Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess Rootkit removed but traces remain


  • This topic is locked This topic is locked
86 replies to this topic

#1 markshaw.mks

markshaw.mks

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 16 November 2013 - 11:23 AM

I have gone through the gauntlet of malware removal/remediation software to remove the incredibly frustrating Rootkit. There are no longer infected files on my computer, according to the various scans and logs recommended by several Malware removal forums including this one. The only lingering issue is the "virus is detected and has been removed" action when trying to download files, caused by corrupted Windows Defender. I have been able to work around this by renaming the Windows Defender folder in Program Files, but I can't seem to restore the program back to its proper state. The icon in the Control Panel is blank. I uninstalled Java as I was advised that this is a common target of rootkit malware.

 

My FSS.txt log  yields the following item:

 

ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll Reparse point on file detected.

 

Below is my DDS.txt log. I have also attached my attach.txt log

 

I have also run FRST and have the FRST.txt and Addition.txt logs posted as well.

 

Please help and thanks in advance!

 

Mark

 

___________________________DDS_____________________________

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16736
Run by Mark at 10:42:10 on 2013-11-16
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.2.1033.18.2015.1060 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.theglobeandmail.com/
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Trixie.Bho: {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} -
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - c:\windows\system32\mscoree.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1004341E-C01D-4D99-8084-9CD0938A7E1B} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1004341E-C01D-4D99-8084-9CD0938A7E1B}\34963736F60303739343 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1004341E-C01D-4D99-8084-9CD0938A7E1B}\34963736F60393334383 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1004341E-C01D-4D99-8084-9CD0938A7E1B}\B656C6479656D2E65647 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{D4C4A9B4-2C14-44AB-AF3B-2931D707AF99} : DHCPNameServer = 206.248.154.22 206.248.154.170
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: asp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: ezstor - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: hsp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: x-asp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: x-cnote - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: x-hsp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - c:\windows\system32\WowCtl2.dll
Handler: x-zip - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Handler: zip - {8D32BA61-D15B-11d4-894B-000000000000} - c:\windows\system32\hsppp.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 100328]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-12-3 625224]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [2009-8-13 22528]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2007-4-25 31232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-2 15872]
S3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\drivers\rcblan.sys [2010-8-10 39704]
S3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB.SYS [2010-6-16 59464]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-2 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-9 1343400]
.
=============== Created Last 30 ================
.
2013-11-16 15:09:31 -------- d-----w- C:\FRST
2013-11-16 04:23:22 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-11-16 04:23:21 105176 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-16 04:09:13 -------- d-----w- C:\AdwCleaner
2013-11-16 03:16:35 -------- d-sh--w- C:\$RECYCLE.BIN
2013-11-16 02:41:40 98816 ----a-w- c:\windows\sed.exe
2013-11-16 02:41:40 256000 ----a-w- c:\windows\PEV.exe
2013-11-16 02:41:40 208896 ----a-w- c:\windows\MBR.exe
2013-11-16 02:41:33 -------- d-----w- C:\ComboFix
2013-11-15 00:40:59 817664 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-11-15 00:40:58 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-11-15 00:40:57 770736 ----a-w- c:\program files\internet explorer\iexplore.exe
2013-11-14 02:52:23 -------- d-----w- c:\program files\iPod
2013-11-14 02:52:22 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-14 02:52:22 -------- d-----w- c:\program files\iTunes
2013-11-14 02:45:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-11-14 02:45:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-11-14 02:45:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-11-14 02:45:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-11-14 02:45:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-11-13 22:44:56 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-13 22:44:55 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-11-13 22:44:55 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-13 22:44:45 1168384 ----a-w- c:\windows\system32\crypt32.dll
.
==================== Find3M  ====================
.
2013-11-16 05:00:23 75992 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-10-12 07:02:33 2877952 ----a-w- c:\windows\system32\jscript9.dll
2013-10-12 07:02:29 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-10-12 07:02:29 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-10-12 06:08:58 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-12 05:15:39 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-10-08 22:20:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 22:20:10 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-04 01:58:50 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- c:\windows\system32\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- c:\windows\system32\authui.dll
2013-10-03 01:58:07 305152 ----a-w- c:\windows\system32\gdi32.dll
2013-09-25 02:01:08 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:01:06 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-09-25 01:57:46 99840 ----a-w- c:\windows\system32\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- c:\windows\system32\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-09-25 01:56:02 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-25 00:49:20 22016 ----a-w- c:\windows\system32\lsass.exe
2013-09-25 00:49:18 15872 ----a-w- c:\windows\system32\sspisrv.dll
2013-09-14 00:48:58 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-08 02:07:12 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03:58 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-09-04 01:15:32 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 01:14:52 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 01:14:52 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-09-04 01:14:45 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 01:14:45 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 01:14:43 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 01:14:40 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-09-03 18:35:12 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-29 01:51:45 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 01:50:30 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- c:\windows\system32\advapi32.dll
2013-08-28 01:04:30 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 00:57:20 434688 ----a-w- c:\windows\system32\scavengeui.dll
.
============= FINISH: 10:43:52.84 ===============

 

__________________________FRST______________________________

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-11-2013
Ran by Mark (administrator) on MARK-PC on 16-11-2013 10:09:40
Running from C:\Users\Mark\Desktop
Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Program Files\ATK Hotkey\ASLDRSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\ATKOSD2\ATKOSD2.exe
(ATK0100) C:\Program Files\ATK Hotkey\Hcontrol.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUSTeK Computer INC.) C:\Program Files\ASUS\ATK Media\DMedia.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
() C:\Program Files\ATK Hotkey\ATKOSD.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\ATK Hotkey\KBFiltr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-03-01] (Synaptics, Inc.)
HKLM\...\Run: [ATKMEDIA] - C:\Program Files\ASUS\ATK Media\DMedia.exe [61440 2006-11-02] (ASUSTeK Computer INC.)
HKLM\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7862816 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [SMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.Exe [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-01-20] (Google Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theglobeandmail.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE85B78F90144CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0CB6E1B3-9E5B-414E-B2CA-BE8ED0889EA0} URL = http://www.youtube.com/results?search_query={searchTerms}
SearchScopes: HKCU - {12721131-9802-44AA-AB2D-D8B57820187E} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {84492CDC-4A42-40C4-9F96-B204A2B4C771} URL = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: asp - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\System32\hsppp.dll (EzTools Software)
Handler: ezstor - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\System32\hsppp.dll (EzTools Software)
Handler: hsp - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\System32\hsppp.dll (EzTools Software)
Handler: x-asp - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\System32\hsppp.dll (EzTools Software)
Handler: x-cnote - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\System32\hsppp.dll (EzTools Software)
Handler: x-hsp - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\System32\hsppp.dll (EzTools Software)
Handler: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\Windows\System32\WowCtl2.dll (EzTools Software)
Handler: x-zip - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\System32\hsppp.dll (EzTools Software)
Handler: zip - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\System32\hsppp.dll (EzTools Software)
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U35) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Wallet) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

========================== Services (Whitelisted) =================

R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-05] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-07] ()
S3 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [1249064 2011-07-29] ()
S2 WinDefend; %programFiles%\Windows Defender\mpsvc.dll [x]

==================== Drivers (Whitelisted) ====================

R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2009-02-10] (EZB Systems, Inc.)
R0 JGOGO; C:\Windows\System32\DRIVERS\JGOGO.sys [6912 2006-02-07] (JMicron )
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [48000 2007-04-11] (JMicron Technology Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( )
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
S3 RemoteControl-USBLAN; C:\Windows\System32\DRIVERS\rcblan.sys [39704 2007-01-24] (Belcarra Technologies)
S3 RT-USB; C:\Windows\System32\drivers\RT-USB.SYS [59464 2010-06-16] (Ross-Tech LLC)
S3 catchme; \??\C:\Users\Mark\AppData\Local\Temp\catchme.sys [x]
S1 jtguryhf; \??\C:\Windows\system32\drivers\jtguryhf.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-16 10:09 - 2013-11-16 10:10 - 00012877 _____ C:\Users\Mark\Desktop\FRST.txt
2013-11-16 10:09 - 2013-11-16 10:09 - 01090529 _____ (Farbar) C:\Users\Mark\Desktop\FRST.exe
2013-11-16 10:09 - 2013-11-16 10:09 - 00000000 ____D C:\FRST
2013-11-15 23:46 - 2013-11-15 23:52 - 00001559 _____ C:\Users\Mark\Downloads\FSS.txt
2013-11-15 23:46 - 2013-11-15 23:46 - 00360775 _____ (Farbar) C:\Users\Mark\Desktop\FSS.exe
2013-11-15 23:39 - 2013-11-15 23:39 - 00688992 _____ (Swearware) C:\Users\Mark\Desktop\dds.com
2013-11-15 23:38 - 2013-11-15 23:42 - 376158208 _____ C:\Users\Mark\Desktop\kav_rescue_10.iso
2013-11-15 23:34 - 2013-11-15 23:34 - 00760937 _____ (Farbar) C:\Users\Mark\Desktop\MiniToolBox.exe
2013-11-15 23:30 - 2013-11-15 23:30 - 00000058 _____ C:\Users\Mark\Desktop\malware removal thread.txt
2013-11-15 23:23 - 2013-11-16 09:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-15 23:23 - 2013-11-16 00:00 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-15 23:22 - 2013-11-16 09:49 - 00000000 ____D C:\Users\Mark\Desktop\mbar
2013-11-15 23:09 - 2013-11-15 23:11 - 00000000 ____D C:\AdwCleaner
2013-11-15 23:05 - 2013-11-15 23:05 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-11-15 22:46 - 2013-11-15 22:46 - 04009167 _____ C:\Users\Mark\Desktop\ServicesRepair.exe
2013-11-15 22:46 - 2013-11-15 22:46 - 01085542 _____ C:\Users\Mark\Desktop\adwcleaner.exe
2013-11-15 22:18 - 2013-11-15 22:18 - 00012156 _____ C:\ComboFix.txt
2013-11-15 21:41 - 2013-11-15 22:18 - 00000000 ____D C:\Qoobox
2013-11-15 21:41 - 2013-11-15 22:18 - 00000000 ____D C:\ComboFix
2013-11-15 21:41 - 2013-11-15 22:15 - 00000000 ____D C:\Windows\erdnt
2013-11-15 21:41 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-15 21:41 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-15 21:41 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-15 21:41 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-15 21:41 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-15 21:41 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-15 21:41 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-15 21:41 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-15 21:39 - 2013-11-15 21:39 - 09452704 _____ (SurfRight B.V.) C:\Users\Mark\Desktop\HitmanPro.exe
2013-11-15 21:38 - 2013-11-15 21:38 - 03679744 _____ C:\Users\Mark\Desktop\RogueKiller.exe
2013-11-15 21:37 - 2013-11-15 22:43 - 00000000 ____D C:\Users\Mark\Desktop\RK_Quarantine
2013-11-15 21:35 - 2013-11-15 21:35 - 05146278 ____R (Swearware) C:\Users\Mark\Desktop\ComboFix.exe
2013-11-14 19:41 - 2013-10-12 02:04 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 19:41 - 2013-10-12 02:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 19:41 - 2013-10-12 02:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 19:41 - 2013-10-12 02:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 19:41 - 2013-10-12 02:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 19:41 - 2013-10-12 02:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 19:41 - 2013-10-12 02:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 19:41 - 2013-10-12 02:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-14 19:41 - 2013-10-12 02:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-14 19:41 - 2013-10-12 02:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 19:41 - 2013-10-12 02:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-14 19:41 - 2013-10-12 01:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 19:41 - 2013-10-12 00:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-14 19:40 - 2013-10-12 02:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 19:40 - 2013-10-12 02:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 19:40 - 2013-10-12 02:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 22:53 - 2013-11-13 22:53 - 00001559 _____ C:\Users\Mark\Desktop\PM to cluster guy.txt
2013-11-13 21:53 - 2013-11-13 21:53 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-13 21:52 - 2013-11-13 21:53 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-13 21:52 - 2013-11-13 21:53 - 00000000 ____D C:\Program Files\iTunes
2013-11-13 21:52 - 2013-11-13 21:52 - 00000000 ____D C:\Program Files\iPod
2013-11-13 21:45 - 2013-11-13 21:45 - 00001815 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-11-13 21:45 - 2013-11-13 21:45 - 00000000 ____D C:\Program Files\QuickTime
2013-11-13 17:45 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 17:45 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 17:45 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 17:45 - 2013-10-02 20:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 17:45 - 2013-09-24 21:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 17:45 - 2013-09-24 21:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 17:45 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 17:45 - 2013-09-24 20:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 17:45 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 17:45 - 2013-09-24 20:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 17:45 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 17:45 - 2013-09-24 19:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 17:45 - 2013-09-24 19:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 17:45 - 2013-07-04 07:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 17:44 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 17:44 - 2013-10-11 21:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 17:44 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 17:44 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-09 20:30 - 2013-11-09 20:30 - 00000000 ____D C:\Users\Mark\Desktop\Honeymoon Pics
2013-11-09 18:08 - 2013-11-09 18:08 - 00000849 _____ C:\Users\Mark\Desktop\µTorrent.lnk
2013-11-09 18:08 - 2013-11-09 18:08 - 00000829 _____ C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk

==================== One Month Modified Files and Folders =======

2013-11-16 10:10 - 2013-11-16 10:09 - 00012877 _____ C:\Users\Mark\Desktop\FRST.txt
2013-11-16 10:09 - 2013-11-16 10:09 - 01090529 _____ (Farbar) C:\Users\Mark\Desktop\FRST.exe
2013-11-16 10:09 - 2013-11-16 10:09 - 00000000 ____D C:\FRST
2013-11-16 10:09 - 2011-01-20 19:35 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-16 10:07 - 2010-08-09 20:08 - 00783310 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-16 10:07 - 2010-08-09 19:57 - 02087128 _____ C:\Windows\WindowsUpdate.log
2013-11-16 10:07 - 2009-07-13 23:34 - 00017312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-16 10:07 - 2009-07-13 23:34 - 00017312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-16 10:03 - 2011-01-20 19:35 - 00000878 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-16 10:03 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-11-16 10:02 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-16 10:02 - 2009-07-13 23:39 - 00110913 _____ C:\Windows\setupact.log
2013-11-16 09:54 - 2009-07-13 21:37 - 00000000 ___RD C:\Users\Public
2013-11-16 09:50 - 2012-09-19 21:04 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-16 09:49 - 2013-11-15 23:23 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-16 09:49 - 2013-11-15 23:22 - 00000000 ____D C:\Users\Mark\Desktop\mbar
2013-11-16 09:48 - 2012-03-31 08:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-16 00:00 - 2013-11-15 23:23 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-16 00:00 - 2013-06-01 18:53 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-15 23:52 - 2013-11-15 23:46 - 00001559 _____ C:\Users\Mark\Downloads\FSS.txt
2013-11-15 23:46 - 2013-11-15 23:46 - 00360775 _____ (Farbar) C:\Users\Mark\Desktop\FSS.exe
2013-11-15 23:42 - 2013-11-15 23:38 - 376158208 _____ C:\Users\Mark\Desktop\kav_rescue_10.iso
2013-11-15 23:39 - 2013-11-15 23:39 - 00688992 _____ (Swearware) C:\Users\Mark\Desktop\dds.com
2013-11-15 23:34 - 2013-11-15 23:34 - 00760937 _____ (Farbar) C:\Users\Mark\Desktop\MiniToolBox.exe
2013-11-15 23:30 - 2013-11-15 23:30 - 00000058 _____ C:\Users\Mark\Desktop\malware removal thread.txt
2013-11-15 23:11 - 2013-11-15 23:09 - 00000000 ____D C:\AdwCleaner
2013-11-15 23:05 - 2013-11-15 23:05 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-11-15 22:46 - 2013-11-15 22:46 - 04009167 _____ C:\Users\Mark\Desktop\ServicesRepair.exe
2013-11-15 22:46 - 2013-11-15 22:46 - 01085542 _____ C:\Users\Mark\Desktop\adwcleaner.exe
2013-11-15 22:43 - 2013-11-15 21:37 - 00000000 ____D C:\Users\Mark\Desktop\RK_Quarantine
2013-11-15 22:33 - 2010-08-09 20:18 - 02836838 _____ C:\Windows\PFRO.log
2013-11-15 22:29 - 2010-08-18 19:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-15 22:29 - 2009-07-13 21:04 - 00000478 _____ C:\Windows\win.ini
2013-11-15 22:18 - 2013-11-15 22:18 - 00012156 _____ C:\ComboFix.txt
2013-11-15 22:18 - 2013-11-15 21:41 - 00000000 ____D C:\Qoobox
2013-11-15 22:18 - 2013-11-15 21:41 - 00000000 ____D C:\ComboFix
2013-11-15 22:18 - 2009-07-13 21:37 - 00000000 __RHD C:\Users\Default
2013-11-15 22:15 - 2013-11-15 21:41 - 00000000 ____D C:\Windows\erdnt
2013-11-15 22:15 - 2009-07-13 21:04 - 00000215 _____ C:\Windows\system.ini
2013-11-15 21:39 - 2013-11-15 21:39 - 09452704 _____ (SurfRight B.V.) C:\Users\Mark\Desktop\HitmanPro.exe
2013-11-15 21:38 - 2013-11-15 21:38 - 03679744 _____ C:\Users\Mark\Desktop\RogueKiller.exe
2013-11-15 21:37 - 2013-09-06 03:45 - 00000000 ____D C:\Users\Mark\Desktop\Top Gear S20 720p HDTV VFR x264-CtrlHD
2013-11-15 21:35 - 2013-11-15 21:35 - 05146278 ____R (Swearware) C:\Users\Mark\Desktop\ComboFix.exe
2013-11-14 20:28 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2013-11-14 19:40 - 2013-08-17 02:09 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 19:35 - 2010-08-09 21:50 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 22:53 - 2013-11-13 22:53 - 00001559 _____ C:\Users\Mark\Desktop\PM to cluster guy.txt
2013-11-13 21:54 - 2010-08-10 17:53 - 00000000 ____D C:\Users\Mark\Documents\E-Books
2013-11-13 21:53 - 2013-11-13 21:53 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-13 21:53 - 2013-11-13 21:52 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-13 21:53 - 2013-11-13 21:52 - 00000000 ____D C:\Program Files\iTunes
2013-11-13 21:52 - 2013-11-13 21:52 - 00000000 ____D C:\Program Files\iPod
2013-11-13 21:52 - 2010-10-11 20:34 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-11-13 21:45 - 2013-11-13 21:45 - 00001815 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-11-13 21:45 - 2013-11-13 21:45 - 00000000 ____D C:\Program Files\QuickTime
2013-11-13 19:18 - 2010-08-10 16:43 - 00000000 ___RD C:\Users\Mark\Torrents
2013-11-13 19:15 - 2013-09-03 21:34 - 00000000 ____D C:\Users\Mark\Desktop\Car Stuff
2013-11-13 18:44 - 2013-03-09 11:39 - 00000000 ____D C:\Users\Mark\Desktop\Downton.Abbey.S03.Season.3.720p.x264.MIKY
2013-11-09 23:37 - 2010-08-21 11:35 - 00000000 ____D C:\Users\Mark\AppData\Roaming\uTorrent
2013-11-09 20:30 - 2013-11-09 20:30 - 00000000 ____D C:\Users\Mark\Desktop\Honeymoon Pics
2013-11-09 20:23 - 2013-09-05 00:31 - 00000000 ____D C:\Users\Mark\Desktop\Chappelle.Show.Season.1
2013-11-09 18:09 - 2013-09-06 00:44 - 00000000 ____D C:\Users\Mark\Desktop\Chapelle.Show.Season.2.2005.3DiSC.NTSC.DVDR - KaN1vE
2013-11-09 18:08 - 2013-11-09 18:08 - 00000849 _____ C:\Users\Mark\Desktop\µTorrent.lnk
2013-11-09 18:08 - 2013-11-09 18:08 - 00000829 _____ C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-11-09 18:08 - 2010-08-21 11:35 - 00000000 ____D C:\Program Files\uTorrent

Files to move or delete:
====================
C:\ProgramData\avbase.dat

Some content of TEMP:
====================
C:\Users\Mark\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Mark\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-13 19:52

==================== End Of Log ============================

 

 __________________________Addition______________________________

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-11-2013
Ran by Mark at 2013-11-16 10:11:03
Running from C:\Users\Mark\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (HKCU Version: 3.3.2.30180)
Adobe AIR (Version: 2.0.3.13070)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Reader X (10.1.8) (Version: 10.1.8)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
ATK Generic Function Service (Version: 1.00.0008)
ATK Hotkey (Version: 1.00.0012)
ATK Media
ATKOSD2 (Version: 6.64.1.4)
AuthenTec TrueSuite (Version: 2.0.0.57)
Authentec WBDI Driver Package (Version: 1.2.1.0)
BlackBerry Desktop Software 6.1 (Version: 6.1.0.35)
BlackBerry Device Software Updater (Version: 6.0.1.6)
Bonjour (Version: 3.0.0.10)
Canon MF4360-4390
CDDRV_Installer (Version: 4.60)
Cisco Connect (Version: 1.4.11287.0)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup (Version: 2.6.1.44)
E-CAT / E20-II Configuration Services 2.21
E-CAT Enable 2.11
erLT (Version: 1.20.0137)
Garmin BaseCamp (Version: 4.0.2)
Garmin USB Drivers (Version: 2.3.1.0)
Google Chrome (Version: 31.0.1650.57)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4601.54)
Google Update Helper (Version: 1.3.21.165)
Hourly Analysis Program 4.60
ImgBurn (Version: 2.5.5.0)
iTunes (Version: 11.1.3.8)
JMB36X Raid Configurer (Version: 1.00.0000)
Junk Mail filter update (Version: 14.0.8117.416)
KhalInstallWrapper (Version: 2.00.0000)
LightScribe System Software (Version: 1.18.20.1)
Logitech Harmony Remote Software 7 (Version: 7.7.0.0)
Logitech SetPoint (Version: 4.80)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook Connector (Version: 14.0.6106.5001)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
mkv2vob (Version: 2.4.7)
Motorola SM56 Speakerphone Modem (Version: 6.12.25.06)
MSVCRT (Version: 15.4.2862.0708)
NewsLeecher v4.0 Beta 20
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA PhysX (Version: 9.10.0224)
Power4Gear eXtreme (Version: 1.00.0014)
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver (Version: 6.0.1.5969)
Remote Control USB Driver (Version: 2.3.2.317)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SSN Librarian (Version: 1.0.0)
Synaptics Pointing Device Driver (Version: 9.1.19.0)
Trixie (Version: 1.0.3)
TVersity Codec Pack 1.7 (Version: 1.7)
TVersity Media Server 1.9.7 (Version: 1.9.7)
UltraISO Premium V9.35
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VCDS Release 10.6.5 (Version: 10.6.5)
VCDS Release 11.11.5 (Version: 11.11.5)
WBFS Manager 3.0 (Version: 3.0)
Windows 7 Codec Pack 2.6.1
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Driver Package - Ross-Tech USB Driver Package (06/16/2010 2.06.02) (Version: 06/16/2010 2.06.02)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
WinRAR archiver
X Builder Framework 1.04v
XBMC
XBuilder Tag Grid 1.0 (Version: 1.0.14)
Xiph.Org Open Codecs 0.85.17777 (Version: 0.85.17777)

==================== Restore Points  =========================

15-11-2013 00:34:26 Scheduled Checkpoint
15-11-2013 00:34:39 Windows Update
16-11-2013 03:21:07 Windows Update
16-11-2013 04:36:09 Removed Java™ 6 Update 37
16-11-2013 14:53:09 Windows Modules Installer

==================== Hosts content: ==========================

2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {55ED8934-D016-4D36-8DE0-9D916CA815C5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {91BD151C-7067-454F-850A-4952C2DBA02C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-20] (Google Inc.)
Task: {93991AE5-D9B0-40C8-9051-8BA20F450FC8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {BBEB02AE-7ADB-4EBD-B8FB-B7A2CAE073E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-20] (Google Inc.)
Task: {DB524533-6EC6-4518-A965-2527938884F9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-08-11 20:41 - 2010-03-15 10:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2013-02-12 21:38 - 2013-02-12 21:38 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-08-15 21:33 - 2009-07-20 11:27 - 00017936 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Memory Controller
Description: PCI Memory Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB2.0
Description: USB2.0
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/16/2013 09:48:44 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13662630

Error: (11/16/2013 09:48:44 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13662630

Error: (11/16/2013 09:48:43 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/16/2013 00:44:32 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/16/2013 00:44:20 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/16/2013 00:42:18 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/14/2013 07:38:37 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/14/2013 07:38:31 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/14/2013 07:36:49 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/13/2013 07:54:04 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (11/16/2013 10:04:30 AM) (Source: Service Control Manager) (User: )
Description: The WinDefend service terminated with the following error:
%%5

Error: (11/15/2013 11:46:02 PM) (Source: Service Control Manager) (User: )
Description: The WinDefend service terminated with the following error:
%%126

Error: (11/15/2013 11:45:55 PM) (Source: Service Control Manager) (User: )
Description: The WinDefend service terminated with the following error:
%%126

Error: (11/15/2013 11:37:33 PM) (Source: mbamchameleon) (User: )
Description: C000000D

Error: (11/15/2013 11:37:33 PM) (Source: mbamchameleon) (User: )
Description: C000000D

Error: (11/15/2013 11:31:45 PM) (Source: mbamchameleon) (User: )
Description: C0000022

Error: (11/15/2013 11:31:45 PM) (Source: mbamchameleon) (User: )
Description: C0000022

Error: (11/15/2013 11:31:45 PM) (Source: mbamchameleon) (User: )
Description: C0000022

Error: (11/15/2013 11:31:45 PM) (Source: mbamchameleon) (User: )
Description: C0000022

Error: (11/15/2013 11:31:45 PM) (Source: mbamchameleon) (User: )
Description: C0000022

Microsoft Office Sessions:
=========================
Error: (11/16/2013 09:48:44 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13662630

Error: (11/16/2013 09:48:44 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13662630

Error: (11/16/2013 09:48:43 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/16/2013 00:44:32 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\cisco systems\cisco connect\Drivers\Sxcsapi64.exe

Error: (11/16/2013 00:44:20 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Research In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe

Error: (11/16/2013 00:42:18 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Common Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe

Error: (11/14/2013 07:38:37 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\cisco systems\cisco connect\Drivers\Sxcsapi64.exe

Error: (11/14/2013 07:38:31 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Research In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe

Error: (11/14/2013 07:36:49 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Common Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe

Error: (11/13/2013 07:54:04 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\cisco systems\cisco connect\Drivers\Sxcsapi64.exe

==================== Memory info ===========================

Percentage of memory in use: 56%
Total physical RAM: 2015.24 MB
Available physical RAM: 878.13 MB
Total Pagefile: 4030.48 MB
Available Pagefile: 2701.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:170.4 GB) NTFS
Drive e: (CHAPPELLE_DISC1) (CDROM) (Total:4.2 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 7269C659)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Attached Files


Edited by markshaw.mks, 16 November 2013 - 11:26 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:16 PM

Posted 21 November 2013 - 04:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/514222 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 markshaw.mks

markshaw.mks
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 22 November 2013 - 11:27 PM

I still need help!

 

Do I really need to repost my DDS log? I have not touched anything since my first post. 

 

Here is an update on the lingering issues:

 

1. Windows Defender is corrupted. I cannot download anything, "...contains a virus..." message prevents me from doing so. The icon in the Control Panel is blank. 

2. Windows Firewall is active and the Action Centre appears to be fine.

3. I cannot turn on Media Sharing

4. I get prompted for Administrator rights for certain actions that I wouldn't have been previously. 



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,959 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:16 AM

Posted 25 November 2013 - 10:00 AM

Greetings Mark and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I really apologize for the extended delay. Things have been extremely busy lately but now that we have connected you can expect very prompt replies from me.

Please run this program for me again so I am certain we have the best information to work from.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Edited by Oh My, 25 November 2013 - 10:05 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 markshaw.mks

markshaw.mks
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 25 November 2013 - 10:11 PM

Thank you Gary for responding.

 

Please refer to my initial post for my FRST results and Addition log. The logs I have posted/attached are listed in bold and underlined text. 

 

I have not done anything since running these logs, the results would be the same if I were to run them today.



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,959 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:16 AM

Posted 25 November 2013 - 10:31 PM

It appears your computer may still be infected. It is important for me to see a current log to determine if merely rebooting your computer results in additional/different malicious activity. Please delete the current version of Farbar Recovery Scan Tool, download and run the new version, then post the results.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 markshaw.mks

markshaw.mks
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 25 November 2013 - 11:00 PM

OK fair enough, results posted below:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-11-2013 01
Ran by Mark (administrator) on MARK-PC on 25-11-2013 22:41:56
Running from C:\Users\Mark\Desktop
Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\ATK Hotkey\ASLDRSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ASUSTeK Computer INC.) C:\Program Files\ASUS\ATK Media\DMedia.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
() C:\Program Files\ATKOSD2\ATKOSD2.exe
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
() C:\Program Files\ATK Hotkey\KBFiltr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-03-01] (Synaptics, Inc.)
HKLM\...\Run: [ATKMEDIA] - C:\Program Files\ASUS\ATK Media\DMedia.exe [61440 2006-11-02] (ASUSTeK Computer INC.)
HKLM\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7862816 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [SMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.Exe [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-01-20] (Google Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theglobeandmail.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE85B78F90144CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0CB6E1B3-9E5B-414E-B2CA-BE8ED0889EA0} URL = http://www.youtube.com/results?search_query={searchTerms}
SearchScopes: HKCU - {12721131-9802-44AA-AB2D-D8B57820187E} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {84492CDC-4A42-40C4-9F96-B204A2B4C771} URL = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: asp - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\System32\hsppp.dll (EzTools Software)
Handler: ezstor - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\System32\hsppp.dll (EzTools Software)
Handler: hsp - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\System32\hsppp.dll (EzTools Software)
Handler: x-asp - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\System32\hsppp.dll (EzTools Software)
Handler: x-cnote - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\System32\hsppp.dll (EzTools Software)
Handler: x-hsp - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\System32\hsppp.dll (EzTools Software)
Handler: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\Windows\System32\WowCtl2.dll (EzTools Software)
Handler: x-zip - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\System32\hsppp.dll (EzTools Software)
Handler: zip - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\System32\hsppp.dll (EzTools Software)
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U35) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Wallet) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
 
========================== Services (Whitelisted) =================
 
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-05] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-07] ()
S3 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [1249064 2011-07-29] ()
S2 WinDefend; %programFiles%\Windows Defender\mpsvc.dll [x]
 
==================== Drivers (Whitelisted) ====================
 
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2009-02-10] (EZB Systems, Inc.)
R0 JGOGO; C:\Windows\System32\DRIVERS\JGOGO.sys [6912 2006-02-07] (JMicron )
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [48000 2007-04-11] (JMicron Technology Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( )
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
S3 RemoteControl-USBLAN; C:\Windows\System32\DRIVERS\rcblan.sys [39704 2007-01-24] (Belcarra Technologies)
S3 RT-USB; C:\Windows\System32\drivers\RT-USB.SYS [59464 2010-06-16] (Ross-Tech LLC)
S3 catchme; \??\C:\Users\Mark\AppData\Local\Temp\catchme.sys [x]
S1 jtguryhf; \??\C:\Windows\system32\drivers\jtguryhf.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-25 22:41 - 2013-11-25 22:41 - 00013012 _____ C:\Users\Mark\Desktop\FRST.txt
2013-11-25 22:40 - 2013-11-25 22:41 - 01091605 _____ (Farbar) C:\Users\Mark\Desktop\FRST.exe
2013-11-17 17:01 - 2013-11-17 18:24 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-11-16 11:06 - 2013-11-16 11:06 - 00160376 _____ C:\Windows\Minidump\111613-16348-01.dmp
2013-11-16 10:44 - 2013-11-16 10:44 - 00013509 _____ C:\Users\Mark\Desktop\attach.txt
2013-11-16 10:44 - 2013-11-16 10:43 - 00015347 _____ C:\Users\Mark\Desktop\dds.txt
2013-11-16 10:09 - 2013-11-16 10:09 - 00000000 ____D C:\FRST
2013-11-15 23:46 - 2013-11-15 23:52 - 00001559 _____ C:\Users\Mark\Desktop\FSS.txt
2013-11-15 23:46 - 2013-11-15 23:46 - 00360775 _____ (Farbar) C:\Users\Mark\Desktop\FSS.exe
2013-11-15 23:39 - 2013-11-15 23:39 - 00688992 ____R (Swearware) C:\Users\Mark\Desktop\dds.com
2013-11-15 23:38 - 2013-11-15 23:42 - 376158208 _____ C:\Users\Mark\Desktop\kav_rescue_10.iso
2013-11-15 23:34 - 2013-11-15 23:34 - 00760937 _____ (Farbar) C:\Users\Mark\Desktop\MiniToolBox.exe
2013-11-15 23:30 - 2013-11-15 23:30 - 00000058 _____ C:\Users\Mark\Desktop\malware removal thread.txt
2013-11-15 23:23 - 2013-11-16 09:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-15 23:23 - 2013-11-16 00:00 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-15 23:22 - 2013-11-16 09:49 - 00000000 ____D C:\Users\Mark\Desktop\mbar
2013-11-15 23:09 - 2013-11-15 23:11 - 00000000 ____D C:\AdwCleaner
2013-11-15 23:05 - 2013-11-15 23:05 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-11-15 22:46 - 2013-11-15 22:46 - 04009167 _____ C:\Users\Mark\Desktop\ServicesRepair.exe
2013-11-15 22:46 - 2013-11-15 22:46 - 01085542 _____ C:\Users\Mark\Desktop\adwcleaner.exe
2013-11-15 22:18 - 2013-11-15 22:18 - 00012156 _____ C:\ComboFix.txt
2013-11-15 21:41 - 2013-11-15 22:18 - 00000000 ____D C:\Qoobox
2013-11-15 21:41 - 2013-11-15 22:18 - 00000000 ____D C:\ComboFix
2013-11-15 21:41 - 2013-11-15 22:15 - 00000000 ____D C:\Windows\erdnt
2013-11-15 21:41 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-15 21:41 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-15 21:41 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-15 21:41 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-15 21:41 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-15 21:41 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-15 21:41 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-15 21:41 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-15 21:39 - 2013-11-15 21:39 - 09452704 _____ (SurfRight B.V.) C:\Users\Mark\Desktop\HitmanPro.exe
2013-11-15 21:38 - 2013-11-15 21:38 - 03679744 _____ C:\Users\Mark\Desktop\RogueKiller.exe
2013-11-15 21:37 - 2013-11-15 22:43 - 00000000 ____D C:\Users\Mark\Desktop\RK_Quarantine
2013-11-15 21:35 - 2013-11-15 21:35 - 05146278 ____R (Swearware) C:\Users\Mark\Desktop\ComboFix.exe
2013-11-14 19:41 - 2013-10-12 02:04 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 19:41 - 2013-10-12 02:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 19:41 - 2013-10-12 02:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 19:41 - 2013-10-12 02:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 19:41 - 2013-10-12 02:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 19:41 - 2013-10-12 02:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 19:41 - 2013-10-12 02:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 19:41 - 2013-10-12 02:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-14 19:41 - 2013-10-12 02:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-14 19:41 - 2013-10-12 02:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 19:41 - 2013-10-12 02:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-14 19:41 - 2013-10-12 01:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 19:41 - 2013-10-12 00:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-14 19:40 - 2013-10-12 02:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 19:40 - 2013-10-12 02:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 19:40 - 2013-10-12 02:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 22:53 - 2013-11-13 22:53 - 00001559 _____ C:\Users\Mark\Desktop\PM to cluster guy.txt
2013-11-13 21:53 - 2013-11-13 21:53 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-13 21:52 - 2013-11-13 21:53 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-13 21:52 - 2013-11-13 21:53 - 00000000 ____D C:\Program Files\iTunes
2013-11-13 21:52 - 2013-11-13 21:52 - 00000000 ____D C:\Program Files\iPod
2013-11-13 21:45 - 2013-11-13 21:45 - 00001815 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-11-13 21:45 - 2013-11-13 21:45 - 00000000 ____D C:\Program Files\QuickTime
2013-11-13 17:45 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 17:45 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 17:45 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 17:45 - 2013-10-02 20:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 17:45 - 2013-09-24 21:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 17:45 - 2013-09-24 21:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 17:45 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 17:45 - 2013-09-24 20:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 17:45 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 17:45 - 2013-09-24 20:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 17:45 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 17:45 - 2013-09-24 19:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 17:45 - 2013-09-24 19:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 17:45 - 2013-07-04 07:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 17:44 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 17:44 - 2013-10-11 21:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 17:44 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 17:44 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-09 20:30 - 2013-11-09 20:30 - 00000000 ____D C:\Users\Mark\Desktop\Honeymoon Pics
2013-11-09 18:08 - 2013-11-09 18:08 - 00000849 _____ C:\Users\Mark\Desktop\µTorrent.lnk
2013-11-09 18:08 - 2013-11-09 18:08 - 00000829 _____ C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
 
==================== One Month Modified Files and Folders =======
 
2013-11-25 22:42 - 2013-11-25 22:41 - 00013012 _____ C:\Users\Mark\Desktop\FRST.txt
2013-11-25 22:41 - 2013-11-25 22:40 - 01091605 _____ (Farbar) C:\Users\Mark\Desktop\FRST.exe
2013-11-25 22:20 - 2012-03-31 08:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-25 22:09 - 2011-01-20 19:35 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-25 22:09 - 2011-01-20 19:35 - 00000878 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-25 22:09 - 2009-07-13 23:34 - 00017312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-25 22:09 - 2009-07-13 23:34 - 00017312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-25 22:07 - 2010-08-09 20:08 - 00783310 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-25 22:06 - 2010-08-09 19:57 - 01499338 _____ C:\Windows\WindowsUpdate.log
2013-11-25 22:02 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-25 22:02 - 2009-07-13 23:39 - 00111081 _____ C:\Windows\setupact.log
2013-11-23 00:10 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2013-11-17 18:24 - 2013-11-17 17:01 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-11-17 17:04 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-11-17 17:01 - 2009-07-13 21:37 - 00000000 ___RD C:\Users\Public
2013-11-16 11:06 - 2013-11-16 11:06 - 00160376 _____ C:\Windows\Minidump\111613-16348-01.dmp
2013-11-16 11:06 - 2010-10-22 14:12 - 00000000 ____D C:\Windows\Minidump
2013-11-16 11:06 - 2010-10-22 14:11 - 368427202 _____ C:\Windows\MEMORY.DMP
2013-11-16 10:44 - 2013-11-16 10:44 - 00013509 _____ C:\Users\Mark\Desktop\attach.txt
2013-11-16 10:43 - 2013-11-16 10:44 - 00015347 _____ C:\Users\Mark\Desktop\dds.txt
2013-11-16 10:09 - 2013-11-16 10:09 - 00000000 ____D C:\FRST
2013-11-16 09:50 - 2012-09-19 21:04 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-16 09:49 - 2013-11-15 23:23 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-16 09:49 - 2013-11-15 23:22 - 00000000 ____D C:\Users\Mark\Desktop\mbar
2013-11-16 00:00 - 2013-11-15 23:23 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-16 00:00 - 2013-06-01 18:53 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-15 23:52 - 2013-11-15 23:46 - 00001559 _____ C:\Users\Mark\Desktop\FSS.txt
2013-11-15 23:46 - 2013-11-15 23:46 - 00360775 _____ (Farbar) C:\Users\Mark\Desktop\FSS.exe
2013-11-15 23:42 - 2013-11-15 23:38 - 376158208 _____ C:\Users\Mark\Desktop\kav_rescue_10.iso
2013-11-15 23:39 - 2013-11-15 23:39 - 00688992 ____R (Swearware) C:\Users\Mark\Desktop\dds.com
2013-11-15 23:34 - 2013-11-15 23:34 - 00760937 _____ (Farbar) C:\Users\Mark\Desktop\MiniToolBox.exe
2013-11-15 23:30 - 2013-11-15 23:30 - 00000058 _____ C:\Users\Mark\Desktop\malware removal thread.txt
2013-11-15 23:11 - 2013-11-15 23:09 - 00000000 ____D C:\AdwCleaner
2013-11-15 23:05 - 2013-11-15 23:05 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-11-15 22:46 - 2013-11-15 22:46 - 04009167 _____ C:\Users\Mark\Desktop\ServicesRepair.exe
2013-11-15 22:46 - 2013-11-15 22:46 - 01085542 _____ C:\Users\Mark\Desktop\adwcleaner.exe
2013-11-15 22:43 - 2013-11-15 21:37 - 00000000 ____D C:\Users\Mark\Desktop\RK_Quarantine
2013-11-15 22:33 - 2010-08-09 20:18 - 02836838 _____ C:\Windows\PFRO.log
2013-11-15 22:29 - 2010-08-18 19:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-15 22:29 - 2009-07-13 21:04 - 00000478 _____ C:\Windows\win.ini
2013-11-15 22:18 - 2013-11-15 22:18 - 00012156 _____ C:\ComboFix.txt
2013-11-15 22:18 - 2013-11-15 21:41 - 00000000 ____D C:\Qoobox
2013-11-15 22:18 - 2013-11-15 21:41 - 00000000 ____D C:\ComboFix
2013-11-15 22:18 - 2009-07-13 21:37 - 00000000 __RHD C:\Users\Default
2013-11-15 22:15 - 2013-11-15 21:41 - 00000000 ____D C:\Windows\erdnt
2013-11-15 22:15 - 2009-07-13 21:04 - 00000215 _____ C:\Windows\system.ini
2013-11-15 21:39 - 2013-11-15 21:39 - 09452704 _____ (SurfRight B.V.) C:\Users\Mark\Desktop\HitmanPro.exe
2013-11-15 21:38 - 2013-11-15 21:38 - 03679744 _____ C:\Users\Mark\Desktop\RogueKiller.exe
2013-11-15 21:37 - 2013-09-06 03:45 - 00000000 ____D C:\Users\Mark\Desktop\Top Gear S20 720p HDTV VFR x264-CtrlHD
2013-11-15 21:35 - 2013-11-15 21:35 - 05146278 ____R (Swearware) C:\Users\Mark\Desktop\ComboFix.exe
2013-11-14 19:40 - 2013-08-17 02:09 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 19:35 - 2010-08-09 21:50 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 22:53 - 2013-11-13 22:53 - 00001559 _____ C:\Users\Mark\Desktop\PM to cluster guy.txt
2013-11-13 21:54 - 2010-08-10 17:53 - 00000000 ____D C:\Users\Mark\Documents\E-Books
2013-11-13 21:53 - 2013-11-13 21:53 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-13 21:53 - 2013-11-13 21:52 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-13 21:53 - 2013-11-13 21:52 - 00000000 ____D C:\Program Files\iTunes
2013-11-13 21:52 - 2013-11-13 21:52 - 00000000 ____D C:\Program Files\iPod
2013-11-13 21:52 - 2010-10-11 20:34 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-11-13 21:45 - 2013-11-13 21:45 - 00001815 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-11-13 21:45 - 2013-11-13 21:45 - 00000000 ____D C:\Program Files\QuickTime
2013-11-13 19:18 - 2010-08-10 16:43 - 00000000 ___RD C:\Users\Mark\Torrents
2013-11-13 19:15 - 2013-09-03 21:34 - 00000000 ____D C:\Users\Mark\Desktop\Car Stuff
2013-11-13 18:44 - 2013-03-09 11:39 - 00000000 ____D C:\Users\Mark\Desktop\Downton.Abbey.S03.Season.3.720p.x264.MIKY
2013-11-11 05:50 - 2010-08-09 20:17 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-09 23:37 - 2010-08-21 11:35 - 00000000 ____D C:\Users\Mark\AppData\Roaming\uTorrent
2013-11-09 20:30 - 2013-11-09 20:30 - 00000000 ____D C:\Users\Mark\Desktop\Honeymoon Pics
2013-11-09 20:23 - 2013-09-05 00:31 - 00000000 ____D C:\Users\Mark\Desktop\Chappelle.Show.Season.1
2013-11-09 18:09 - 2013-09-06 00:44 - 00000000 ____D C:\Users\Mark\Desktop\Chapelle.Show.Season.2.2005.3DiSC.NTSC.DVDR - KaN1vE
2013-11-09 18:08 - 2013-11-09 18:08 - 00000849 _____ C:\Users\Mark\Desktop\µTorrent.lnk
2013-11-09 18:08 - 2013-11-09 18:08 - 00000829 _____ C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-11-09 18:08 - 2010-08-21 11:35 - 00000000 ____D C:\Program Files\uTorrent
 
Files to move or delete:
====================
C:\ProgramData\avbase.dat
 
 
Some content of TEMP:
====================
C:\Users\Mark\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Mark\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-11-20 21:57
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-11-2013 01
Ran by Mark at 2013-11-25 22:50:06
Running from C:\Users\Mark\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
µTorrent (HKCU Version: 3.3.2.30180)
Adobe AIR (Version: 2.0.3.13070)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Reader X (10.1.8) (Version: 10.1.8)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
ATK Generic Function Service (Version: 1.00.0008)
ATK Hotkey (Version: 1.00.0012)
ATK Media
ATKOSD2 (Version: 6.64.1.4)
AuthenTec TrueSuite (Version: 2.0.0.57)
Authentec WBDI Driver Package (Version: 1.2.1.0)
BlackBerry Desktop Software 6.1 (Version: 6.1.0.35)
BlackBerry Device Software Updater (Version: 6.0.1.6)
Bonjour (Version: 3.0.0.10)
Canon MF4360-4390
CDDRV_Installer (Version: 4.60)
Cisco Connect (Version: 1.4.11287.0)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup (Version: 2.6.1.44)
E-CAT / E20-II Configuration Services 2.21
E-CAT Enable 2.11
erLT (Version: 1.20.0137)
Garmin BaseCamp (Version: 4.0.2)
Garmin USB Drivers (Version: 2.3.1.0)
Google Chrome (Version: 31.0.1650.57)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4601.54)
Google Update Helper (Version: 1.3.21.165)
Hourly Analysis Program 4.60
ImgBurn (Version: 2.5.5.0)
iTunes (Version: 11.1.3.8)
JMB36X Raid Configurer (Version: 1.00.0000)
Junk Mail filter update (Version: 14.0.8117.416)
KhalInstallWrapper (Version: 2.00.0000)
LightScribe System Software (Version: 1.18.20.1)
Logitech Harmony Remote Software 7 (Version: 7.7.0.0)
Logitech SetPoint (Version: 4.80)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook Connector (Version: 14.0.6106.5001)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
mkv2vob (Version: 2.4.7)
Motorola SM56 Speakerphone Modem (Version: 6.12.25.06)
MSVCRT (Version: 15.4.2862.0708)
NewsLeecher v4.0 Beta 20
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA PhysX (Version: 9.10.0224)
Power4Gear eXtreme (Version: 1.00.0014)
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver (Version: 6.0.1.5969)
Remote Control USB Driver (Version: 2.3.2.317)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SSN Librarian (Version: 1.0.0)
Synaptics Pointing Device Driver (Version: 9.1.19.0)
Trixie (Version: 1.0.3)
TVersity Codec Pack 1.7 (Version: 1.7)
TVersity Media Server 1.9.7 (Version: 1.9.7)
UltraISO Premium V9.35
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VCDS Release 10.6.5 (Version: 10.6.5)
VCDS Release 11.11.5 (Version: 11.11.5)
WBFS Manager 3.0 (Version: 3.0)
Windows 7 Codec Pack 2.6.1
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Driver Package - Ross-Tech USB Driver Package (06/16/2010 2.06.02) (Version: 06/16/2010 2.06.02)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
WinRAR archiver
X Builder Framework 1.04v
XBMC
XBuilder Tag Grid 1.0 (Version: 1.0.14)
Xiph.Org Open Codecs 0.85.17777 (Version: 0.85.17777)
 
==================== Restore Points  =========================
 
15-11-2013 00:34:26 Scheduled Checkpoint
15-11-2013 00:34:39 Windows Update
16-11-2013 03:21:07 Windows Update
16-11-2013 04:36:09 Removed Java™ 6 Update 37
16-11-2013 14:53:09 Windows Modules Installer
17-11-2013 22:00:00 Windows Modules Installer
23-11-2013 22:19:49 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {55ED8934-D016-4D36-8DE0-9D916CA815C5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {91BD151C-7067-454F-850A-4952C2DBA02C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-20] (Google Inc.)
Task: {93991AE5-D9B0-40C8-9051-8BA20F450FC8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {BBEB02AE-7ADB-4EBD-B8FB-B7A2CAE073E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-20] (Google Inc.)
Task: {DB524533-6EC6-4518-A965-2527938884F9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {ED0C35B1-C919-4767-BC35-F893B02E5C1B} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2013213296-4241905617-1194940479-1001
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-02-12 21:38 - 2013-02-12 21:38 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-08-15 21:33 - 2009-07-20 11:27 - 00017936 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2013-11-16 09:50 - 2013-11-14 06:28 - 00702416 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
2013-11-16 09:50 - 2013-11-14 06:28 - 00099792 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.57\libegl.dll
2013-11-16 09:50 - 2013-11-14 06:29 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll
2013-11-16 09:50 - 2013-11-14 06:29 - 00399312 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
2013-11-16 09:50 - 2013-11-14 06:28 - 01619408 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: PCI Memory Controller
Description: PCI Memory Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: USB2.0
Description: USB2.0
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: PCI Serial Port
Description: PCI Serial Port
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/24/2013 00:31:25 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/24/2013 00:31:19 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/24/2013 00:30:03 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/23/2013 00:04:55 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/23/2013 00:04:49 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/23/2013 00:03:38 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/19/2013 07:46:47 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/19/2013 07:46:40 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/19/2013 07:45:30 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/19/2013 07:19:41 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (11/25/2013 10:08:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.163.326.0).
 
Error: (11/25/2013 10:04:56 PM) (Source: Service Control Manager) (User: )
Description: The WinDefend service terminated with the following error: 
%%5
 
Error: (11/24/2013 01:59:30 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.163.326.0).
 
Error: (11/23/2013 05:21:35 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.163.326.0).
 
Error: (11/22/2013 11:18:55 PM) (Source: Service Control Manager) (User: )
Description: The WinDefend service terminated with the following error: 
%%126
 
Error: (11/16/2013 11:08:33 AM) (Source: Service Control Manager) (User: )
Description: The WinDefend service terminated with the following error: 
%%126
 
Error: (11/16/2013 11:06:24 AM) (Source: BugCheck) (User: )
Description: 0x00000019 (0x00000003, 0x8317c788, 0x952e9c88, 0x8317c788)C:\Windows\MEMORY.DMP111613-16348-01
 
Error: (11/16/2013 11:06:10 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:52:44 AM on ‎16/‎11/‎2013 was unexpected.
 
Error: (11/16/2013 10:04:30 AM) (Source: Service Control Manager) (User: )
Description: The WinDefend service terminated with the following error: 
%%5
 
Error: (11/15/2013 11:46:02 PM) (Source: Service Control Manager) (User: )
Description: The WinDefend service terminated with the following error: 
%%126
 
 
Microsoft Office Sessions:
=========================
Error: (11/24/2013 00:31:25 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\cisco systems\cisco connect\Drivers\Sxcsapi64.exe
 
Error: (11/24/2013 00:31:19 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Research In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe
 
Error: (11/24/2013 00:30:03 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Common Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe
 
Error: (11/23/2013 00:04:55 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\cisco systems\cisco connect\Drivers\Sxcsapi64.exe
 
Error: (11/23/2013 00:04:49 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Research In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe
 
Error: (11/23/2013 00:03:38 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Common Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe
 
Error: (11/19/2013 07:46:47 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\cisco systems\cisco connect\Drivers\Sxcsapi64.exe
 
Error: (11/19/2013 07:46:40 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Research In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe
 
Error: (11/19/2013 07:45:30 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Common Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe
 
Error: (11/19/2013 07:19:41 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\cisco systems\cisco connect\Drivers\Sxcsapi64.exe
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 54%
Total physical RAM: 2015.24 MB
Available physical RAM: 911.1 MB
Total Pagefile: 4030.48 MB
Available Pagefile: 2203.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1915.21 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:161.92 GB) NTFS
Drive e: (CHAPPELLE_DISC1) (CDROM) (Total:4.2 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 7269C659)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,959 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:16 AM

Posted 25 November 2013 - 11:14 PM

Thanks for posting. I am closing up shop for the night but I would like to leave you with this. Please do this for me.

===================================================

Virustotal Online Virus Scanner

--------------------
  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file (if multiple files then one at a time), double click on it so the file name is populated, then click Scan it!
  • IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.

C:\Windows\System32\mscoree.dll

  • Once completed, highlight the information in the address bar and copy then paste the link in your reply
virustotal.jpg

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Virustotal link

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 markshaw.mks

markshaw.mks
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 26 November 2013 - 08:07 PM

Virustotal link:

 

https://www.virustotal.com/en/file/c71df6e18e2099fc462717b8658d39c607a62c7e7a1e5cd0e258c17434535ad0/analysis/1385513852/

 

" Probably harmless! There are strong indicators suggesting that this file is safe to use."



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,959 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:16 AM

Posted 26 November 2013 - 09:57 PM

There is something that is still not right. Please do this.

===================================================

Farbar's MiniRegTool

--------------------
  • Please download MiniRegTool.zip (for 32 bit systems) or MiniRegTool64.zip (for 64 bit systems) and save it to your desktop
  • Unzip the folder and double click the icon
  • When you run the tool this is what you will see

MiniReg.gif

  • Copy and paste the following into the edit box:

Trixie

  • Check the Search radio button.
  • Press the Go button and post the result.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • MiniRegTool report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 markshaw.mks

markshaw.mks
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 26 November 2013 - 11:10 PM

MiniRegTool by Farbar Version:29-11-2012
Ran by Mark (administrator) on 2013-11-26 at 22:42:31
 
==========================================
Search Result For: "Trixie"
 
[HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Program Files|Bhelpuri|Trixie|Interop.SHDocVw.DLL]
[HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Program Files|Bhelpuri|Trixie|Microsoft.mshtml.dll]
[HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Program Files|Bhelpuri|Trixie|Trixie.dll]
[HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Program Files|Bhelpuri|Trixie|Trixie.dll]
"Trixie,Version="0.2.3.0",Culture="neutral",PublicKeyToken="AAC6FD98C8BB0C06""="-C=xUxwCd=WH_..I97ft>LG~(l&9)n9x74$9(TY2o"
[HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\7241AEE8D0C5F964F96C6A229AD989BE]
"ProductName"="Trixie"
[HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\7241AEE8D0C5F964F96C6A229AD989BE\SourceList]
"PackageName"="TrixieSetup.msi"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{20CCCFEC-D26F-4FFE-996B-388B39C8CCCA}]
""="Trixie.CmdDispatch"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{20CCCFEC-D26F-4FFE-996B-388B39C8CCCA}\InprocServer32]
"Assembly"="Trixie, Version=0.2.3.0, Culture=neutral, PublicKeyToken=aac6fd98c8bb0c06"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{20CCCFEC-D26F-4FFE-996B-388B39C8CCCA}\InprocServer32]
"CodeBase"="C:\Program Files\Bhelpuri\Trixie\Trixie.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{20CCCFEC-D26F-4FFE-996B-388B39C8CCCA}\InprocServer32]
"Class"="Trixie.CmdDispatch"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{20CCCFEC-D26F-4FFE-996B-388B39C8CCCA}\ProgID]
""="Trixie.CmdDispatch"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{B0744341-96E0-4341-9ED2-8BC36CE0CCD0}]
""="Trixie.Bho"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{B0744341-96E0-4341-9ED2-8BC36CE0CCD0}\InprocServer32]
"Assembly"="Trixie, Version=0.2.3.0, Culture=neutral, PublicKeyToken=aac6fd98c8bb0c06"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{B0744341-96E0-4341-9ED2-8BC36CE0CCD0}\InprocServer32]
"CodeBase"="C:\Program Files\Bhelpuri\Trixie\Trixie.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{B0744341-96E0-4341-9ED2-8BC36CE0CCD0}\InprocServer32]
"Class"="Trixie.Bho"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{B0744341-96E0-4341-9ED2-8BC36CE0CCD0}\ProgID]
""="Trixie.Bho"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{CC7E1327-E325-4AFB-81DA-B937FD1B7C85}]
""="Trixie.TrixieXmlHttp"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{CC7E1327-E325-4AFB-81DA-B937FD1B7C85}\InprocServer32]
"Assembly"="Trixie, Version=0.2.3.0, Culture=neutral, PublicKeyToken=aac6fd98c8bb0c06"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{CC7E1327-E325-4AFB-81DA-B937FD1B7C85}\InprocServer32]
"CodeBase"="C:\Program Files\Bhelpuri\Trixie\Trixie.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{CC7E1327-E325-4AFB-81DA-B937FD1B7C85}\InprocServer32]
"Class"="Trixie.TrixieXmlHttp"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{CC7E1327-E325-4AFB-81DA-B937FD1B7C85}\ProgID]
""="Trixie.TrixieXmlHttp"
[HKEY_CURRENT_USER\Software\Classes\Trixie.Bho]
[HKEY_CURRENT_USER\Software\Classes\Trixie.Bho]
""="Trixie.Bho"
[HKEY_CURRENT_USER\Software\Classes\Trixie.CmdDispatch]
[HKEY_CURRENT_USER\Software\Classes\Trixie.CmdDispatch]
""="Trixie.CmdDispatch"
[HKEY_CURRENT_USER\Software\Classes\Trixie.TrixieXmlHttp]
[HKEY_CURRENT_USER\Software\Classes\Trixie.TrixieXmlHttp]
""="Trixie.TrixieXmlHttp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA}]
"MenuStatusBar"="Show Trixie Options"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Bhelpuri\Trixie\Scripts\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Bhelpuri\Trixie\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2013213296-4241905617-1194940479-1001\Components\0107A471EBC1CDDE604BC6FAC8D6ADE4]
"7241AEE8D0C5F964F96C6A229AD989BE"="C:\Program Files\Bhelpuri\Trixie\Scripts\PageBreakIndicator.user.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2013213296-4241905617-1194940479-1001\Components\337FC00AB0132DFA036575FCF29FE34A]
"7241AEE8D0C5F964F96C6A229AD989BE"="C:\Program Files\Bhelpuri\Trixie\Scripts\BloglinesArticlePrevNext.user.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2013213296-4241905617-1194940479-1001\Components\3B70534326C1F739F9F68E4F6B39540C]
"7241AEE8D0C5F964F96C6A229AD989BE"="C:\Program Files\Bhelpuri\Trixie\Trixie.config.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2013213296-4241905617-1194940479-1001\Components\51E835AE3915053FD389DD87B7477D4A]
"7241AEE8D0C5F964F96C6A229AD989BE"="C:\Program Files\Bhelpuri\Trixie\Scripts\SpacesEditIt.user.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2013213296-4241905617-1194940479-1001\Components\5242C54F73920010CA5F95C6EDB7FBAE]
"7241AEE8D0C5F964F96C6A229AD989BE"="C:\Program Files\Bhelpuri\Trixie\Scripts\SpacesStats.user.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2013213296-4241905617-1194940479-1001\Components\6E4B49D975F05A632EECAB1D351A4BFD]
"7241AEE8D0C5F964F96C6A229AD989BE"="C:\Program Files\Bhelpuri\Trixie\Scripts\GoogleImagesNF.user.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2013213296-4241905617-1194940479-1001\Components\712EEA0D8B82ED340AB026146EEE45AD]
"7241AEE8D0C5F964F96C6A229AD989BE"="C:\Program Files\Bhelpuri\Trixie\Trixie.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2013213296-4241905617-1194940479-1001\Components\76AAD0623E96153DDA207B70EF60F22B]
"7241AEE8D0C5F964F96C6A229AD989BE"="C:\Program Files\Bhelpuri\Trixie\Scripts\SubViaBloglines.user.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2013213296-4241905617-1194940479-1001\Components\82C0B208E37C3DB5A475DA1EA0A4E056]
"7241AEE8D0C5F964F96C6A229AD989BE"="C:\Program Files\Bhelpuri\Trixie\Scripts\HmNoToday.user.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2013213296-4241905617-1194940479-1001\Components\891E352FAD8529E69CDE93C4545732D8]
"7241AEE8D0C5F964F96C6A229AD989BE"="C:\Program Files\Bhelpuri\Trixie\Microsoft.mshtml.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2013213296-4241905617-1194940479-1001\Components\935E157272DD176AF83821CDD71C1C16]
"7241AEE8D0C5F964F96C6A229AD989BE"="C:\Program Files\Bhelpuri\Trixie\Scripts\HotmailEnhanced.user.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2013213296-4241905617-1194940479-1001\Components\D04BAB9F37EF5A347DA789237ECD995C]
"7241AEE8D0C5F964F96C6A229AD989BE"="C:\Program Files\Bhelpuri\Trixie\Interop.SHDocVw.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2013213296-4241905617-1194940479-1001\Components\D8CEAA5F3BA1BCC95C13AFDF5E2ACEF6]
"7241AEE8D0C5F964F96C6A229AD989BE"="C:\Program Files\Bhelpuri\Trixie\Scripts\MsdnSearchFocus.user.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2013213296-4241905617-1194940479-1001\Products\7241AEE8D0C5F964F96C6A229AD989BE\InstallProperties]
"Comments"="Installs the Trixie plugin for Microsoft Internet Explorer."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2013213296-4241905617-1194940479-1001\Products\7241AEE8D0C5F964F96C6A229AD989BE\InstallProperties]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2013213296-4241905617-1194940479-1001\Products\7241AEE8D0C5F964F96C6A229AD989BE\InstallProperties]
"DisplayName"="Trixie"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8EEA1427-5C0D-469F-9FC6-A622A99D98EB}]
"Comments"="Installs the Trixie plugin for Microsoft Internet Explorer."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8EEA1427-5C0D-469F-9FC6-A622A99D98EB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8EEA1427-5C0D-469F-9FC6-A622A99D98EB}]
"DisplayName"="Trixie"
 
==== End of Search ====


#12 markshaw.mks

markshaw.mks
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 26 November 2013 - 11:18 PM

FYI, I just wanted to reiterate that my Windows Defender folder in Program Files was renamed to 'Windows Defender.old' during the above scans. This allows me to bypass the corruption and download files. 



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,959 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:16 AM

Posted 27 November 2013 - 08:55 AM

Greetings,

I would like to uninstall Trixie. It can be reinstalled later if you would like once we are done. Also, please rerun Farbar Service Scanner and post the results.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Trixie (Version: 1.0.3)
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Click on Select all then click Delete
  • When prompted select Yes then Next
  • Once done click Finish.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the program(s) uninstall properly?
  • FSS log
  • How is your computer running now?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 markshaw.mks

markshaw.mks
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 27 November 2013 - 08:48 PM

Trixie uninstalled completely using Revo, no leftovers were found and no further action was taken.
 
Below is a current FSS log. It still shows the Windows Defender dll as corrupted. My issues remain.
 
Thanks for your efforts so far, please let me know what else can be done!
__________________________________________________________
 
Farbar Service Scanner Version: 10-11-2013
Ran by Mark (administrator) on 27-11-2013 at 20:45:34
Running from "C:\Users\Mark\Desktop"
Microsoft Windows 7 Enterprise  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2013-10-08 19:36] - [2013-09-13 19:48] - 0338944 ____A (Microsoft Corporation) F81BB7E487EDCEAB630A7EE66CF23913
 
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-10-08 19:36] - [2013-09-07 21:07] - 1294272 ____A (Microsoft Corporation) CA59F7C570AF70BC174F477CFE2D9EE3
 
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-08-16 20:26] - [2013-07-08 23:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9
 
 
ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll Reparse point on file detected.
 
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
 
 
**** End of log ****


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,959 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:16 AM

Posted 27 November 2013 - 10:27 PM

Thanks for the reports. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Rerun Farbar Service Scanner and post the results
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog log
  • FSS log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users