgr.exe.mui
2013-06-30 22:21 . 2009-07-14 01:17 85056 ----a-w- c:\boot\en-US\bootmgr.exe.mui
2013-06-30 22:21 . 2009-07-14 02:11 43600 ----a-w- c:\boot\en-US\memtest.exe.mui
2013-06-30 22:21 . 2009-07-14 01:17 90192 ----a-w- c:\boot\es-ES\bootmgr.exe.mui
2013-06-30 22:21 . 2009-07-14 01:17 91712 ----a-w- c:\boot\de-DE\bootmgr.exe.mui
2013-06-30 22:21 . 2009-07-14 01:17 94800 ----a-w- c:\boot\el-GR\bootmgr.exe.mui
2013-06-30 22:21 . 2009-07-14 01:17 89168 ----a-w- c:\boot\cs-CZ\bootmgr.exe.mui
2013-06-30 22:21 . 2009-07-14 01:17 87616 ----a-w- c:\boot\da-DK\bootmgr.exe.mui
.
---- Directory of C:\Temp ----
.
.
---- Directory of c:\windows\Panther ----
.
2013-06-30 22:21 . 2013-06-30 22:10 0 ----a-w- c:\windows\Panther\setuperr.log
2013-06-30 22:21 . 2013-06-30 22:21 180480 ----a-w- c:\windows\Panther\setupinfo
2013-06-30 22:21 . 2013-06-30 22:21 38112 ----a-w- c:\windows\Panther\cbs.log
2013-06-30 22:21 . 2013-06-30 22:21 68 ----a-w- c:\windows\Panther\Contents0.dir
2013-06-30 22:21 . 2013-07-11 23:47 73704 ----a-w- c:\windows\Panther\diagerr.xml
2013-06-30 22:21 . 2013-07-11 23:47 83174 ----a-w- c:\windows\Panther\diagwrn.xml
2013-06-30 22:21 . 2013-06-30 22:21 28770 ----a-w- c:\windows\Panther\MainQueueOnline0.que
2013-06-30 22:21 . 2013-07-11 23:47 878785 ----a-w- c:\windows\Panther\setupact.log
2013-06-30 21:25 . 2013-06-30 21:25 68 ----a-w- c:\windows\Panther\Contents1.dir
2013-06-30 21:25 . 2013-06-30 21:25 27468 ----a-w- c:\windows\Panther\MainQueueOnline1.que
2013-06-30 21:25 . 2013-06-30 21:25 756 ----a-w- c:\windows\Panther\DDACLSys.log
2013-06-30 21:22 . 2013-06-30 19:30 3813 ----a-w- c:\windows\Panther\UnattendGC\diagerr.xml
2013-06-30 21:22 . 2013-06-30 19:30 4137 ----a-w- c:\windows\Panther\UnattendGC\diagwrn.xml
2013-06-30 21:22 . 2013-06-30 19:30 14996 ----a-w- c:\windows\Panther\UnattendGC\setupact.log
2013-06-30 21:22 . 2013-06-30 21:22 0 ----a-w- c:\windows\Panther\UnattendGC\setuperr.log
2013-06-30 21:22 . 2013-06-30 19:30 483328 ----a-w- c:\windows\Panther\setup.etl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\users\extra\Downloads\iCloudServices.exe" [2013-04-05 59720]
"ApplePhotoStreams"="c:\users\extra\Downloads\ApplePhotoStreams.exe" [2013-04-05 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Acrobat Assistant 8.0"="c:\program files (x86)\Common Files\Acrobat\Acrotray.exe" [2013-05-11 3478600]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files\Common Files\iTunesHelper.exe" [2013-05-31 152392]
"Cobian Backup 11 interface"="c:\program files (x86)\Cobian Backup 11\cbInterface.exe" [2013-03-08 4407808]
.
c:\users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MyPC Backup.lnk.disabled [2013-6-30 1097]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-5 27370808]
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\gstools\RUN\a2ddax64.sys;c:\gstools\RUN\a2ddax64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 PrintNotify;Printer Extensions and Notifications;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [x]
S2 CobianBackup11;Cobian Backup 11 Gravity;c:\program files (x86)\Cobian Backup 11\cbService.exe;c:\program files (x86)\Cobian Backup 11\cbService.exe [x]
S2 DbgSvc;Debug Diagnostic Service;c:\program files\DebugDiag\DbgSvc.exe;c:\program files\DebugDiag\DbgSvc.exe [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-16 04:50 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-15 00:33]
.
2013-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-16 04:30]
.
2013-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-16 04:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Supplementary Scan -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = 
mDefault_Search_URL = 
mStart Page = about:blank
mSearch Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
mSearch Bar = 
uSearchAssistant = about:blank
mSearchAssistant = about:blank
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wmh78wvi.default\
FF - ExtSQL: 2013-07-10 18:26; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Common Files\Acrobat\Browser\WCFirefoxExtn
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=goughDev3&Lan={dfltLng}&gu=008c0d53091d492fb7075a6d7d7c7991&tu=10GpG00932B0CO0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 904a3507000000000000002100a7b384
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15901
FF - user.js: extensions.zonealarm.vrsn - 1.8.21.15
FF - user.js: extensions.zonealarm.vrsni - 1.8.21.15
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.21.1518:20
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 8008
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - goughDev3
FF - user.js: extensions.zonealarm.instlRef - ZLN118902695381579-1043
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - true
FF - user.js: extensions.zonealarm.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-RunOnce-SMRequiresRestart - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-276219926-3590612070-1233831748-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:c6,8f,e1,85,8e,7a,ce,01
.
[HKEY_USERS\S-1-5-21-276219926-3590612070-1233831748-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-276219926-3590612070-1233831748-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-276219926-3590612070-1233831748-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-276219926-3590612070-1233831748-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-276219926-3590612070-1233831748-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

 

 

MBAM:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.07.19.05
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Administrator :: LAPTOP-PC [administrator]
 
Protection: Enabled
 
7/19/2013 8:08:22 AM
mbam-log-2013-07-19 (08-08-22).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 262028
Time elapsed: 3 minute(s), 34 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 AM

Posted 20 July 2013 - 04:50 AM

Looks good:

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 Poweroo

Poweroo
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Austin Texas
  • Local time:03:11 AM

Posted 20 July 2013 - 05:42 PM

no threats found, no log to paste. :busy:

 

thanks,



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 AM

Posted 21 July 2013 - 08:17 AM

Are you still facing issues?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 Poweroo

Poweroo
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Austin Texas
  • Local time:03:11 AM

Posted 21 July 2013 - 08:36 AM

Yes, I am.  In fact I had a difficult time installing ESET.

 

The file would download with a different extension. (.enu).  When i would try to execute it, I would of course get an error message asking me what application did i want to use to open it. I would also get pages that looked different when I clicked on the word "here" that you have in your message. 

I finally got it download correctly, I think but it has this on this shield on it. On my computers, anything that has this shield on it give me problems.

 

Like on my desktop i cannot connect hard wired.  I do not want to use Wireless.  I cannot find the network adapter for it. 

 

I don't know, I'm sorry they are both just a mess.

 

I have uploaded .jpg of the "shield" I am talking about. 

Attached Files



#13 Poweroo

Poweroo
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Austin Texas
  • Local time:03:11 AM

Posted 21 July 2013 - 08:53 AM

here is another thing that keeps happening that just started yesterday.

 

Error messages that Windows Explorer has stopped working.  I also get a black screen all of a sudden and then this error message that I have saved as a jpg.

 

thanks,

 

~hazel

Attached Files



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 AM

Posted 21 July 2013 - 09:07 AM

Update your video driver.

When finished, do the following:

 

 

System File Check

For Windows XP:

  • Press the Windows- and the R-key simultanously.
  • Within the text box that jus opened, write cmd and hit Enter.


For Windows Vista/7:

  • Press the Windows key to open the start menu.
  • Don´t highlight anything, just write cmd.
  • The start menu will offer you an entry named cmd.
  • Right click it and select "run as administrator"



Within the opening window, write the following:

sfc /scannow
(See the blank within).


  • Hit enter. Your system will be checked for damaged system files.
  • Tell me the result of that scan in here (as the tool produces no log).

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 Poweroo

Poweroo
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Austin Texas
  • Local time:03:11 AM

Posted 21 July 2013 - 09:28 AM

I will complete that on return. I will be out of pocket for about an hour.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users