Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Was infected with zeroacessrootkit still having issues


  • This topic is locked This topic is locked
12 replies to this topic

#1 puckhead

puckhead

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 12 December 2013 - 07:34 PM

I was infected with zeroacess rootkit last week thought I had it all cleaned with help from you guys now I can't update windows and my machine won't stay hibernated plus my wifes IT guy thinks it may still be (she works from home sometimes on a remote desktop)

 

Please help

 

Ken

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Ken at 17:28:47 on 2013-12-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16384.14290 [GMT -7:00]
.
AV: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\iRacing\iRacingService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{01BEC208-09A2-4630-AF7D-BA93B833CAB9} : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
x64-BHO: GBHO.BHO: {45d30484-7ded-43d9-957a-d2fd1f046511} -
x64-TB: Smart Recovery 2: {1d09c093-f71e-43c3-b948-19316cbd695e} -
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\i6u13t0j.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-3-19 21104]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-2-20 213416]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-3-19 235520]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2013-3-4 1341664]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2013-1-10 139768]
R2 iRacingService;iRacing.com Helper Service;C:\Program Files (x86)\iRacing\iRacingService.exe [2012-3-19 540328]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-25 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-25 701512]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2012-3-19 114688]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-3-19 93712]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-5-25 52608]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-5-25 76160]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-25 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-3-18 533096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-8-20 103576]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-3-19 30528]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-20 19456]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-9-19 203104]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-20 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-20 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-18 1255736]
.
=============== Created Last 30 ================
.
2013-12-12 13:35:41    167424    ----a-w-    C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 13:35:41    164864    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 13:35:41    12625920    ----a-w-    C:\Windows\System32\wmploc.DLL
2013-12-12 13:35:41    12625408    ----a-w-    C:\Windows\SysWow64\wmploc.DLL
2013-12-11 13:38:09    10285968    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{89CCC8CC-8034-463A-8136-7B6A925FDB31}\mpengine.dll
2013-12-11 03:44:05    9293192    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-12-11 01:44:13    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-29 15:48:41    --------    d-----w-    C:\Program Files (x86)\ESET
2013-11-29 15:06:57    --------    d-----w-    C:\Program Files (x86)\VS Revo Group
2013-11-28 18:11:42    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-11-28 14:06:54    98816    ----a-w-    C:\Windows\sed.exe
2013-11-28 14:06:54    256000    ----a-w-    C:\Windows\PEV.exe
2013-11-28 14:06:54    208896    ----a-w-    C:\Windows\MBR.exe
2013-11-27 03:47:56    --------    d-----w-    C:\Windows\ERUNT
2013-11-27 03:39:00    --------    d-----w-    C:\AdwCleaner
2013-11-26 03:45:17    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-26 03:44:42    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2013-11-26 03:09:39    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-11-26 03:09:38    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-13 13:54:22    1474048    ----a-w-    C:\Windows\System32\crypt32.dll
.
==================== Find3M  ====================
.
2013-12-11 03:44:09    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-28 18:15:41    30528    ----a-w-    C:\Windows\GVTDrv64.sys
2013-11-28 18:15:29    25640    ----a-w-    C:\Windows\gdrv.sys
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-19 10:33:38    267936    ------w-    C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-10-19 02:18:57    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04    150016    ----a-w-    C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04    202752    ----a-w-    C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36    121856    ----a-w-    C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31    163840    ----a-w-    C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39    156160    ----a-w-    C:\Windows\System32\cscript.exe
2013-10-12 01:33:26    168960    ----a-w-    C:\Windows\System32\wscript.exe
2013-10-12 01:15:48    141824    ----a-w-    C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48    126976    ----a-w-    C:\Windows\SysWow64\cscript.exe
2013-10-08 13:50:37    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 19:57:25    1168384    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31    190464    ----a-w-    C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17    197120    ----a-w-    C:\Windows\System32\credui.dll
2013-10-04 02:24:49    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-10-04 02:16:30    116736    ----a-w-    C:\Windows\System32\drivers\drmk.sys
2013-10-04 01:58:50    152576    ----a-w-    C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25    168960    ----a-w-    C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-10-04 01:36:04    230400    ----a-w-    C:\Windows\System32\drivers\portcls.sys
2013-10-03 02:23:48    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40    154560    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33    28672    ----a-w-    C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33    135680    ----a-w-    C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01    28160    ----a-w-    C:\Windows\System32\secur32.dll
2013-09-25 02:22:59    340992    ----a-w-    C:\Windows\System32\schannel.dll
2013-09-25 02:21:50    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07    1447936    ----a-w-    C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24    30720    ----a-w-    C:\Windows\System32\lsass.exe
.
============= FINISH: 17:28:58.20 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/18/2012 11:26:04 PM
System Uptime: 12/12/2013 4:08:26 PM (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | Z68AP-D3
Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz | Socket 1155 | 4001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 303.794 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP180: 11/28/2013 7:06:57 AM - ComboFix created restore point
RP181: 11/28/2013 11:08:18 PM - Windows Update
RP182: 11/29/2013 8:07:45 AM - Revo Uninstaller's restore point - Adobe Reader X (10.1.8)
RP183: 11/29/2013 8:10:17 AM - Revo Uninstaller's restore point - FrostWire 5.6.6
RP184: 11/29/2013 8:11:08 AM - Revo Uninstaller's restore point - Frostwire Toolbar
RP185: 12/3/2013 6:49:11 AM - Windows Update
RP186: 12/6/2013 6:56:51 AM - Windows Update
RP187: 12/11/2013 6:36:37 AM - Windows Update
RP188: 12/12/2013 6:29:52 AM - Windows Update
.
==== Installed Programs ======================
.
@BIOS
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
AutoGreen B10.1021.1
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Diablo II
Diablo III
Diamond Multimedia 12.1 2400-6900 PCIe Win7Vista
Dungeons & Dragons Online ®:  Eberron Unlimited ™ v01.17.01.801
Easy Tune 6 B11.0630.1
ESET NOD32 Antivirus
ESET Online Scanner v3
Etron USB3.0 Host Controller
Google Earth
Google Update Helper
HydraVision
Intel® Processor Graphics
iRacing.com Race Simulation
Java 7 Update 45
Java Auto Updater
JavaFX 2.1.1
Logitech Gaming Software 5.10
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 24.2.0 (x86 en-US)
myReef
ON_OFF Charge B11.0110.1
Pando Media Booster
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Revo Uninstaller 1.95
RIFT
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Smart 6 B11.0512.1
Star Wars: The Old Republic
The Lord of the Rings Online™ v03.07.00.8037
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
.
==== Event Viewer Messages From Past Week ========
.
12/12/2013 6:55:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 for x64-based Systems (KB2898785).
.
==== End Of File ===========================
 



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:56 PM

Posted 15 December 2013 - 04:19 PM

Please do the following:

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

(MBAR tutorial can be found here: http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-rootkit)

Please download Malwarebytes Anti-Rootkit (MBAR) from here http://www.malwarebytes.org/products/mbar/ and save it to your desktop.
Direct link to the file: http://downloads.malwarebytes.org/file/mbar
•Be sure to print out and follow the instructions provided on that same page.
•Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
•Doubleclick on the MBAR file you downloaded.
•Approve the UAC prompt in Vista and newer operating systems.
•Click OK on the next screen, to allow the package to extract the contents of the file to it's own folder, mbar.
•By default, this will be on your desktop, though you can choose another location if you wish. We advise using the default location for simplicity.
•mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
•After reading the Introduction, click 'Next' if you agree.
•On the Update Database screen, click on the 'Update' button.
•Once you see 'Success: Database was successfully updated' click on 'Next'.
•Click the 'Scan' button.
A.With some infections, you may see two messages boxes.
1.'Could not load protection driver'. Click 'OK'.
2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
•If malware is found, press the Cleanup button when the scan completes.

~~~~~~~~~~~~~~~~~~~~~~~
Note: <<<< this is an important step >>>>
fixdamage - repair damaged services

If no detections occurred during the MBAR scan, and/or if the issue with Website Blocking remains, please do this next:
Open the Malwarebytes Anti-Rootkit folder.
Locate fixdamage.exe within the \mbar\Plugins folder and double click on it. In Windows Vista and Windows 7, approve the UAC prompt
fixdamage.exe will open a command window.
You will be asked if you want to continue. Type y if you do.
A reboot request may be made after the fix. Type y in the command prompt, and allow the computer to be rebooted.
Even if a reboot request was not made after running FixDamage.exe please restart the computer.

Once back in Windows, please send the following logs as attachments to your reply. These logs are located in the Malwarebytes Anti-Rootkit folder.

mbar-log-2013-xx-xx(xx-xx-xx).txt (where xx-xx(xx-xx-xx) is the date and time of the scan)
system-log.txt

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 puckhead

puckhead
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 15 December 2013 - 11:16 PM

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2013.12.16.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Ken :: KEN-PC [administrator]

12/15/2013 9:00:22 PM
mbar-log-2013-12-15 (21-00-22).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 229314
Time elapsed: 6 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:56 PM

Posted 16 December 2013 - 07:50 AM

Please run the following:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 puckhead

puckhead
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 16 December 2013 - 08:40 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-12-2013 02
Ran by Ken (administrator) on KEN-PC on 16-12-2013 06:36:20
Running from C:\Users\Ken\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) C:\Program Files (x86)\iRacing\iRacingService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11858536 2011-06-07] (Realtek Semiconductor)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [6330568 2013-03-04] (ESET)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x97752BDCCE28CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: GBHO.BHO - {45d30484-7ded-43d9-957a-d2fd1f046511} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\i6u13t0j.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: EPUBReader - C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\i6u13t0j.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF Extension: toolbar_FWV7 - C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\i6u13t0j.default\Extensions\toolbar_FWV7@apn.ask.com.xpi
FF Extension: zotero - C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\i6u13t0j.default\Extensions\zotero@chnm.gmu.edu.xpi
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

==================== Services (Whitelisted) =================

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1341664 2013-03-04] (ESET)
R2 iRacingService; C:\Program Files (x86)\iRacing\iRacingService.exe [540328 2013-09-09] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [139768 2013-01-10] (ESET)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-11-28] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-16 06:36 - 2013-12-16 06:36 - 00007526 _____ C:\Users\Ken\Downloads\FRST.txt
2013-12-16 06:36 - 2013-12-16 06:36 - 00000000 ____D C:\FRST
2013-12-16 06:15 - 2013-12-16 06:15 - 01927940 _____ (Farbar) C:\Users\Ken\Downloads\FRST64.exe
2013-12-15 21:00 - 2013-12-15 21:00 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-15 20:58 - 2013-12-15 21:09 - 00000000 ____D C:\Users\Ken\Desktop\mbar
2013-12-15 20:58 - 2013-12-15 20:58 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Ken\Downloads\mbar-1.07.0.1008.exe
2013-12-12 22:08 - 2013-11-26 04:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 22:08 - 2013-11-26 03:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 22:08 - 2013-11-26 03:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 22:08 - 2013-11-26 03:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 22:08 - 2013-11-26 02:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 22:08 - 2013-11-26 02:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 22:08 - 2013-11-26 02:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 22:08 - 2013-11-26 02:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 22:08 - 2013-11-26 02:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 22:08 - 2013-11-26 02:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 22:08 - 2013-11-26 02:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 22:08 - 2013-11-26 02:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 22:08 - 2013-11-26 02:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 22:08 - 2013-11-26 02:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 22:08 - 2013-11-26 01:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 22:08 - 2013-11-26 01:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 22:08 - 2013-11-26 01:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 22:08 - 2013-11-26 01:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 22:08 - 2013-11-26 01:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 22:08 - 2013-11-26 01:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 22:08 - 2013-11-26 01:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 22:08 - 2013-11-26 01:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 22:08 - 2013-11-26 00:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 22:08 - 2013-11-26 00:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 22:08 - 2013-11-26 00:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 22:08 - 2013-11-26 00:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 22:08 - 2013-11-25 23:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 22:08 - 2013-11-25 23:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 22:08 - 2013-11-25 23:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 22:08 - 2013-11-25 23:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 22:08 - 2013-11-25 23:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 17:29 - 2013-12-12 17:29 - 00005517 _____ C:\Users\Ken\Desktop\attach.txt
2013-12-12 17:29 - 2013-12-12 17:28 - 00013737 _____ C:\Users\Ken\Desktop\dds.txt
2013-12-12 17:27 - 2013-12-12 17:27 - 00688992 ____R (Swearware) C:\Users\Ken\Downloads\dds(1).com
2013-12-12 06:35 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-12 06:35 - 2013-05-09 22:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 06:35 - 2013-05-09 22:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 06:35 - 2013-05-09 21:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 06:35 - 2013-05-09 21:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-12 06:33 - 2013-12-12 06:33 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-12 06:33 - 2013-12-12 06:33 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-12 06:33 - 2013-12-12 06:33 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-12 06:33 - 2013-12-12 06:33 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-12 06:33 - 2013-12-12 06:33 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-12 06:33 - 2013-12-12 06:33 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-12 06:33 - 2013-12-12 06:33 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-12 06:33 - 2013-12-12 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-12 06:33 - 2013-12-12 06:33 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-12 06:33 - 2013-12-12 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-12 06:33 - 2013-12-12 06:33 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-12 06:33 - 2013-12-12 06:33 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-12 06:33 - 2013-12-12 06:33 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-12 06:33 - 2013-12-12 06:33 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-12 06:33 - 2013-12-12 06:33 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-12 06:33 - 2013-12-12 06:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-12 06:33 - 2013-12-12 06:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-12 06:33 - 2013-12-12 06:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-12 06:33 - 2013-12-12 06:33 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-12 06:32 - 2013-12-12 06:35 - 00007469 _____ C:\Windows\IE11_main.log
2013-12-11 17:47 - 2013-12-11 20:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-11 12:37 - 2013-12-11 12:37 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-11 06:39 - 2013-11-23 11:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 06:39 - 2013-11-23 10:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 06:39 - 2013-11-11 19:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 06:39 - 2013-11-11 19:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 06:39 - 2013-10-29 19:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 06:39 - 2013-10-29 19:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 06:39 - 2013-10-29 18:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 06:39 - 2013-10-18 19:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 06:39 - 2013-10-18 18:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 06:39 - 2013-10-11 19:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 06:39 - 2013-10-11 19:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 06:39 - 2013-10-11 19:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 06:39 - 2013-10-11 19:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 06:39 - 2013-10-11 18:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 06:39 - 2013-10-11 18:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 06:39 - 2013-10-11 18:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 06:39 - 2013-10-11 18:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 06:39 - 2013-10-03 19:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 06:39 - 2013-10-03 18:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-10 20:44 - 2013-12-10 20:44 - 09293192 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-10 18:44 - 2013-12-10 20:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-30 07:28 - 2013-12-16 06:10 - 00004022 _____ C:\Windows\setupact.log
2013-11-30 07:28 - 2013-11-30 07:28 - 00000000 _____ C:\Windows\setuperr.log
2013-11-30 07:27 - 2013-11-30 07:27 - 00000774 _____ C:\Windows\PFRO.log
2013-11-29 08:48 - 2013-11-29 08:48 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-29 08:45 - 2013-11-29 08:45 - 00000000 ____D C:\Users\Ken\Downloads\backups
2013-11-29 08:25 - 2013-11-29 08:26 - 00007011 _____ C:\Users\Ken\Downloads\hijackthis.log
2013-11-29 08:24 - 2013-11-29 08:24 - 00388608 _____ (Trend Micro Inc.) C:\Users\Ken\Downloads\HijackThis.exe
2013-11-29 08:15 - 2013-11-29 08:15 - 04429440 _____ (Piriform Ltd) C:\Users\Ken\Downloads\ccsetup404.exe
2013-11-29 08:14 - 2013-11-29 08:14 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-11-29 08:13 - 2013-11-29 08:13 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-29 08:06 - 2013-11-29 08:06 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Ken\Downloads\revosetup.exe
2013-11-29 08:06 - 2013-11-29 08:06 - 00001268 _____ C:\Users\Ken\Desktop\Revo Uninstaller.lnk
2013-11-29 08:06 - 2013-11-29 08:06 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-11-28 11:15 - 2013-11-28 11:15 - 00000004 _____ C:\Windows\SysWOW64\GVTunner.ref
2013-11-28 11:11 - 2013-11-28 11:11 - 00017184 _____ C:\ComboFix.txt
2013-11-28 11:05 - 2013-11-28 11:05 - 00001134 _____ C:\Users\Ken\Desktop\ComboFix - Shortcut.lnk
2013-11-28 07:06 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-28 07:06 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-28 07:06 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-28 07:06 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-28 07:06 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-28 07:06 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-28 07:06 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-28 07:06 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-28 07:02 - 2013-11-28 11:11 - 00000000 ____D C:\Qoobox
2013-11-28 07:02 - 2013-11-28 10:41 - 00000000 ____D C:\Windows\erdnt
2013-11-28 07:01 - 2013-11-28 07:01 - 05150163 ____R (Swearware) C:\Users\Ken\Downloads\ComboFix.exe
2013-11-26 20:47 - 2013-11-26 20:47 - 01034531 _____ (Thisisu) C:\Users\Ken\Downloads\JRT.exe
2013-11-26 20:47 - 2013-11-26 20:47 - 00000000 ____D C:\Windows\ERUNT
2013-11-26 20:39 - 2013-11-26 20:41 - 00000000 ____D C:\AdwCleaner
2013-11-26 20:38 - 2013-11-26 20:38 - 01091882 _____ C:\Users\Ken\Downloads\AdwCleaner.exe
2013-11-25 21:13 - 2013-11-25 21:13 - 00688992 ____R (Swearware) C:\Users\Ken\Downloads\dds.com
2013-11-25 20:54 - 2013-11-25 20:54 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Ken\Downloads\rkill.exe
2013-11-25 20:45 - 2013-12-15 21:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-25 20:44 - 2013-12-15 20:58 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-25 20:43 - 2013-11-25 20:43 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Ken\Downloads\mbar-1.07.0.1007.exe
2013-11-25 20:09 - 2013-11-25 20:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-25 20:09 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-25 20:04 - 2013-11-25 20:04 - 00001193 _____ C:\Users\Ken\Downloads\checkup.txt
2013-11-25 20:00 - 2013-11-25 20:00 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Ken\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-11-25 19:59 - 2013-11-25 20:06 - 00022345 _____ C:\Users\Ken\Downloads\Result.txt
2013-11-25 19:58 - 2013-11-25 19:58 - 00760937 _____ (Farbar) C:\Users\Ken\Downloads\MiniToolBox.exe
2013-11-25 19:57 - 2013-11-25 20:04 - 00005003 _____ C:\Users\Ken\Downloads\FSS.txt
2013-11-25 19:56 - 2013-11-25 19:56 - 00360881 _____ (Farbar) C:\Users\Ken\Downloads\FSS.exe

==================== One Month Modified Files and Folders =======

2013-12-16 06:36 - 2013-12-16 06:36 - 00007526 _____ C:\Users\Ken\Downloads\FRST.txt
2013-12-16 06:36 - 2013-12-16 06:36 - 00000000 ____D C:\FRST
2013-12-16 06:35 - 2013-07-12 16:01 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce7f53c648aa8f.job
2013-12-16 06:17 - 2009-07-13 22:13 - 00739918 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-16 06:17 - 2009-07-13 21:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-16 06:17 - 2009-07-13 21:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-16 06:15 - 2013-12-16 06:15 - 01927940 _____ (Farbar) C:\Users\Ken\Downloads\FRST64.exe
2013-12-16 06:11 - 2012-03-18 22:25 - 01125219 _____ C:\Windows\WindowsUpdate.log
2013-12-16 06:10 - 2013-11-30 07:28 - 00004022 _____ C:\Windows\setupact.log
2013-12-16 06:10 - 2012-04-19 16:27 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-16 06:10 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-15 21:09 - 2013-12-15 20:58 - 00000000 ____D C:\Users\Ken\Desktop\mbar
2013-12-15 21:09 - 2013-11-25 20:45 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-15 21:00 - 2013-12-15 21:00 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-15 20:58 - 2013-12-15 20:58 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Ken\Downloads\mbar-1.07.0.1008.exe
2013-12-15 20:58 - 2013-11-25 20:44 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-15 20:44 - 2012-06-13 11:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-15 07:12 - 2013-08-15 05:35 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 07:11 - 2012-03-18 23:02 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-13 19:39 - 2012-12-21 11:17 - 00002230 ____H C:\Users\Ken\Documents\Default.rdp
2013-12-13 19:39 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-12-13 06:28 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-12 17:29 - 2013-12-12 17:29 - 00005517 _____ C:\Users\Ken\Desktop\attach.txt
2013-12-12 17:28 - 2013-12-12 17:29 - 00013737 _____ C:\Users\Ken\Desktop\dds.txt
2013-12-12 17:27 - 2013-12-12 17:27 - 00688992 ____R (Swearware) C:\Users\Ken\Downloads\dds(1).com
2013-12-12 13:03 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-12-12 06:53 - 2012-03-19 00:19 - 00000000 ____D C:\Windows\Panther
2013-12-12 06:53 - 2012-03-18 22:26 - 00001417 _____ C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-12 06:52 - 2009-07-13 21:45 - 00275712 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 06:51 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-12 06:35 - 2013-12-12 06:32 - 00007469 _____ C:\Windows\IE11_main.log
2013-12-12 06:33 - 2013-12-12 06:33 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-12 06:33 - 2013-12-12 06:33 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-12 06:33 - 2013-12-12 06:33 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-12 06:33 - 2013-12-12 06:33 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-12 06:33 - 2013-12-12 06:33 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-12 06:33 - 2013-12-12 06:33 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-12 06:33 - 2013-12-12 06:33 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-12 06:33 - 2013-12-12 06:33 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-12 06:33 - 2013-12-12 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-12 06:33 - 2013-12-12 06:33 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-12 06:33 - 2013-12-12 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-12 06:33 - 2013-12-12 06:33 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-12 06:33 - 2013-12-12 06:33 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-12 06:33 - 2013-12-12 06:33 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-12 06:33 - 2013-12-12 06:33 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-12 06:33 - 2013-12-12 06:33 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-12 06:33 - 2013-12-12 06:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-12 06:33 - 2013-12-12 06:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-12 06:33 - 2013-12-12 06:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-12 06:33 - 2013-12-12 06:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-12 06:33 - 2013-12-12 06:33 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-12 06:27 - 2012-05-07 16:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-11 20:51 - 2013-12-11 17:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-11 12:37 - 2013-12-11 12:37 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-11 12:37 - 2012-04-19 16:27 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-10 20:44 - 2013-12-10 20:44 - 09293192 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-10 20:44 - 2013-12-10 18:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-10 20:44 - 2012-06-13 11:19 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 20:44 - 2012-03-19 10:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-30 07:28 - 2013-11-30 07:28 - 00000000 _____ C:\Windows\setuperr.log
2013-11-30 07:27 - 2013-11-30 07:27 - 00000774 _____ C:\Windows\PFRO.log
2013-11-29 08:48 - 2013-11-29 08:48 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-29 08:45 - 2013-11-29 08:45 - 00000000 ____D C:\Users\Ken\Downloads\backups
2013-11-29 08:26 - 2013-11-29 08:25 - 00007011 _____ C:\Users\Ken\Downloads\hijackthis.log
2013-11-29 08:24 - 2013-11-29 08:24 - 00388608 _____ (Trend Micro Inc.) C:\Users\Ken\Downloads\HijackThis.exe
2013-11-29 08:15 - 2013-11-29 08:15 - 04429440 _____ (Piriform Ltd) C:\Users\Ken\Downloads\ccsetup404.exe
2013-11-29 08:14 - 2013-11-29 08:14 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-11-29 08:14 - 2012-04-12 10:30 - 00000000 ____D C:\Users\Ken\AppData\Local\Adobe
2013-11-29 08:13 - 2013-11-29 08:13 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-29 08:13 - 2012-04-12 10:29 - 00000000 ____D C:\ProgramData\Adobe
2013-11-29 08:06 - 2013-11-29 08:06 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Ken\Downloads\revosetup.exe
2013-11-29 08:06 - 2013-11-29 08:06 - 00001268 _____ C:\Users\Ken\Desktop\Revo Uninstaller.lnk
2013-11-29 08:06 - 2013-11-29 08:06 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-11-28 20:55 - 2012-03-20 14:08 - 00000000 ____D C:\Users\Ken\Documents\The Lord of the Rings Online
2013-11-28 11:15 - 2013-11-28 11:15 - 00000004 _____ C:\Windows\SysWOW64\GVTunner.ref
2013-11-28 11:15 - 2012-03-19 06:31 - 00030528 _____ C:\Windows\GVTDrv64.sys
2013-11-28 11:15 - 2012-03-19 06:30 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2013-11-28 11:11 - 2013-11-28 11:11 - 00017184 _____ C:\ComboFix.txt
2013-11-28 11:11 - 2013-11-28 07:02 - 00000000 ____D C:\Qoobox
2013-11-28 11:10 - 2009-07-13 19:34 - 00000215 _____ C:\Windows\system.ini
2013-11-28 11:05 - 2013-11-28 11:05 - 00001134 _____ C:\Users\Ken\Desktop\ComboFix - Shortcut.lnk
2013-11-28 10:41 - 2013-11-28 07:02 - 00000000 ____D C:\Windows\erdnt
2013-11-28 10:41 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Default
2013-11-28 07:01 - 2013-11-28 07:01 - 05150163 ____R (Swearware) C:\Users\Ken\Downloads\ComboFix.exe
2013-11-26 23:30 - 2013-07-12 16:01 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1ce7f53c648aa8f
2013-11-26 23:30 - 2012-04-19 16:27 - 00003636 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-26 20:47 - 2013-11-26 20:47 - 01034531 _____ (Thisisu) C:\Users\Ken\Downloads\JRT.exe
2013-11-26 20:47 - 2013-11-26 20:47 - 00000000 ____D C:\Windows\ERUNT
2013-11-26 20:41 - 2013-11-26 20:39 - 00000000 ____D C:\AdwCleaner
2013-11-26 20:38 - 2013-11-26 20:38 - 01091882 _____ C:\Users\Ken\Downloads\AdwCleaner.exe
2013-11-26 04:54 - 2013-12-12 22:08 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 03:19 - 2013-12-12 22:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 03:18 - 2013-12-12 22:08 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 03:11 - 2013-12-12 22:08 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 02:48 - 2013-12-12 22:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 02:46 - 2013-12-12 22:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 02:41 - 2013-12-12 22:08 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 02:29 - 2013-12-12 22:08 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 02:27 - 2013-12-12 22:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 02:23 - 2013-12-12 22:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 02:21 - 2013-12-12 22:08 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 02:18 - 2013-12-12 22:08 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 02:18 - 2013-12-12 22:08 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 02:16 - 2013-12-12 22:08 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 01:57 - 2013-12-12 22:08 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 01:38 - 2013-12-12 22:08 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 01:38 - 2013-12-12 22:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 01:35 - 2013-12-12 22:08 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 01:32 - 2013-12-12 22:08 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 01:28 - 2013-12-12 22:08 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 01:16 - 2013-12-12 22:08 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 01:02 - 2013-12-12 22:08 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 00:48 - 2013-12-12 22:08 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 00:32 - 2013-12-12 22:08 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 00:26 - 2013-12-12 22:08 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 00:07 - 2013-12-12 22:08 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-25 23:40 - 2013-12-12 22:08 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-25 23:34 - 2013-12-12 22:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-25 23:34 - 2013-12-12 22:08 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-25 23:33 - 2013-12-12 22:08 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-25 23:27 - 2013-12-12 22:08 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-25 21:13 - 2013-11-25 21:13 - 00688992 ____R (Swearware) C:\Users\Ken\Downloads\dds.com
2013-11-25 20:54 - 2013-11-25 20:54 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Ken\Downloads\rkill.exe
2013-11-25 20:43 - 2013-11-25 20:43 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Ken\Downloads\mbar-1.07.0.1007.exe
2013-11-25 20:09 - 2013-11-25 20:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-25 20:06 - 2013-11-25 19:59 - 00022345 _____ C:\Users\Ken\Downloads\Result.txt
2013-11-25 20:04 - 2013-11-25 20:04 - 00001193 _____ C:\Users\Ken\Downloads\checkup.txt
2013-11-25 20:04 - 2013-11-25 19:57 - 00005003 _____ C:\Users\Ken\Downloads\FSS.txt
2013-11-25 20:00 - 2013-11-25 20:00 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Ken\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-11-25 19:58 - 2013-11-25 19:58 - 00760937 _____ (Farbar) C:\Users\Ken\Downloads\MiniToolBox.exe
2013-11-25 19:56 - 2013-11-25 19:56 - 00360881 _____ (Farbar) C:\Users\Ken\Downloads\FSS.exe
2013-11-23 11:26 - 2013-12-11 06:39 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-23 10:47 - 2013-12-11 06:39 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-11-20 20:30 - 2012-03-20 13:40 - 00000000 ____D C:\Users\Ken\AppData\Local\Turbine
2013-11-19 03:33 - 2010-11-20 20:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Files to move or delete:
====================
C:\Users\Ken\g2ax_customer_downloadhelper_win32_x86.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-10 07:29

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-12-2013 02
Ran by Ken at 2013-12-16 06:36:58
Running from C:\Users\Ken\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET NOD32 Antivirus 6.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 6.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

@BIOS (x32 Version: 2.12)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
AMD APP SDK Runtime (Version: 10.0.851.4)
AMD Catalyst Install Manager (Version: 3.0.859.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.61205.2219)
AutoGreen B10.1021.1 (x32 Version: 1.00.0000)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2011.1205.2215.39827)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.1205.2215.39827)
Catalyst Control Center InstallProxy (x32 Version: 2011.1205.2215.39827)
Catalyst Control Center Localization All (x32 Version: 2011.1205.2215.39827)
CCC Help Chinese Standard (x32 Version: 2011.1205.2214.39827)
CCC Help Chinese Traditional (x32 Version: 2011.1205.2214.39827)
CCC Help Czech (x32 Version: 2011.1205.2214.39827)
CCC Help Danish (x32 Version: 2011.1205.2214.39827)
CCC Help Dutch (x32 Version: 2011.1205.2214.39827)
CCC Help English (x32 Version: 2011.1205.2214.39827)
CCC Help Finnish (x32 Version: 2011.1205.2214.39827)
CCC Help French (x32 Version: 2011.1205.2214.39827)
CCC Help German (x32 Version: 2011.1205.2214.39827)
CCC Help Greek (x32 Version: 2011.1205.2214.39827)
CCC Help Hungarian (x32 Version: 2011.1205.2214.39827)
CCC Help Italian (x32 Version: 2011.1205.2214.39827)
CCC Help Japanese (x32 Version: 2011.1205.2214.39827)
CCC Help Korean (x32 Version: 2011.1205.2214.39827)
CCC Help Norwegian (x32 Version: 2011.1205.2214.39827)
CCC Help Polish (x32 Version: 2011.1205.2214.39827)
CCC Help Portuguese (x32 Version: 2011.1205.2214.39827)
CCC Help Russian (x32 Version: 2011.1205.2214.39827)
CCC Help Spanish (x32 Version: 2011.1205.2214.39827)
CCC Help Swedish (x32 Version: 2011.1205.2214.39827)
CCC Help Thai (x32 Version: 2011.1205.2214.39827)
CCC Help Turkish (x32 Version: 2011.1205.2214.39827)
ccc-utility64 (Version: 2011.1205.2215.39827)
Diablo II (x32)
Diablo III (x32 Version: 1.0.7.15295)
Diamond Multimedia 12.1 2400-6900 PCIe Win7Vista (x32 Version: 3.0.859.0)
Dungeons & Dragons Online ®:  Eberron Unlimited ™ v01.17.01.801 (x32 Version: 01.17.01.8018)
Easy Tune 6 B11.0630.1 (x32 Version: 1.00.0000)
ESET NOD32 Antivirus (Version: 6.0.314.0)
ESET Online Scanner v3 (x32)
Etron USB3.0 Host Controller (x32 Version: 0.101)
Google Earth (x32 Version: 7.1.2.2041)
Google Update Helper (x32 Version: 1.3.22.3)
HydraVision (x32 Version: 4.2.220.0)
Intel® Processor Graphics (x32 Version: 9.17.10.2867)
iRacing.com Race Simulation (x32 Version: 1.01.0330)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
JavaFX 2.1.1 (x32 Version: 2.1.1)
Logitech Gaming Software 5.10 (Version: 5.10.127)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 1.1 (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 24.2.0)
Mozilla Thunderbird 24.2.0 (x86 en-US) (x32 Version: 24.2.0)
myReef (x32 Version: 2.0.78)
ON_OFF Charge B11.0110.1 (x32 Version: 1.00.0001)
Pando Media Booster (x32 Version: 2.6.0.6)
QuickTime (x32)
Realtek Ethernet Controller Driver (x32 Version: 7.45.516.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6387)
Revo Uninstaller 1.95 (x32 Version: 1.95)
RIFT (x32 Version: 1.0.0)
Smart 6 B11.0512.1 (x32 Version: 1.00.0000)
Star Wars: The Old Republic (x32 Version: 1.00)
The Lord of the Rings Online™ v03.07.00.8037 (x32 Version: 03.07.00.8037)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)

==================== Restore Points  =========================

28-11-2013 14:06:57 ComboFix created restore point
29-11-2013 06:08:18 Windows Update
29-11-2013 15:07:45 Revo Uninstaller's restore point - Adobe Reader X (10.1.8)
29-11-2013 15:10:17 Revo Uninstaller's restore point - FrostWire 5.6.6
29-11-2013 15:11:08 Revo Uninstaller's restore point - Frostwire Toolbar
03-12-2013 13:49:11 Windows Update
06-12-2013 13:56:51 Windows Update
11-12-2013 13:36:37 Windows Update
12-12-2013 13:29:52 Windows Update
13-12-2013 05:08:11 Windows Update
15-12-2013 14:10:02 Windows Update

==================== Hosts content: ==========================

2009-07-13 19:34 - 2013-11-28 10:39 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => Rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => Rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
Task: {1CAB271A-D4A4-4217-9726-22FD1541A124} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {2FD6D3E5-E5CE-4A36-B282-DBA8C8932EDF} - System32\Tasks\{E860AA76-E03D-4057-9A19-5CEFABADEDEE} => C:\Program Files (x86)\Diablo II\Diablo II.exe [2012-03-20] (Blizzard North)
Task: {37F5A605-BC2F-40B4-B7D4-A3A697AF6939} - System32\Tasks\{FADDDB0D-7BD6-4965-9637-08B8BF628795} => C:\Program Files (x86)\Diablo II\Diablo II.exe [2012-03-20] (Blizzard North)
Task: {72F0280E-4DDE-4DA2-8C0C-8552CC82CBD2} - System32\Tasks\{DCBCA523-6EFC-4AC8-8139-F549A98FB319} => C:\Program Files (x86)\Diablo II\Diablo II.exe [2012-03-20] (Blizzard North)
Task: {867405EB-BA26-445B-A303-41A3EF123558} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1018556550-3357067084-1265172013-1000 => Rundll32.exe portabledeviceapi.dll,#1
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => Rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
Task: {A6AF6A43-8212-4B2B-A0E7-127F18C761AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-19] (Google Inc.)
Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe aepdu.dll,AePduRunUpdate
Task: {A7D20886-75FD-463D-9E0B-42A80F2A2FCD} - System32\Tasks\{090B86B1-09AF-4722-89BD-E17BD0D8EAB6} => C:\Program Files (x86)\Diablo II\Diablo II.exe [2012-03-20] (Blizzard North)
Task: {B3A89C32-F3D0-41EE-9448-CCBBCA7029AB} - System32\Tasks\{A8DC88D8-4CCA-4C80-8818-5D61FE1C7DC9} => C:\Program Files (x86)\Diablo II\Diablo II.exe [2012-03-20] (Blizzard North)
Task: {C08779AF-D84B-44D5-BE5B-635D1ED5FC23} - System32\Tasks\{86DF1B1F-B384-4DDB-A2EA-701825903F26} => C:\Program Files (x86)\Diablo II\Diablo II.exe [2012-03-20] (Blizzard North)
Task: {C6461AFF-7C33-4CF4-8717-114859748DED} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => Rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
Task: {D52BBC64-A9BA-4FBC-B4DC-1417295A088C} - System32\Tasks\{6E5A9BDA-8CE8-40B7-B6D1-935825A750B0} => C:\Program Files (x86)\Diablo II\Diablo II.exe [2012-03-20] (Blizzard North)
Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => Rundll32.exe /d acproxy.dll,PerformAutochkOperations
Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => Rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
Task: {F7AC61C5-0DC7-4D7D-ABCA-B781CD1F0CFA} - System32\Tasks\GoogleUpdateTaskMachineUA1ce7f53c648aa8f => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-19] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce7f53c648aa8f.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-02-14 16:53 - 2012-02-14 16:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-12-11 17:47 - 2013-12-11 17:48 - 03017840 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2013-12-11 17:47 - 2013-12-11 17:47 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2013-12-11 17:47 - 2013-12-11 17:47 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/16/2013 06:12:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/15/2013 09:13:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/15/2013 07:55:09 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/15/2013 07:10:06 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/14/2013 07:18:41 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/14/2013 07:08:15 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/14/2013 00:30:03 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/13/2013 09:43:10 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 25.0.1.5064, time stamp: 0x5282f204
Faulting module name: xul.dll, version: 25.0.1.5064, time stamp: 0x5282f10e
Exception code: 0xc0000005
Fault offset: 0x00118f87
Faulting process id: 0xcc4
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (12/13/2013 07:23:00 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/13/2013 06:28:24 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/15/2013 09:13:11 PM) (Source: NetBT) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.

Error: (12/15/2013 09:12:01 PM) (Source: NetBT) (User: )
Description: The name "KEN-PC         :0" could not be registered on the interface with IP address 192.168.0.101.
The computer with the IP address 192.168.0.105 did not allow the name to be claimed by
this computer.

Error: (12/15/2013 07:08:26 AM) (Source: NetBT) (User: )
Description: The name "KEN-PC         :20" could not be registered on the interface with IP address 192.168.0.101.
The computer with the IP address 192.168.0.105 did not allow the name to be claimed by
this computer.

Error: (12/15/2013 07:08:28 AM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{01BEC208-09A2-4630-AF7D-BA93B833CAB9} because another computer on the network has the same name.  The server could not start.

Error: (12/12/2013 06:55:53 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 for x64-based Systems (KB2898785).

Error: (12/08/2013 08:47:16 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 6:50:00 AM on ‎12/‎8/‎2013 was unexpected.

Error: (11/28/2013 11:10:53 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/28/2013 11:09:35 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/28/2013 10:38:01 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/28/2013 10:37:39 AM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


Microsoft Office Sessions:
=========================
Error: (12/16/2013 06:12:05 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/15/2013 09:13:43 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/15/2013 07:55:09 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (12/15/2013 07:10:06 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/14/2013 07:18:41 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/14/2013 07:08:15 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/14/2013 00:30:03 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (12/13/2013 09:43:10 PM) (Source: Application Error)(User: )
Description: firefox.exe25.0.1.50645282f204xul.dll25.0.1.50645282f10ec000000500118f87cc401cef885e260ea80C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll3b10488d-647a-11e3-ad5b-50e54943f6f6

Error: (12/13/2013 07:23:00 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (12/13/2013 06:28:24 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-11-28 10:37:39.227
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-28 10:37:39.196
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 16384 MB
Available physical RAM: 14263.03 MB
Total Pagefile: 32766.18 MB
Available Pagefile: 30539.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:301.34 GB) NTFS
Drive d: (Apex) (CDROM) (Total:0.02 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 000626E2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:56 PM

Posted 16 December 2013 - 12:32 PM

Did you run the fixdamage.exe tool from the previous instructions?

The FRST log looks OK,

what outstanding issues do you still have?

Please run the following

Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • If items are found, please select the Clean button
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 puckhead

puckhead
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 16 December 2013 - 08:32 PM

yes I did run the fix damage were you refering this part

 

Note: <<<< this is an important step >>>>
fixdamage - repair damaged services

If no detections occurred during the MBAR scan, and/or if the issue with Website Blocking remains, please do this next:
Open the Malwarebytes Anti-Rootkit folder.
Locate fixdamage.exe within the \mbar\Plugins folder and double click on it. In Windows Vista and Windows 7, approve the UAC prompt
fixdamage.exe will open a command window.
You will be asked if you want to continue. Type y if you do.
A reboot request may be made after the fix. Type y in the command prompt, and allow the computer to be rebooted.
Even if a reboot request was not made after running FixDamage.exe please restart the computer.

 

If so yes I did


Edited by puckhead, 16 December 2013 - 08:32 PM.


#8 puckhead

puckhead
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 16 December 2013 - 08:41 PM

# AdwCleaner v3.015 - Report created 16/12/2013 at 18:38:19
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ken - KEN-PC
# Running from : C:\Users\Ken\Downloads\adwcleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\i6u13t0j.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1543 octets] - [26/11/2013 20:39:03]
AdwCleaner[R1].txt - [890 octets] - [16/12/2013 18:35:54]
AdwCleaner[S0].txt - [1548 octets] - [26/11/2013 20:41:03]
AdwCleaner[S1].txt - [812 octets] - [16/12/2013 18:38:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [871 octets] ##########



#9 puckhead

puckhead
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 16 December 2013 - 08:44 PM

It seems like it is hibernating as normal now I will have the wife ask her I.T. guy if the attempts are continuing



#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:56 PM

Posted 16 December 2013 - 11:35 PM

It would appear to be clean from the logs provided,

let me know if there are any outstanding symptoms and we'll take a deeper look, but all appears to be ok

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 puckhead

puckhead
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 18 December 2013 - 02:05 PM

My wife talked to her I.T. guy at work and it looks as if the attempets have stopped I thank you for all your help this can be closed now

 

many thanks,

 

Ken



#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:56 PM

Posted 18 December 2013 - 04:58 PM

That's good to hear,

we just need to clean up the tools:


You can delete the DDS, MBAR and FRST logs and programs from your desktop.


NEXT
  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.
If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE
  • AdblockPlus
    • AdblockPlus, Surf the web without annoying ads!
    • Blocks banners, pop-ups and video ads - even on Facebook and YouTube
    • Protects your online privacy
    • Two-click installation, It's free!
    • click the icon that corresponds to your browser and download.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    PC Safety and Security--What Do I Need?.
  • Simple and easy ways to keep your computer safe and secure on the Internet
Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:56 PM

Posted 20 January 2014 - 06:40 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users