Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess infection, I think I've got it removed, need a double check


  • This topic is locked This topic is locked
8 replies to this topic

#1 calypsocowboy

calypsocowboy

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 15 August 2013 - 08:59 PM

On Monday, I notice my computer was having issues, MSE wasn't running, ran MBAM and it cleaned up a few things, but still wasn't working right, ran MBAR and that's when I saw the ZeroAccess rootkit. I did some digging on the net and ended up here.  

 

What I've done so far:

1. Ran ADWCleaner, MBAR, Hitman Pro, TDSSKiller, Rkill, RogueKiller, and ComboFix until everything seems to have come back clean.

2. Got Windows Update running and updated all files to current.

3. Got MSE reinstalled and back running.

4. Next steps after everything is clean is a good backup and recovery point and a zeroday tool.

 

At this point, everything seems clean and working well, but I'm hoping someone can review my logs and double check everything.

 

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by Josh at 19:36:43 on 2013-08-15
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4094.1749 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Josh\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
C:\Users\Josh\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\apcupsd\bin\apctray.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.Helper.exe
C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.AutoUpdate.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\notepad.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [SkyDrive] "C:\Users\Josh\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [BlackBerryLink.exe] "C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe" /minimize
mRun: [Apctray] "C:\apcupsd\bin\apctray.exe"
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [NVC] "C:\Program Files (x86)\Nortel\Nortel VPN Client\Nvc.exe" -autostart
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [My Movies Tray] "C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe"
mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
mRun: [RIM PeerManager] "C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Josh\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Josh\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Josh\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDQUIC~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
Trusted Zone: micron.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://connect.micron.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {A5A5E1FF-FFEF-3FEF-B592-C6D194F4383F} - hxxps://connect.micron.com/CACHE/sdesktop/install/binaries/instweb.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=972
TCP: Interfaces\{202A034A-0E53-47DC-88F8-A79EA41DFB5B} : NameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [fssui] "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\s6377ipa.default\
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 247216]
R2 BRA_Scheduler;Brother BRAdminPro Scheduler;C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [2011-10-30 65536]
R2 CLDTVHNService;CLDTVHNService;C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [2009-8-28 75048]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-5-1 181544]
R2 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-26 48488]
R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-5-11 376144]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-4-2 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-6-18 72216]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]
R2 ntk_dtv;ntk_dtv;C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [2009-8-28 82416]
R2 NvcSvcMgr;Nortel VPN Client;C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe [2010-3-1 628064]
R2 nvcwfpco;nvcwfpco;C:\Windows\System32\drivers\nvcwfpco.sys [2010-3-1 79440]
R2 RIM MDNS;RIM MDNS;C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [2013-6-4 389632]
R2 RIM Tunnel Service;BlackBerry Link Communication Manager;C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [2013-6-4 1263616]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2013-1-24 544688]
R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-8-1 317328]
R2 WDFMEService;WDFMEService;C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-8-1 1978256]
R2 WDRulesService;WDRulesService;C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-8-1 1338256]
R3 BlackBerry Device Manager;BlackBerry Device Manager;C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2013-3-6 585728]
R3 NT_NvcA;Nortel VPN Adapter;C:\Windows\System32\drivers\ntnvca.sys [2010-3-1 44112]
R3 rimvndis;BlackBerry Virtual Private Network;C:\Windows\System32\drivers\rimvndis6_AMD64.sys [2013-6-4 17920]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 CQCAppShell;CQC Application Shell;C:\Program Files (x86)\CQC\Bin\CQCAppShell.exe [2011-1-16 110080]
S2 HitmanPro37CrusaderBoot;HitmanPro 3.7 Crusader (Boot);\\cascade\documents\Virus Software\HitmanPro_x64.exe [2013-8-14 9853928]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2012-8-3 112080]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-10-26 16776]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-10-26 9096]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 139616]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-7-18 366600]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-25 19456]
S3 se64a;EnTech softEngine;C:\Windows\System32\drivers\se64a.sys [2010-4-6 14032]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-25 57856]
S3 usbrndis6;USB RNDIS6 Adapter;C:\Windows\System32\drivers\usb80236.sys [2013-4-21 19968]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-12 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2011-2-16 14464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
.
=============== Created Last 30 ================
.
2013-08-15 21:41:23 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-08-15 21:41:23 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-08-15 21:41:22 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-08-15 21:41:21 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-08-15 15:39:45 -------- d-----w- C:\Users\Josh\AppData\Local\{7F4D5BB9-BABA-4193-A768-EC6DEAB74F67}
2013-08-15 05:31:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-15 05:24:12 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{89EC576D-2F12-4A83-A258-CD718414AAC2}\mpengine.dll
2013-08-15 05:24:05 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-08-15 05:13:50 -------- d-----w- C:\FRST
2013-08-15 04:51:25 -------- d-sh--w- C:\$RECYCLE.BIN
2013-08-15 04:33:49 208896 ----a-w- C:\Windows\MBR.exe
2013-08-15 04:33:48 98816 ----a-w- C:\Windows\sed.exe
2013-08-15 04:33:48 256000 ----a-w- C:\Windows\PEV.exe
2013-08-15 04:04:23 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2013-08-15 03:46:39 -------- d-----w- C:\Program Files\HitmanPro
2013-08-15 03:46:06 -------- d-----w- C:\ProgramData\HitmanPro
2013-08-14 15:05:00 -------- d-----w- C:\Users\Josh\AppData\Local\{E094BFE5-7CFF-4A39-84CB-EA9BB638B792}
2013-08-14 05:04:42 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-14 04:40:08 -------- d-----w- C:\Windows\Temp671FB320-7AED-D895-D3AF-3D317DD701CE-Signatures
2013-08-14 04:31:00 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-14 04:29:18 -------- d-----w- C:\AdwCleaner
2013-08-14 04:00:22 -------- d-----w- C:\Windows\System32\MRT
2013-08-14 03:42:59 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-08-14 03:41:14 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-08-14 03:41:14 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-08-14 03:41:13 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-08-14 03:41:12 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-08-14 03:41:11 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-08-14 03:38:08 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-08-14 03:38:07 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-08-14 03:04:35 -------- d-----w- C:\Users\Josh\AppData\Local\{21CB45DA-AA75-49A2-8760-7449964DD9E5}
2013-08-14 01:45:16 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C3C6186D-F856-472D-8375-7C39858988E8}\mpengine.dll
2013-08-13 16:27:16 -------- d-----w- C:\Program Files (x86)\MalRootKit
2013-08-13 15:04:03 -------- d-----w- C:\Users\Josh\AppData\Local\{FDBDF59B-BD4C-4EEF-96BF-5421C8A14F95}
2013-08-13 13:41:50 -------- d-----w- C:\Windows\TempB9A6AC35-328F-9CCB-BD2B-802B2D9A612F-Signatures
2013-08-13 13:32:08 -------- d-----w- C:\Windows\Temp14874674-9C02-CC16-340A-1E971B788129-Signatures
2013-08-13 03:02:31 -------- d-----w- C:\Users\Josh\AppData\Local\{BF0A2499-3A34-49F8-BE13-035902DCA012}
.
==================== Find3M  ====================
.
2013-08-15 05:31:03 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-14 04:30:57 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-08-14 04:30:57 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-08-13 03:25:26 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-13 03:25:26 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-19 03:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-06-19 03:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-06-08 02:01:34 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2013-06-08 02:01:33 35656 ----a-w- C:\Windows\System32\LMIport.dll
2013-06-08 02:01:32 100680 ----a-w- C:\Windows\System32\LMIinit.dll
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 23:12:34 17920 ----a-w- C:\Windows\System32\drivers\rimvndis6_AMD64.sys
2013-05-25 00:24:50 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.001.bak
2013-05-25 00:24:48 100680 ----a-w- C:\Windows\System32\LMIinit.dll.000.bak
.
============= FINISH: 19:37:13.49 ===============
 

DDS Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 3/4/2011 7:06:52 AM
System Uptime: 8/15/2013 3:47:10 PM (4 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | P35-DS3R
Processor: Intel® Core™2 Duo CPU     E6750  @ 2.66GHz | Socket 775 | 2667/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 110 GiB total, 29.645 GiB free.
D: is FIXED (NTFS) - 298 GiB total, 294.381 GiB free.
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
L: is FIXED (NTFS) - 59 GiB total, 59.213 GiB free.
N: is FIXED (NTFS) - 59 GiB total, 58.504 GiB free.
T: is FIXED (NTFS) - 297 GiB total, 297.034 GiB free.
Y: is FIXED (NTFS) - 110 GiB total, 109.912 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0001
Manufacturer: Cisco Systems
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0001
Service: vpnva
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Acrobat.com
Active@ ISO Burner
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 11.5
AnswerWorks 5.0 English Runtime
Apcupsd
Apple Application Support
Apple Software Update
ASPCA Reminder by We-Care.com v5.0.5.1
B&K Editor for SR10.1
BBSAK
BeerSmith 2
BlackBerry Desktop Software 7.1
BlackBerry Device Software v6.0.0 for the BlackBerry 9650 smartphone
BlackBerry Link
BlackBerry World Browser Plugin
bodybugg Software
BRAdmin Professional 3
Cisco AnyConnect Diagnostics and Reporting Tool
Cisco AnyConnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client
Citrix Presentation Server Client - Web Only
Coupon Printer for Windows
D3DX10
DDPB Installer
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DIRECTV2PC™
Dropbox
DVDFab 8.0.6.8 (05/01/2011)
DVRMSToolbox
EaseUS Partition Master 9.1.1 Home Edition
EPSON WorkForce 630 Series Printer Uninstall
Evernote v. 4.6.7
Free M4a to MP3 Converter 6.1
GIMP 2.6.11
Google Chrome
Google Earth Plug-in
Google SketchUp 7
Google Toolbar for Internet Explorer
Google Update Helper
Handbrake 4319 Nightly
Highlight Viewer (Windows Live Toolbar)
HitmanPro 3.7
Java 7 Update 25
Java Auto Updater
Java™ 6 Update 20
Java™ 7 Update 3 (64-bit)
Junk Mail filter update
KeePass Password Safe 2.13
LibreOffice 4.0 Help Pack (English)
LibreOffice 4.0.0.3
Logitech Harmony Remote Software 7
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
Map Button (Windows Live Toolbar)
MediaMonkey 4.0
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Access 2010
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.1
Microsoft Office Access 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Monitor Asset Manager
MotoHelper 2.1.32 Driver 5.4.0
MotoHelper MergeModules
Motorola Mobile Drivers Installation 5.4.0
Mozilla Firefox 22.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Movies for Windows Media Center
Netflix in Windows Media Center
NirSoft BlueScreenView
Nortel VPN Client
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Display Control Panel
NVIDIA Graphics Driver 311.06
NVIDIA Install Application
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
PDFCreator
PVSonyDll
Quicken 2009
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Remote Control USB Driver
SageTV Client
Seagate Manager Installer
SeaTools for Windows
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Segoe UI
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype Click to Call
Skype™ 6.1
Smart Menus (Windows Live Toolbar)
Spelling Dictionaries Support For Adobe Reader 9
TurboTax 2010
TurboTax 2010 widiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
Universal Powerline Bus Setup Tool
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
WBFS Manager 3.0
WD SmartWare
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites for Windows Live Toolbar
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
Windows Mobile Device Updater Component
Windows Phone Support Tool
WinSCP 5.1.5
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== Event Viewer Messages From Past Week ========
.
8/9/2013 8:36:10 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk3\DR4.
8/9/2013 10:42:45 AM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 107.
8/9/2013 10:42:45 AM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
8/15/2013 3:50:35 PM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/15/2013 3:50:35 PM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
8/15/2013 3:48:31 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  sptd
8/15/2013 3:48:30 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the CQC Application Shell service to connect.
8/15/2013 3:48:30 PM, Error: Service Control Manager [7000]  - The CQC Application Shell service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/15/2013 3:47:41 PM, Error: Service Control Manager [7000]  - The HitmanPro 3.7 Crusader (Boot) service failed to start due to the following error:  The system cannot find the file specified.
8/15/2013 3:47:12 PM, Error: sptd [4]  - Driver detected an internal error in its data structures for .
8/15/2013 3:37:49 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
8/15/2013 2:50:09 AM, Error: Microsoft-Windows-HAL [12]  - The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
8/14/2013 9:37:16 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WDFMEService service.
8/14/2013 11:43:45 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2834140).
8/14/2013 11:08:18 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Behavior Monitoring   Error Code: 0x80004005   Error description: Unspecified error    Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
8/14/2013 10:54:02 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Behavior Monitoring   Error Code: 0x80004005   Error description: Unspecified error    Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
8/14/2013 10:52:57 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the BlackBerry Device Manager service to connect.
8/14/2013 10:52:57 PM, Error: Service Control Manager [7000]  - The BlackBerry Device Manager service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/14/2013 10:52:57 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service BlackBerry Device Manager with arguments "" in order to run the server: {BA3D0120-E617-4F66-ADCA-585CC2FB86DB}
8/14/2013 10:41:48 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
8/14/2013 10:40:46 PM, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/14/2013 10:35:40 PM, Error: Service Control Manager [7034]  - The Brother BRAdminPro Scheduler service terminated unexpectedly.  It has done this 1 time(s).
8/14/2013 10:32:43 PM, Error: Service Control Manager [7034]  - The Skype C2C Service service terminated unexpectedly.  It has done this 1 time(s).
8/13/2013 9:55:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 for x64-based Systems (KB2834140).
8/13/2013 9:55:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 for x64-based Systems (KB2808679).
8/13/2013 9:55:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB2868623).
8/13/2013 9:55:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB2850851).
8/13/2013 9:55:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB2834886).
8/13/2013 9:55:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2832414).
8/13/2013 7:36:26 AM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
8/13/2013 7:36:26 AM, Error: Service Control Manager [7003]  - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
8/13/2013 7:36:25 AM, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
8/13/2013 7:27:24 PM, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.
8/13/2013 7:25:31 PM, Error: Service Control Manager [7000]  - The Security Center service failed to start due to the following error:  A required privilege is not held by the client.
8/13/2013 7:25:29 PM, Error: Service Control Manager [7001]  - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error:  The service start failed since one or more services in the same process have an incompatible service SID type setting. A service with restricted service SID type can only coexist in the same process with other services with a restricted SID type. If the service SID type for this service was just configured, the hosting process must be restarted in order to start this service.
8/13/2013 7:25:29 PM, Error: Service Control Manager [7000]  - The Base Filtering Engine service failed to start due to the following error:  The service start failed since one or more services in the same process have an incompatible service SID type setting. A service with restricted service SID type can only coexist in the same process with other services with a restricted SID type. If the service SID type for this service was just configured, the hosting process must be restarted in order to start this service.
8/13/2013 7:25:27 PM, Error: Service Control Manager [7001]  - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error:  The service start failed since one or more services in the same process have an incompatible service SID type setting. A service with restricted service SID type can only coexist in the same process with other services with a restricted SID type. If the service SID type for this service was just configured, the hosting process must be restarted in order to start this service.
8/13/2013 6:16:38 PM, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147024891
8/13/2013 6:16:38 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:  %%-2147024891
8/13/2013 11:11:24 PM, Error: Service Control Manager [7022]  - The Windows Search service hung on starting.
8/13/2013 11:03:05 PM, Error: Service Control Manager [7000]  - The Microsoft Antimalware Service service failed to start due to the following error:  The system cannot find the file specified.
8/12/2013 9:01:39 PM, Error: Service Control Manager [7001]  - The WDFMEService service depends on the WDRulesService service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
8/12/2013 9:00:42 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the WDRulesService service to connect.
8/12/2013 9:00:42 PM, Error: Service Control Manager [7000]  - The WDRulesService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/12/2013 7:15:11 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
.
==== End Of File ===========================
 


Edited by calypsocowboy, 15 August 2013 - 09:07 PM.


BC AdBot (Login to Remove)

 


#2 calypsocowboy

calypsocowboy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 15 August 2013 - 09:08 PM

--FRST.txt---

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2013
Ran by Josh (administrator) on 15-08-2013 19:23:15
Running from C:\Users\Josh\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
() C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
() C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Nortel Networks) C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Users\Josh\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
(Dropbox, Inc.) C:\Users\Josh\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Apcupsd Team) C:\apcupsd\bin\apctray.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Binnerup Consult) C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe
(Seagate LLC) C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.Helper.exe
(Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.AutoUpdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [fssui] - C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [884584 2012-03-08] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2012-04-02] (LogMeIn, Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [163328 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [SkyDrive] - C:\Users\Josh\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-13] (Microsoft Corporation)
HKCU\...\Run: [BlackBerryLink.exe] - C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe [3787280 2013-06-05] (Research In Motion)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\Run: [Apctray] - C:\apcupsd\bin\apctray.exe [132096 2010-01-16] (Apcupsd Team)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1655296 2010-09-05] (Dominik Reichl)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [442896 2013-03-06] (Research In Motion Limited)
HKLM-x32\...\Run: [NVC] - C:\Program Files (x86)\Nortel\Nortel VPN Client\Nvc.exe [1717584 2010-03-01] (Nortel Networks)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [My Movies Tray] - C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe [475856 2011-07-09] (Binnerup Consult)
HKLM-x32\...\Run: [MaxMenuMgr] - C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-05-01] (Seagate LLC)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [701872 2013-01-24] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [RIM PeerManager] - C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4273664 2013-06-04] (Research In Motion Limited)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk
ShortcutTarget: WD Quick View.lnk -> C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe (Western Digital Technologies, Inc.)
Startup: C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Josh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://connect.micron.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: HKLM-x32 {A5A5E1FF-FFEF-3FEF-B592-C6D194F4383F} https://connect.micron.com/CACHE/sdesktop/install/binaries/instweb.cab
DPF: HKLM-x32 {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=972
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Hosts: 127.0.0.1 localhost
Tcpip\..\Interfaces\{202A034A-0E53-47DC-88F8-A79EA41DFB5B}: [NameServer]192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\s6377ipa.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @rim.com/npappworld - C:\Program Files (x86)\Research In Motion Limited\BlackBerry World Browser Plugin\npappworld.dll ()
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Josh\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Josh\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Users\Josh\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Josh\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Josh\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Josh\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll No File
CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files (x86)\Real\RhapsodyPlayerEngine\nprhapengine.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0
CHR Extension: (Google Search) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Gmail) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [lkpmjnommfoljgjbckjmjhkmnhfmcmon] - C:\ProgramData\WeCareReminder\\wecarereminderro.crx

==================== Services (Whitelisted) =================

R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-03-06] (Research In Motion Limited)
R2 BRA_Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [65536 2010-09-15] ()
R2 CLDTVHNService; C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [75048 2009-08-28] ()
S2 CQCAppShell; C:\Program Files (x86)\CQC\Bin\CQCAppShell.exe [110080 2011-01-16] ()
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-06-07] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-06-07] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-04-02] (LogMeIn, Inc.)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)
R2 NvcSvcMgr; C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe [628064 2010-03-01] (Nortel Networks)
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2013-06-04] (Apple Inc.)
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1263616 2013-06-04] (Research In Motion Limited)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [317328 2011-08-01] (WDC)
R2 WDFMEService; C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [1978256 2011-08-01] (Western Digital )
R2 WDRulesService; C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [1338256 2011-08-01] (Western Digital )
S2 HitmanPro37CrusaderBoot; "\\cascade\Documents\Virus Software\HitmanPro_x64.exe" /crusader:boot [x]
S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [x]

==================== Drivers (Whitelisted) ====================

S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-24] (LogMeIn, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R2 ntk_dtv; C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [82416 2009-08-28] (Cyberlink Corp.)
R2 ntk_dtv; C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [82416 2009-08-28] (Cyberlink Corp.)
R3 NT_NvcA; C:\Windows\System32\DRIVERS\ntnvca.sys [44112 2010-03-01] (Nortel Networks)
R2 nvcwfpco; C:\Windows\System32\DRIVERS\nvcwfpco.sys [79440 2010-03-01] (Nortel Networks Corporation)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2013-06-04] (Research in Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 se64a; C:\Windows\System32\drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan)
S3 se64a; C:\Windows\SysWow64\drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-02-15] (Duplex Secure Ltd.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-11] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S4 LMIRfsClientNP; No ImagePath
S3 motandroidusb; System32\Drivers\motoandroid.sys [x]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-15 19:16 - 2013-08-15 19:16 - 00002661 _____ C:\Users\Josh\Desktop\RKreport[0]_D_08152013_191617.txt
2013-08-15 19:16 - 2013-08-15 19:16 - 00002542 _____ C:\Users\Josh\Desktop\RKreport[0]_S_08152013_191611.txt
2013-08-15 19:16 - 2013-08-15 19:16 - 00001018 _____ C:\Users\Josh\Desktop\RKreport[0]_H_08152013_191642.txt
2013-08-15 15:41 - 2013-04-17 01:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-08-15 15:41 - 2013-04-17 00:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-08-15 15:41 - 2013-04-09 17:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-08-15 15:41 - 2013-04-02 16:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-08-15 09:39 - 2013-08-15 09:41 - 00000000 ____D C:\Users\Josh\AppData\Local\{7F4D5BB9-BABA-4193-A768-EC6DEAB74F67}
2013-08-14 23:32 - 2013-08-14 23:32 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 23:32 - 2013-08-14 23:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 23:32 - 2013-08-14 23:32 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-14 23:32 - 2013-08-14 23:32 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-08-14 23:32 - 2013-08-14 23:32 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-08-14 23:32 - 2013-08-14 23:32 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-08-14 23:32 - 2013-08-14 23:32 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-08-14 23:32 - 2013-08-14 23:32 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-08-14 23:32 - 2013-08-14 23:32 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-08-14 23:32 - 2013-08-14 23:32 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-14 23:32 - 2013-08-14 23:32 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-08-14 23:32 - 2013-08-14 23:32 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-08-14 23:32 - 2013-08-14 23:32 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-08-14 23:32 - 2013-08-14 23:32 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-08-14 23:32 - 2013-08-14 23:32 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-08-14 23:32 - 2013-08-14 23:32 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-08-14 23:32 - 2013-08-14 23:32 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 23:32 - 2013-08-14 23:32 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-08-14 23:32 - 2013-08-14 23:32 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-08-14 23:32 - 2013-08-14 23:32 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 23:32 - 2013-08-14 23:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-08-14 23:32 - 2013-08-14 23:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 23:32 - 2013-08-14 23:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-08-14 23:32 - 2013-08-14 23:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-08-14 23:32 - 2013-08-14 23:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-08-14 23:32 - 2013-08-14 23:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-08-14 23:31 - 2013-08-14 23:31 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-14 23:29 - 2013-08-14 23:34 - 00008305 _____ C:\Windows\IE10_main.log
2013-08-14 23:24 - 2013-08-14 23:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-08-14 23:13 - 2013-08-14 23:13 - 00000000 ____D C:\FRST
2013-08-14 22:46 - 2013-08-14 22:46 - 00027531 _____ C:\ComboFix.txt
2013-08-14 22:33 - 2011-06-26 00:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-14 22:33 - 2010-11-07 11:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-14 22:33 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-14 22:33 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-14 22:33 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-14 22:33 - 2000-08-30 18:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-14 22:33 - 2000-08-30 18:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-14 22:33 - 2000-08-30 18:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-14 22:32 - 2013-08-14 22:46 - 00000000 ____D C:\Qoobox
2013-08-14 22:32 - 2013-08-14 22:42 - 00000000 ____D C:\Windows\erdnt
2013-08-14 22:31 - 2013-08-15 19:17 - 00002110 _____ C:\Users\Josh\Desktop\Rkill.txt
2013-08-14 22:31 - 2013-08-14 22:31 - 00000000 ____D C:\Users\Josh\Desktop\rkill
2013-08-14 22:25 - 2013-08-14 22:25 - 00002185 _____ C:\Users\Josh\Desktop\RKreport[0]_D_08142013_222534.txt
2013-08-14 22:24 - 2013-08-14 22:24 - 00002110 _____ C:\Users\Josh\Desktop\RKreport[0]_S_08142013_222443.txt
2013-08-14 22:23 - 2013-08-14 22:23 - 00001102 _____ C:\Users\Josh\Desktop\RKreport[0]_DN_08142013_222306.txt
2013-08-14 22:22 - 2013-08-14 22:22 - 00003403 _____ C:\Users\Josh\Desktop\RKreport[0]_D_08142013_222205.txt
2013-08-14 22:21 - 2013-08-14 22:21 - 00003617 _____ C:\Users\Josh\Desktop\RKreport[0]_S_08142013_222102.txt
2013-08-14 22:04 - 2013-08-14 22:04 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-08-14 22:04 - 2013-08-14 22:04 - 00000918 _____ C:\Windows\system32\.crusader
2013-08-14 21:46 - 2013-08-14 22:05 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-14 21:46 - 2013-08-14 21:46 - 00001908 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-14 21:46 - 2013-08-14 21:46 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-14 09:05 - 2013-08-14 21:39 - 00000000 ____D C:\Users\Josh\AppData\Local\{E094BFE5-7CFF-4A39-84CB-EA9BB638B792}
2013-08-13 23:04 - 2013-08-15 19:07 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-13 22:40 - 2013-08-13 22:40 - 00000000 ____D C:\Windows\Temp671FB320-7AED-D895-D3AF-3D317DD701CE-Signatures
2013-08-13 22:31 - 2013-08-13 22:30 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-13 22:29 - 2013-08-13 22:37 - 00000000 ____D C:\AdwCleaner
2013-08-13 22:00 - 2013-08-13 22:02 - 00000000 ____D C:\Windows\system32\MRT
2013-08-13 21:43 - 2013-07-18 19:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-13 21:43 - 2013-07-18 19:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-13 21:43 - 2013-07-08 23:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-13 21:43 - 2013-07-08 23:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-13 21:43 - 2013-07-08 23:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-13 21:43 - 2013-07-08 23:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-13 21:43 - 2013-07-08 22:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-13 21:43 - 2013-07-08 22:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-13 21:43 - 2013-07-08 22:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-13 21:43 - 2013-07-08 22:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-13 21:43 - 2013-05-12 23:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-08-13 21:43 - 2013-05-12 21:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-08-13 21:43 - 2013-05-12 21:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-08-13 21:43 - 2013-05-12 21:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-08-13 21:43 - 2013-05-09 23:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-08-13 21:43 - 2013-05-09 21:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-08-13 21:43 - 2013-02-27 00:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-08-13 21:43 - 2013-02-26 23:52 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-08-13 21:43 - 2013-02-26 23:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-08-13 21:43 - 2013-02-26 23:48 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-08-13 21:43 - 2013-02-26 23:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-08-13 21:43 - 2013-02-26 22:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-08-13 21:43 - 2013-02-26 22:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-08-13 21:43 - 2013-02-26 22:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-08-13 21:42 - 2013-07-25 03:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-13 21:42 - 2013-07-25 02:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-13 21:42 - 2013-07-09 00:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-13 21:42 - 2013-07-08 23:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-13 21:42 - 2013-07-08 23:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-13 21:42 - 2013-07-08 23:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-13 21:42 - 2013-07-08 23:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-13 21:42 - 2013-07-08 22:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-13 21:42 - 2013-07-08 22:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-13 21:42 - 2013-07-08 20:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-13 21:42 - 2013-07-08 20:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-13 21:42 - 2013-07-08 20:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-13 21:42 - 2013-07-08 20:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-13 21:42 - 2013-07-06 00:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-13 21:42 - 2013-06-04 21:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-08-13 21:42 - 2013-04-25 23:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-08-13 21:42 - 2013-04-25 22:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-08-13 21:42 - 2013-04-12 08:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-08-13 21:42 - 2013-04-10 00:01 - 00983400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-08-13 21:42 - 2013-04-10 00:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-08-13 21:42 - 2013-03-18 23:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-08-13 21:42 - 2013-03-18 23:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-08-13 21:42 - 2011-02-03 05:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-08-13 21:41 - 2013-07-08 23:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-13 21:41 - 2013-07-08 22:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-13 21:41 - 2013-06-14 22:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-13 21:41 - 2013-06-04 00:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-08-13 21:41 - 2013-06-03 22:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-08-13 21:38 - 2013-04-25 17:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-08-13 21:38 - 2013-03-31 16:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-08-13 21:04 - 2013-08-13 21:04 - 00000000 ____D C:\Users\Josh\AppData\Local\{21CB45DA-AA75-49A2-8760-7449964DD9E5}
2013-08-13 18:16 - 2013-08-13 18:18 - 00000000 ____D C:\Users\Christina\AppData\Local\{B9966E7E-5CCF-42A3-8B22-47DBDE0340EE}
2013-08-13 10:27 - 2013-08-13 10:27 - 00000000 ____D C:\Program Files (x86)\MalRootKit
2013-08-13 09:04 - 2013-08-13 09:04 - 00000000 ____D C:\Users\Josh\AppData\Local\{FDBDF59B-BD4C-4EEF-96BF-5421C8A14F95}
2013-08-13 07:41 - 2013-08-13 07:41 - 00000000 ____D C:\Windows\TempB9A6AC35-328F-9CCB-BD2B-802B2D9A612F-Signatures
2013-08-13 07:32 - 2013-08-13 07:32 - 00000000 ____D C:\Windows\Temp14874674-9C02-CC16-340A-1E971B788129-Signatures
2013-08-13 07:24 - 2013-08-13 07:24 - 00003110 _____ C:\Windows\System32\Tasks\{4FB23BAD-AE39-4771-9769-4EEB01D3529E}
2013-08-12 21:02 - 2013-08-12 21:03 - 00000000 ____D C:\Users\Josh\AppData\Local\{BF0A2499-3A34-49F8-BE13-035902DCA012}

==================== One Month Modified Files and Folders =======

2013-08-15 19:17 - 2013-08-14 22:31 - 00002110 _____ C:\Users\Josh\Desktop\Rkill.txt
2013-08-15 19:16 - 2013-08-15 19:16 - 00002661 _____ C:\Users\Josh\Desktop\RKreport[0]_D_08152013_191617.txt
2013-08-15 19:16 - 2013-08-15 19:16 - 00002542 _____ C:\Users\Josh\Desktop\RKreport[0]_S_08152013_191611.txt
2013-08-15 19:16 - 2013-08-15 19:16 - 00001018 _____ C:\Users\Josh\Desktop\RKreport[0]_H_08152013_191642.txt
2013-08-15 19:07 - 2013-08-13 23:04 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-15 18:45 - 2010-12-24 09:10 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-15 18:38 - 2011-03-04 00:46 - 01250478 _____ C:\Windows\WindowsUpdate.log
2013-08-15 18:31 - 2013-03-07 21:42 - 00000000 ___RD C:\Users\Josh\SkyDrive
2013-08-15 18:31 - 2013-01-07 12:11 - 00000000 ___RD C:\Users\Josh\Dropbox
2013-08-15 18:31 - 2013-01-07 12:02 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Dropbox
2013-08-15 18:31 - 2011-03-04 08:07 - 00000632 __RSH C:\Users\Josh\ntuser.pol
2013-08-15 18:31 - 2011-03-04 00:03 - 00000000 ____D C:\Users\Josh
2013-08-15 18:31 - 2010-12-24 09:10 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-15 18:29 - 2012-10-01 21:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-15 15:55 - 2011-03-04 00:00 - 00010048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-15 15:55 - 2011-03-04 00:00 - 00010048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-15 15:47 - 2011-03-04 00:01 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-15 15:47 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-15 15:47 - 2009-07-13 22:51 - 01697623 _____ C:\Windows\setupact.log
2013-08-15 15:45 - 2011-07-27 22:37 - 00773726 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-08-15 15:45 - 2009-07-13 23:13 - 00773726 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-15 09:41 - 2013-08-15 09:39 - 00000000 ____D C:\Users\Josh\AppData\Local\{7F4D5BB9-BABA-4193-A768-EC6DEAB74F67}
2013-08-15 07:47 - 2012-02-02 22:43 - 00000000 ____D C:\ProgramData\LogMeIn
2013-08-15 00:14 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2013-08-14 23:42 - 2011-03-04 08:07 - 00001428 _____ C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-14 23:37 - 2009-07-13 22:45 - 00361504 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-14 23:35 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-08-14 23:35 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-08-14 23:35 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-08-14 23:35 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-08-14 23:35 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-08-14 23:34 - 2013-08-14 23:29 - 00008305 _____ C:\Windows\IE10_main.log
2013-08-14 23:32 - 2013-08-14 23:32 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 23:32 - 2013-08-14 23:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 23:32 - 2013-08-14 23:32 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-14 23:32 - 2013-08-14 23:32 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-08-14 23:32 - 2013-08-14 23:32 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-08-14 23:32 - 2013-08-14 23:32 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-08-14 23:32 - 2013-08-14 23:32 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-08-14 23:32 - 2013-08-14 23:32 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-08-14 23:32 - 2013-08-14 23:32 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-08-14 23:32 - 2013-08-14 23:32 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-14 23:32 - 2013-08-14 23:32 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-08-14 23:32 - 2013-08-14 23:32 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-08-14 23:32 - 2013-08-14 23:32 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-08-14 23:32 - 2013-08-14 23:32 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-08-14 23:32 - 2013-08-14 23:32 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-08-14 23:32 - 2013-08-14 23:32 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-08-14 23:32 - 2013-08-14 23:32 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 23:32 - 2013-08-14 23:32 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-08-14 23:32 - 2013-08-14 23:32 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-08-14 23:32 - 2013-08-14 23:32 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 23:32 - 2013-08-14 23:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-08-14 23:32 - 2013-08-14 23:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 23:32 - 2013-08-14 23:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-08-14 23:32 - 2013-08-14 23:32 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-08-14 23:32 - 2013-08-14 23:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-08-14 23:32 - 2013-08-14 23:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-08-14 23:32 - 2013-08-14 23:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-08-14 23:31 - 2013-08-14 23:31 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-14 23:31 - 2013-08-14 23:31 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-14 23:24 - 2013-08-14 23:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-08-14 23:24 - 2011-01-25 22:29 - 00001945 _____ C:\Windows\epplauncher.mif
2013-08-14 23:24 - 2011-01-25 22:27 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-08-14 23:23 - 2008-11-02 08:46 - 00000000 ____D C:\Downloaded Files
2013-08-14 23:13 - 2013-08-14 23:13 - 00000000 ____D C:\FRST
2013-08-14 22:50 - 2011-03-04 00:18 - 00037504 _____ C:\Windows\PFRO.log
2013-08-14 22:46 - 2013-08-14 22:46 - 00027531 _____ C:\ComboFix.txt
2013-08-14 22:46 - 2013-08-14 22:32 - 00000000 ____D C:\Qoobox
2013-08-14 22:42 - 2013-08-14 22:32 - 00000000 ____D C:\Windows\erdnt
2013-08-14 22:41 - 2009-07-13 20:34 - 00000215 _____ C:\Windows\system.ini
2013-08-14 22:31 - 2013-08-14 22:31 - 00000000 ____D C:\Users\Josh\Desktop\rkill
2013-08-14 22:25 - 2013-08-14 22:25 - 00002185 _____ C:\Users\Josh\Desktop\RKreport[0]_D_08142013_222534.txt
2013-08-14 22:24 - 2013-08-14 22:24 - 00002110 _____ C:\Users\Josh\Desktop\RKreport[0]_S_08142013_222443.txt
2013-08-14 22:23 - 2013-08-14 22:23 - 00001102 _____ C:\Users\Josh\Desktop\RKreport[0]_DN_08142013_222306.txt
2013-08-14 22:22 - 2013-08-14 22:22 - 00003403 _____ C:\Users\Josh\Desktop\RKreport[0]_D_08142013_222205.txt
2013-08-14 22:21 - 2013-08-14 22:21 - 00003617 _____ C:\Users\Josh\Desktop\RKreport[0]_S_08142013_222102.txt
2013-08-14 22:05 - 2013-08-14 21:46 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-14 22:04 - 2013-08-14 22:04 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-08-14 22:04 - 2013-08-14 22:04 - 00000918 _____ C:\Windows\system32\.crusader
2013-08-14 21:46 - 2013-08-14 21:46 - 00001908 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-14 21:46 - 2013-08-14 21:46 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-14 21:39 - 2013-08-14 09:05 - 00000000 ____D C:\Users\Josh\AppData\Local\{E094BFE5-7CFF-4A39-84CB-EA9BB638B792}
2013-08-13 22:40 - 2013-08-13 22:40 - 00000000 ____D C:\Windows\Temp671FB320-7AED-D895-D3AF-3D317DD701CE-Signatures
2013-08-13 22:37 - 2013-08-13 22:29 - 00000000 ____D C:\AdwCleaner
2013-08-13 22:30 - 2013-08-13 22:31 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-13 22:30 - 2013-07-10 20:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-13 22:30 - 2012-10-21 09:26 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-08-13 22:30 - 2011-10-30 14:37 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-13 22:30 - 2011-10-30 14:37 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-13 22:30 - 2011-10-30 14:37 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-13 22:30 - 2010-12-07 12:51 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-13 22:30 - 2010-12-07 12:50 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-13 22:24 - 2012-04-06 22:20 - 00000000 ___RD C:\Users\Josh\Podcasts
2013-08-13 22:24 - 2008-11-01 13:20 - 00000000 ___RD C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-13 22:24 - 2008-11-01 13:20 - 00000000 ___RD C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-08-13 22:19 - 2009-07-14 01:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-13 22:19 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-13 22:19 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-13 22:09 - 2011-10-06 10:52 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-13 22:02 - 2013-08-13 22:00 - 00000000 ____D C:\Windows\system32\MRT
2013-08-13 21:04 - 2013-08-13 21:04 - 00000000 ____D C:\Users\Josh\AppData\Local\{21CB45DA-AA75-49A2-8760-7449964DD9E5}
2013-08-13 19:31 - 2013-01-07 12:05 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-08-13 18:18 - 2013-08-13 18:16 - 00000000 ____D C:\Users\Christina\AppData\Local\{B9966E7E-5CCF-42A3-8B22-47DBDE0340EE}
2013-08-13 18:16 - 2011-10-03 22:47 - 00000000 ____D C:\Users\Christina\AppData\Local\Research In Motion
2013-08-13 18:16 - 2011-05-13 15:44 - 00000632 __RSH C:\Users\Christina\ntuser.pol
2013-08-13 18:16 - 2011-03-04 00:03 - 00000000 ____D C:\Users\Christina
2013-08-13 10:27 - 2013-08-13 10:27 - 00000000 ____D C:\Program Files (x86)\MalRootKit
2013-08-13 09:04 - 2013-08-13 09:04 - 00000000 ____D C:\Users\Josh\AppData\Local\{FDBDF59B-BD4C-4EEF-96BF-5421C8A14F95}
2013-08-13 07:41 - 2013-08-13 07:41 - 00000000 ____D C:\Windows\TempB9A6AC35-328F-9CCB-BD2B-802B2D9A612F-Signatures
2013-08-13 07:32 - 2013-08-13 07:32 - 00000000 ____D C:\Windows\Temp14874674-9C02-CC16-340A-1E971B788129-Signatures
2013-08-13 07:24 - 2013-08-13 07:24 - 00003110 _____ C:\Windows\System32\Tasks\{4FB23BAD-AE39-4771-9769-4EEB01D3529E}
2013-08-12 22:53 - 2008-11-10 22:58 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Intuit
2013-08-12 21:25 - 2012-10-01 21:26 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-12 21:25 - 2012-03-30 13:03 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-12 21:25 - 2011-05-13 14:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-12 21:06 - 2008-11-04 22:33 - 00000000 ____D C:\Users\Josh\AppData\Local\Adobe
2013-08-12 21:03 - 2013-08-12 21:02 - 00000000 ____D C:\Users\Josh\AppData\Local\{BF0A2499-3A34-49F8-BE13-035902DCA012}
2013-08-12 20:59 - 2013-04-21 22:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-12 20:59 - 2013-04-21 22:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-12 02:18 - 2013-07-07 20:36 - 00000000 ____D C:\Users\Josh\AppData\Local\{4F62D9D9-756B-45F7-A88A-B8A4B298FCBE}
2013-08-07 23:20 - 2008-11-02 09:31 - 00002234 ____H C:\Users\Josh\Documents\Default.rdp
2013-08-07 23:12 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-08-05 17:28 - 2013-01-26 18:01 - 00001364 _____ C:\Users\Conner\Desktop\ROBLOX Player.lnk
2013-08-05 16:14 - 2011-03-12 11:06 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-31 23:33 - 2011-12-17 13:08 - 00002374 _____ C:\Users\Josh\Desktop\Google Chrome.lnk
2013-07-26 09:53 - 2009-01-06 22:17 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-25 03:25 - 2013-08-13 21:42 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 02:57 - 2013-08-13 21:42 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-24 13:04 - 2013-01-15 23:20 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-18 19:58 - 2013-08-13 21:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-07-18 19:41 - 2013-08-13 21:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

Files to move or delete:
====================
C:\Users\Josh\putty.exe
C:\Users\Josh\AppData\Roaming\skype.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-08-13 00:25

==================== End Of Log ============================


Edited by calypsocowboy, 15 August 2013 - 09:11 PM.


#3 calypsocowboy

calypsocowboy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 15 August 2013 - 09:12 PM

addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2013
Ran by Josh at 2013-08-15 19:23:48
Running from C:\Users\Josh\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

  
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Acrobat.com (x32 Version: 0.0.0)
Acrobat.com (x32 Version: 1.1.377)
Active@ ISO Burner (x32 Version: 2.1.0)
Adobe AIR (x32 Version: 1.0.4990)
Adobe AIR (x32 Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.2.602)
AnswerWorks 5.0 English Runtime (x32 Version: 5.0.7)
Apcupsd (x32)
Apple Application Support (x32 Version: 1.4.1)
Apple Software Update (x32 Version: 2.1.1.116)
ASPCA Reminder by We-Care.com v5.0.5.1 (x32 Version: 5.0.5.1)
B&K Editor for SR10.1 (x32 Version: 1.00.0000)
BBSAK (x32 Version: 1.9.11)
BeerSmith 2 (x32)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41)
BlackBerry Device Software v6.0.0 for the BlackBerry 9650 smartphone (x32 Version: 6.0.0.706 (Platform 4.4.0.560))
BlackBerry Link (x32 Version: 1.1.1.26)
BlackBerry World Browser Plugin (x32 Version: 4.4.1.5)
bodybugg Software (x32 Version: 9.0.1.847)
BRAdmin Professional 3 (x32 Version: 3.42.0007)
Cisco AnyConnect Diagnostics and Reporting Tool (x32 Version: 3.1.02040)
Cisco AnyConnect Secure Mobility Client  (x32 Version: 3.1.02040)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.02040)
Citrix Presentation Server Client - Web Only (x32 Version: 10.100.55836)
Coupon Printer for Windows (x32 Version: 5.0.0.1)
D3DX10 (x32 Version: 15.4.2368.0902)
DDPB Installer (x32 Version: 1.0.6)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
DIRECTV2PC™ (x32 Version: 2.0.5618)
Dropbox (HKCU Version: 2.0.22)
DVDFab 8.0.6.8 (05/01/2011) (x32)
DVRMSToolbox (x32 Version: 1.2.1)
EaseUS Partition Master 9.1.1 Home Edition (x32)
Evernote v. 4.6.7 (x32 Version: 4.6.7.8409)
Free M4a to MP3 Converter 6.1 (x32)
GIMP 2.6.11 (x32 Version: 2.6.11)
Google Chrome (HKCU Version: 28.0.1500.95)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google SketchUp 7 (x32 Version: 2.0.8657)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.153)
Handbrake 4319 Nightly (x32 Version: 4319 Nightly)
Highlight Viewer (Windows Live Toolbar) (x32 Version: 03.01.0146)
HitmanPro 3.7 (Version: 3.7.7.203)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java™ 6 Update 20 (x32 Version: 6.0.200)
Java™ 7 Update 3 (64-bit) (Version: 7.0.30)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
KeePass Password Safe 2.13 (x32)
LibreOffice 4.0 Help Pack (English) (x32 Version: 4.0.0.3)
LibreOffice 4.0.0.3 (x32 Version: 4.0.0.3)
Logitech Harmony Remote Software 7 (x32 Version: 7.7.0.0)
LogMeIn (x32 Version: 4.1.2450)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Map Button (Windows Live Toolbar) (x32 Version: 03.01.0146)
MediaMonkey 4.0 (x32 Version: 4.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Access 2010 (x32 Version: 14.0.7015.1000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0)
Microsoft Office Access 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Search Enhancement Pack (x32 Version: 3.0.133.0)
Microsoft Security Client (Version: 4.3.0216.0)
Microsoft Security Essentials (Version: 4.3.216.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Monitor Asset Manager (x32)
MotoHelper 2.1.32 Driver 5.4.0 (x32 Version: 2.1.32)
MotoHelper MergeModules (x32 Version: 1.2.0)
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0)
Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
My Movies for Windows Media Center (x32 Version: 4.0.1.102)
Netflix in Windows Media Center (x32 Version: 2.0.0.0)
NirSoft BlueScreenView (x32)
Nortel VPN Client (Version: 10.04.016)
NVIDIA 3D Vision Driver 311.06 (Version: 311.06)
NVIDIA Control Panel 311.06 (Version: 311.06)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Graphics Driver 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (x32 Version: 9.10.0129)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
ON WorkForce 630 Series Printer Uninstall
PDFCreator (x32 Version: 1.7.0)
PVSonyDll (Version: 1.00.0001)
Quicken 2009 (x32 Version: 18.1.2.12)
QuickTime (x32 Version: 7.69.80.9)
Realtek 8136 8168 8169 Ethernet Driver (x32 Version: 1.00.0004)
Remote Control USB Driver (x32 Version: 2.3.2.317)
SageTV Client (x32 Version: 7.0.23)
Seagate Manager Installer (x32 Version: 2.02.0109)
SeaTools for Windows (x32 Version: 1.2.0.4)
Segoe UI (x32 Version: 15.4.2271.0615)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
Skype Click to Call (x32 Version: 6.10.13089)
Skype™ 6.1 (x32 Version: 6.1.129)
Smart Menus (Windows Live Toolbar) (x32 Version: 03.01.0146)
Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0)
TurboTax 2010 (x32)
TurboTax 2010 widiper (x32 Version: 010.000.1276)
TurboTax 2010 WinPerFedFormset (x32 Version: 010.000.3906)
TurboTax 2010 WinPerReleaseEngine (x32 Version: 010.000.0445)
TurboTax 2010 WinPerTaxSupport (x32 Version: 010.000.0213)
TurboTax 2010 wrapper (x32 Version: 010.000.0157)
Universal Powerline Bus Setup Tool (x32 Version: 4.6)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
WBFS Manager 3.0 (x32 Version: 3.0)
WD SmartWare (Version: 1.5.1)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live Favorites for Windows Live Toolbar (x32 Version: 03.01.0146)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8064.206)
Windows Live Toolbar Extension (Windows Live Toolbar) (x32 Version: 03.01.0146)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Mobile Device Center (Version: 6.1.6965.0)
Windows Mobile Device Center Driver Update (Version: 6.1.6965.0)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
Windows Phone Support Tool (Version: 2.0.0000)
WinSCP 5.1.5 (x32 Version: 5.1.5)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)

==================== Restore Points  =========================

==================== Hosts content: ==========================

2006-11-02 06:34 - 2013-08-15 19:16 - 00000741 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {22D5B03A-2FC2-433D-87FC-165B95862A1A} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {2416D673-5E4D-4EA1-B5A6-41EDB2C8CBD4} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {3D715777-6BE0-4659-9BAC-E6499AE14FC9} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {43D1174D-F861-4E25-B9B0-EB74D5361EDA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-12] (Adobe Systems Incorporated)
Task: {56139B40-B6A6-4A24-BFEA-BD005E7CE6B8} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-07-18] (Microsoft Corporation)
Task: {5A40021B-3798-4458-BDBA-AF8ADD55A847} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24] (Google Inc.)
Task: {712C6861-2B14-4E72-92BA-22B6921FE2B7} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs No File
Task: {8EF874BF-ED95-4866-A942-90992769DE07} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2009-07-13] (Microsoft Corp.)
Task: {8FAC27AF-E15E-4146-B87A-3E05D18A258D} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4209986793-3594793115-404852537-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe No File
Task: {A44ED43A-2183-4060-BF0C-CFEFD7B22426} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {A5FF4BE8-7163-4DDC-9FAE-8962A10B51D5} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {C700117D-1816-4395-975A-82F5AFF4011C} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-04-13] (Microsoft Corporation)
Task: {C731B0DA-B7C9-4884-A5B8-D8AE96E286FE} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2010-11-20] (Microsoft Corporation)
Task: {E3498224-E683-4BA8-9511-D5A4FBFE2B43} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4209986793-3594793115-404852537-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe No File
Task: {E71C6C4C-8AC1-44C8-9421-1ED52CBD0523} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24] (Google Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs No File
Task: {F639B782-494B-4638-AA24-C47F81181DE9} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: sptd
Description: sptd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: sptd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/15/2013 07:22:09 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16660, time stamp: 0x51f1c5f3
Faulting module name: nvwgf2um.dll, version: 9.18.13.1106, time stamp: 0x50f9458d
Exception code: 0xc0000005
Fault offset: 0x001a2519
Faulting process id: 0x187c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (08/15/2013 02:50:07 AM) (Source: RIM MDNS) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15366

Error: (08/15/2013 02:50:07 AM) (Source: RIM MDNS) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15366

Error: (08/15/2013 02:50:07 AM) (Source: RIM MDNS) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/15/2013 00:34:58 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (08/14/2013 09:37:39 PM) (Source: RIM MDNS) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 1

Error: (08/14/2013 09:37:38 PM) (Source: RIM MDNS) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 1

Error: (08/14/2013 09:37:36 PM) (Source: RIM MDNS) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 1

Error: (08/14/2013 09:37:35 PM) (Source: RIM MDNS) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 1

Error: (08/14/2013 09:37:34 PM) (Source: RIM MDNS) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 1

System errors:
=============
Error: (08/15/2013 03:50:35 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (08/15/2013 03:50:35 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (08/15/2013 03:48:31 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (08/15/2013 03:48:30 PM) (Source: Service Control Manager) (User: )
Description: The CQC Application Shell service failed to start due to the following error:
%%1053

Error: (08/15/2013 03:48:30 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the CQC Application Shell service to connect.

Error: (08/15/2013 03:47:41 PM) (Source: Service Control Manager) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service failed to start due to the following error:
%%2

Error: (08/15/2013 03:47:12 PM) (Source: sptd) (User: )
Description: Driver detected an internal error in its data structures for .

Error: (08/15/2013 03:37:49 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

Error: (08/15/2013 07:47:47 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

Error: (08/15/2013 02:50:09 AM) (Source: Microsoft-Windows-HAL) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

Microsoft Office Sessions:
=========================
Error: (08/15/2013 07:22:09 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.1666051f1c5f3nvwgf2um.dll9.18.13.110650f9458dc0000005001a2519187c01ce9a1ef5c237b1C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\nvwgf2um.dll44d1703a-0612-11e3-ae65-02b003af0401

Error: (08/15/2013 02:50:07 AM) (Source: RIM MDNS)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15366

Error: (08/15/2013 02:50:07 AM) (Source: RIM MDNS)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15366

Error: (08/15/2013 02:50:07 AM) (Source: RIM MDNS)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/15/2013 00:34:58 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (08/14/2013 09:37:39 PM) (Source: RIM MDNS)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 1

Error: (08/14/2013 09:37:38 PM) (Source: RIM MDNS)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 1

Error: (08/14/2013 09:37:36 PM) (Source: RIM MDNS)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 1

Error: (08/14/2013 09:37:35 PM) (Source: RIM MDNS)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 1

Error: (08/14/2013 09:37:34 PM) (Source: RIM MDNS)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 1

CodeIntegrity Errors:
===================================
  Date: 2013-08-14 22:40:46.132
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-14 22:40:46.054
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 50%
Total physical RAM: 4094.49 MB
Available physical RAM: 2017.82 MB
Total Pagefile: 8187.17 MB
Available Pagefile: 5871.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (SAM_500GB_PARTA) (Fixed) (Total:110 GB) (Free:29.67 GB) NTFS (Disk=2 Partition=1) ==>[Drive with boot components (obtained from BCD)]
Drive d: (MAX_320GB) (Fixed) (Total:298.08 GB) (Free:294.38 GB) NTFS (Disk=1 Partition=1)
Drive l: (MAX_250G_PARTLINUX) (Fixed) (Total:59.3 GB) (Free:59.21 GB) NTFS (Disk=0 Partition=2)
Drive n: (SAM_500GB_PARTLINUX) (Fixed) (Total:58.59 GB) (Free:58.5 GB) NTFS (Disk=2 Partition=2)
Drive t: (SAM_500GB_PARTDATA) (Fixed) (Total:297.16 GB) (Free:297.03 GB) NTFS (Disk=2 Partition=3)
Drive y: (MAX_250GB_PARTA) (Fixed) (Total:110 GB) (Free:109.91 GB) NTFS (Disk=0 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 234 GB) (Disk ID: 2CB26BAF)
Partition 1: (Active) - (Size=110 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=59 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 9520C24D)
Partition 1: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 814FC60C)
Partition 1: (Active) - (Size=110 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=59 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=297 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

rkill.txt

Rkill 2.6.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/15/2013 07:17:13 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1 localhost

Program finished at: 08/15/2013 07:17:57 PM
Execution time: 0 hours(s), 0 minute(s), and 43 seconds(s)

 

That should be all five.

 

Thanks,

Josh


Edited by calypsocowboy, 15 August 2013 - 09:13 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:13 PM

Posted 18 August 2013 - 01:13 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Your DDS log is clean. Lets check these out.

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM

Let me know what problem persists.

#5 calypsocowboy

calypsocowboy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 19 August 2013 - 12:42 AM

ADWCleaner.txt, there was no Delete, only Clean

 

# AdwCleaner v3.000 - Report created18/08/2013at22:43:59
# Updated 13/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Josh - VISTAMC
# Running from : C:\Users\Josh\Desktop\AdwCleaner.exe

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

[OK] No bad entry found.

-\\ Mozilla Firefox v22.0 (en-US)

[ File : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\s6377ipa.default\prefs.js ]

[OK] No bad entry found.

[ File : C:\Users\Conner\AppData\Roaming\Mozilla\Firefox\Profiles\whhpfhh6.default\prefs.js ]

[OK] No bad entry found.

-\\ Google Chrome v

[ File : C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[OK] No bad entry found.

*************************

AdwCleaner[0].txt - [4090 octets] - [13/08/2013 22:34:00]
AdwCleaner[1].txt - [986 octets] - [18/08/2013 22:43:59]

########## EOF - C:\AdwCleaner\AdwCleaner[1].txt - [1044 octets] ##########

 

JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.0 (08.18.2013:1)
OS: Windows 7 Home Premium x64
Ran by Josh on Sun 08/18/2013 at 23:20:24.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Josh\appdata\local\{9D0BB719-C8AB-460E-AFFC-3A0F2B7247C2}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 08/18/2013 at 23:25:36.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Security Check (checkup.txt)

 

 Results of screen317's Security Check version 0.99.72 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java™ 6 Update 20 
 Java 7 Update 25 
 Adobe Flash Player 11.8.800.94 
 Adobe Reader 9 
 Adobe Reader XI 
 Mozilla Firefox 22.0 Firefox out of Date! 
 Google Chrome 28.0.1500.72 
 Google Chrome 28.0.1500.95 
 Google Chrome plugins... 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:13 PM

Posted 19 August 2013 - 10:24 AM

The logs are clean.

Any remaining issues with this computer?

#7 calypsocowboy

calypsocowboy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 19 August 2013 - 11:58 PM

No, remaining issues. Thank you for your help.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:13 PM

Posted 20 August 2013 - 08:30 AM

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.
===

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful addons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:13 PM

Posted 20 August 2013 - 08:30 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users