Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

email virus


  • This topic is locked This topic is locked
29 replies to this topic

#1 robpetcro

robpetcro

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 15 December 2013 - 12:01 PM

Please see topic http://www.bleepingcomputer.com/forums/t/517463/email-virus/#entry3233341 as this gives the details of my problem.I have eventually managed to produce the dds files by going into safe mode, I hope this gives the info needed, see attached.

Attached Files



BC AdBot (Login to Remove)

 


#2 robpetcro

robpetcro
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 16 December 2013 - 02:46 PM

Just realised my mistake. My pc is rendered useless by this malware, any time you try and do something, some function or other flashes up and stops what you want to start/open/play, the computer has no problem starting but have kept it offline since this started.

 

DDS (Ver_2012-11-20.01) - NTFS_x86 MINIMAL
Internet Explorer: 9.0.8112.16526  BrowserJavaVersion: 10.45.2
Run by Rob at 15:04:21 on 2013-12-15
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.2045.1595 [GMT 0:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\Explorer.EXE
C:\Windows\helppane.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.thetechguys.com/welcome
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Emcy] c:\users\rob\appdata\roaming\izem\emcy.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HOSTS Anti-Adware_PUPs] c:\program files\hosts_anti_adwares_pups\HOSTS_Anti-Adware_main.exe
mRun: [D-Link D-Link Wireless N DWA-140] c:\program files\d-link\dwa-140 revb\AirNCFG.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Nvtmru] "c:\program files\nvidia corporation\nvidia update core\nvtmru.exe"
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
StartupFolder: c:\users\rob\appdata\roaming\micros~1\windows\startm~1\programs\startup\homest~1.lnk - c:\program files\homestream\bin\HomestreamConsole.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tvmobi~1.lnk - c:\program files\tvmobili\bin\iTunesAlbumArtGenerator.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: TaskbarNoNotification = dword:1
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: TaskbarNoNotification = dword:1
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{BC86B45B-B72B-4F8F-A669-06E1BCCDBA49} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 DSFKSVCS;Kernel Services for DSF;c:\windows\system32\drivers\dsfksvcs.sys [2010-2-8 479992]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2011-8-10 45288]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-9-28 5632]
S0 dsfroot;root enumerated bus driver;c:\windows\system32\drivers\dsfroot.sys [2010-2-8 31608]
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\drivers\anodlwf.sys [2012-4-4 12800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 D-Link Wireless N DWA-140_WPS;D-Link Wireless N DWA-140_WPS Service;c:\program files\d-link\dwa-140 revb\ANIWConnService.exe [2012-4-4 53248]
S2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2007-2-12 208896]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2012-4-4 21504]
S2 Homestream;Homestream;c:\program files\homestream\bin\HomestreamService.exe [2012-5-25 278528]
S2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;c:\program files\hosts_anti_adwares_pups\hosts_anti-adware.exe -update --> c:\program files\hosts_anti_adwares_pups\HOSTS_Anti-Adware.exe -update [?]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-12 418376]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-19 701512]
S2 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2007-6-27 157912]
S2 NMSCore;Intel® NMSCore;c:\program files\common files\intel\inteldh\nms\nmscore\NMSCore.exe [2007-6-27 317656]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2007-2-18 5376]
S2 QualityManager;Intel® Quality Manager;c:\program files\intel\inteldh\intel media server\media server\bin\QualityManager.exe [2007-6-27 272600]
S2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2012-5-15 14976]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2013-9-2 790368]
S2 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2013-8-7 609056]
S2 tvMobiliService;tvMobiliService;c:\program files\tvmobili\bin\tvMobiliService.exe [2013-1-30 1145344]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2012-8-24 84832]
S3 debutfilter;Debut Upper Filter Driver v6.20.01;c:\windows\system32\drivers\debutfilterx86.sys [2013-9-16 43344]
S3 DHTRACE;Intel® DHTrace Controller;c:\program files\common files\intel\inteldh\bin\DHTraceController.exe [2007-6-27 39640]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-10-9 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 HRMCFGSPC;DSF General Configuration Space Redirection Module;c:\windows\system32\drivers\hrmcfgspc.sys [2010-2-8 92664]
S3 HRMINTS;DSF Interrupt Redirection Module;c:\windows\system32\drivers\hrmints.sys [2010-2-8 89976]
S3 HRMPORTS;DSF IO Port Redirection Module;c:\windows\system32\drivers\hrmports.sys [2010-2-8 103160]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-19 22856]
S3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Dnetr28u.sys [2012-4-4 849248]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 104768]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2013-2-6 1690784]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2012.sp5a\RpcAgentSrv.exe [2012-8-17 71832]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-22 770168]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2013-12-14 13:26:38 -------- d-sh--w- C:\$RECYCLE.BIN
2013-12-14 13:20:53 98816 ----a-w- c:\windows\sed.exe
2013-12-14 13:20:53 256000 ----a-w- c:\windows\PEV.exe
2013-12-14 13:20:53 208896 ----a-w- c:\windows\MBR.exe
2013-12-14 13:20:46 -------- d-s---w- C:\etavaresCF
2013-12-13 15:51:19 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{487746a8-7e1c-4331-9899-619f1d3a89ae}\offreg.dll
2013-12-12 21:45:59 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2013-12-12 21:45:59 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll
2013-12-12 21:45:58 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-12-12 17:26:53 7772552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{487746a8-7e1c-4331-9899-619f1d3a89ae}\mpengine.dll
2013-12-12 17:08:09 2050560 ----a-w- c:\windows\system32\win32k.sys
2013-12-12 17:08:08 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-12-12 17:08:08 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-12 17:08:08 155648 ----a-w- c:\windows\system32\wscript.exe
2013-12-12 17:08:08 131072 ----a-w- c:\windows\system32\wshom.ocx
2013-12-12 17:08:08 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-12 17:08:07 36864 ----a-w- c:\windows\system32\wshcon.dll
2013-12-12 17:08:07 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-12-12 17:08:07 158208 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-12 17:08:07 135168 ----a-w- c:\windows\system32\cscript.exe
2013-12-10 11:23:44 7772552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-12-06 09:28:37 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{4a5f2136-6622-428f-8c86-5dbed0e4ed05}\gapaengine.dll
2013-12-04 16:03:28 -------- d-----w- c:\users\rob\appdata\local\NVIDIA
2013-12-04 15:25:03 9619872 ----a-w- c:\windows\system32\nvopencl.dll
2013-12-04 15:25:03 15862272 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-12-04 15:25:02 22951200 ----a-w- c:\windows\system32\nvoglv32.dll
2013-12-04 15:25:02 10446112 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-12-04 15:25:01 9663656 ----a-w- c:\windows\system32\nvcuda.dll
2013-12-04 15:25:01 893728 ----a-w- c:\windows\system32\nvdispgenco3233182.dll
2013-12-04 15:25:01 2947872 ----a-w- c:\windows\system32\nvcuvid.dll
2013-12-04 15:25:01 2747680 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-12-04 15:25:01 1049888 ----a-w- c:\windows\system32\nvdispco3233182.dll
2013-12-04 15:24:58 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
2013-12-02 11:51:31 -------- d-----w- c:\program files\Application Verifier
2013-12-02 11:51:11 -------- d-----w- c:\program files\Windows Kits
2013-11-27 16:40:44 -------- d-----w- c:\users\rob\appdata\roaming\Windows Live Writer
2013-11-27 16:40:44 -------- d-----w- c:\users\rob\appdata\local\Windows Live Writer
2013-11-27 16:37:48 -------- d-----w- c:\users\rob\appdata\local\{A85BAD7E-DECE-422A-944F-5EBBADA685A5}
.
==================== Find3M  ====================
.
2013-11-19 10:21:30 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-14 22:50:50 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 22:42:41 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 22:38:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 22:38:16 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 22:35:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-14 11:57:18 15218504 ----a-w- c:\windows\system32\nvd3dum.dll
2013-11-14 11:57:15 2697248 ----a-w- c:\windows\system32\nvapi.dll
2013-11-11 14:26:52 4321056 ----a-w- c:\windows\system32\nvcpl.dll
2013-11-11 14:26:52 3036960 ----a-w- c:\windows\system32\nvsvc.dll
2013-11-11 14:26:50 664352 ----a-w- c:\windows\system32\nvvsvc.exe
2013-11-11 14:26:50 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-11-11 14:26:50 2555168 ----a-w- c:\windows\system32\nvsvcr.dll
2013-11-11 14:26:50 209184 ----a-w- c:\windows\system32\nvmctray.dll
2013-10-30 02:13:01 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-11 02:08:02 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-11 02:07:57 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-08 07:50:41 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-03 12:45:50 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 12:45:45 993792 ----a-w- c:\windows\system32\crypt32.dll
2013-09-27 09:53:06 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-27 09:53:06 104768 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-09-16 18:59:34 43344 ----a-w- c:\windows\system32\drivers\debutfilterx86.sys
.
============= FINISH: 15:06:02.49 ===============


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:25 AM

Posted 20 December 2013 - 12:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/517543 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 robpetcro

robpetcro
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 20 December 2013 - 03:41 PM

I tried to run dds in normal mode but still get told that various functions have stopped working - it did try to run but got 45 messages saying "dds is already running" then it eventually crashed. I restarted in safe mode and ran the scan again, see results below. PC is vista home premium 32 bit, I do not have any operating system disc. Thank you, Rob

 

DDS (Ver_2012-11-20.01) - NTFS_x86 MINIMAL

Internet Explorer: 9.0.8112.16526  BrowserJavaVersion: 10.45.2
Run by Rob at 20:20:25 on 2013-12-20
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.2045.1624 [GMT 0:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.thetechguys.com/welcome
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Emcy] c:\users\rob\appdata\roaming\izem\emcy.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HOSTS Anti-Adware_PUPs] c:\program files\hosts_anti_adwares_pups\HOSTS_Anti-Adware_main.exe
mRun: [D-Link D-Link Wireless N DWA-140] c:\program files\d-link\dwa-140 revb\AirNCFG.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Nvtmru] "c:\program files\nvidia corporation\nvidia update core\nvtmru.exe"
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
StartupFolder: c:\users\rob\appdata\roaming\micros~1\windows\startm~1\programs\startup\homest~1.lnk - c:\program files\homestream\bin\HomestreamConsole.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tvmobi~1.lnk - c:\program files\tvmobili\bin\iTunesAlbumArtGenerator.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: TaskbarNoNotification = dword:1
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: TaskbarNoNotification = dword:1
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{BC86B45B-B72B-4F8F-A669-06E1BCCDBA49} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 DSFKSVCS;Kernel Services for DSF;c:\windows\system32\drivers\dsfksvcs.sys [2010-2-8 479992]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2011-8-10 45288]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-9-28 5632]
S0 dsfroot;root enumerated bus driver;c:\windows\system32\drivers\dsfroot.sys [2010-2-8 31608]
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\drivers\anodlwf.sys [2012-4-4 12800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 D-Link Wireless N DWA-140_WPS;D-Link Wireless N DWA-140_WPS Service;c:\program files\d-link\dwa-140 revb\ANIWConnService.exe [2012-4-4 53248]
S2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2007-2-12 208896]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2012-4-4 21504]
S2 Homestream;Homestream;c:\program files\homestream\bin\HomestreamService.exe [2012-5-25 278528]
S2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;c:\program files\hosts_anti_adwares_pups\hosts_anti-adware.exe -update --> c:\program files\hosts_anti_adwares_pups\HOSTS_Anti-Adware.exe -update [?]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-12 418376]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-19 701512]
S2 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2007-6-27 157912]
S2 NMSCore;Intel® NMSCore;c:\program files\common files\intel\inteldh\nms\nmscore\NMSCore.exe [2007-6-27 317656]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2007-2-18 5376]
S2 QualityManager;Intel® Quality Manager;c:\program files\intel\inteldh\intel media server\media server\bin\QualityManager.exe [2007-6-27 272600]
S2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2012-5-15 14976]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2013-9-2 790368]
S2 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2013-8-7 609056]
S2 tvMobiliService;tvMobiliService;c:\program files\tvmobili\bin\tvMobiliService.exe [2013-1-30 1145344]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2012-8-24 84832]
S3 debutfilter;Debut Upper Filter Driver v6.20.01;c:\windows\system32\drivers\debutfilterx86.sys [2013-9-16 43344]
S3 DHTRACE;Intel® DHTrace Controller;c:\program files\common files\intel\inteldh\bin\DHTraceController.exe [2007-6-27 39640]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-10-9 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 HRMCFGSPC;DSF General Configuration Space Redirection Module;c:\windows\system32\drivers\hrmcfgspc.sys [2010-2-8 92664]
S3 HRMINTS;DSF Interrupt Redirection Module;c:\windows\system32\drivers\hrmints.sys [2010-2-8 89976]
S3 HRMPORTS;DSF IO Port Redirection Module;c:\windows\system32\drivers\hrmports.sys [2010-2-8 103160]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-19 22856]
S3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Dnetr28u.sys [2012-4-4 849248]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 104768]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2013-2-6 1690784]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2012.sp5a\RpcAgentSrv.exe [2012-8-17 71832]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-22 770168]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2013-12-14 13:26:38 -------- d-sh--w- C:\$RECYCLE.BIN
2013-12-14 13:20:53 98816 ----a-w- c:\windows\sed.exe
2013-12-14 13:20:53 256000 ----a-w- c:\windows\PEV.exe
2013-12-14 13:20:53 208896 ----a-w- c:\windows\MBR.exe
2013-12-14 13:20:46 -------- d-s---w- C:\etavaresCF
2013-12-13 15:51:19 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{487746a8-7e1c-4331-9899-619f1d3a89ae}\offreg.dll
2013-12-12 21:45:59 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2013-12-12 21:45:59 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll
2013-12-12 21:45:58 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-12-12 17:26:53 7772552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{487746a8-7e1c-4331-9899-619f1d3a89ae}\mpengine.dll
2013-12-12 17:08:09 2050560 ----a-w- c:\windows\system32\win32k.sys
2013-12-12 17:08:08 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-12-12 17:08:08 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-12 17:08:08 155648 ----a-w- c:\windows\system32\wscript.exe
2013-12-12 17:08:08 131072 ----a-w- c:\windows\system32\wshom.ocx
2013-12-12 17:08:08 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-12 17:08:07 36864 ----a-w- c:\windows\system32\wshcon.dll
2013-12-12 17:08:07 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-12-12 17:08:07 158208 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-12 17:08:07 135168 ----a-w- c:\windows\system32\cscript.exe
2013-12-10 11:23:44 7772552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-12-06 09:28:37 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{4a5f2136-6622-428f-8c86-5dbed0e4ed05}\gapaengine.dll
2013-12-04 16:03:28 -------- d-----w- c:\users\rob\appdata\local\NVIDIA
2013-12-04 15:25:03 9619872 ----a-w- c:\windows\system32\nvopencl.dll
2013-12-04 15:25:03 15862272 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-12-04 15:25:02 22951200 ----a-w- c:\windows\system32\nvoglv32.dll
2013-12-04 15:25:02 10446112 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-12-04 15:25:01 9663656 ----a-w- c:\windows\system32\nvcuda.dll
2013-12-04 15:25:01 893728 ----a-w- c:\windows\system32\nvdispgenco3233182.dll
2013-12-04 15:25:01 2947872 ----a-w- c:\windows\system32\nvcuvid.dll
2013-12-04 15:25:01 2747680 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-12-04 15:25:01 1049888 ----a-w- c:\windows\system32\nvdispco3233182.dll
2013-12-04 15:24:58 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
2013-12-02 11:51:31 -------- d-----w- c:\program files\Application Verifier
2013-12-02 11:51:11 -------- d-----w- c:\program files\Windows Kits
2013-11-27 16:40:44 -------- d-----w- c:\users\rob\appdata\roaming\Windows Live Writer
2013-11-27 16:40:44 -------- d-----w- c:\users\rob\appdata\local\Windows Live Writer
2013-11-27 16:37:48 -------- d-----w- c:\users\rob\appdata\local\{A85BAD7E-DECE-422A-944F-5EBBADA685A5}
.
==================== Find3M  ====================
.
2013-11-19 10:21:30 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-14 22:50:50 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 22:42:41 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 22:38:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 22:38:16 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 22:35:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-14 11:57:18 15218504 ----a-w- c:\windows\system32\nvd3dum.dll
2013-11-14 11:57:15 2697248 ----a-w- c:\windows\system32\nvapi.dll
2013-11-11 14:26:52 4321056 ----a-w- c:\windows\system32\nvcpl.dll
2013-11-11 14:26:52 3036960 ----a-w- c:\windows\system32\nvsvc.dll
2013-11-11 14:26:50 664352 ----a-w- c:\windows\system32\nvvsvc.exe
2013-11-11 14:26:50 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-11-11 14:26:50 2555168 ----a-w- c:\windows\system32\nvsvcr.dll
2013-11-11 14:26:50 209184 ----a-w- c:\windows\system32\nvmctray.dll
2013-10-30 02:13:01 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-11 02:08:02 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-11 02:07:57 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-08 07:50:41 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-03 12:45:50 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 12:45:45 993792 ----a-w- c:\windows\system32\crypt32.dll
2013-09-27 09:53:06 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-27 09:53:06 104768 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
============= FINISH: 20:22:11.53 ===============


#5 robpetcro

robpetcro
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 21 December 2013 - 07:26 AM

In anticipation of possible suggestions I have run 'farbar' in safe mode, both sets of results attached, thanks Rob

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-12-2013 02
Ran by Rob (administrator) on ROB-PC on 21-12-2013 12:09:59
Running from C:\Users\Rob\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)
 
==================== Processes (Whitelisted) ===================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1313640 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [HOSTS Anti-Adware_PUPs] - C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2013-09-08] ()
HKLM\...\Run: [D-Link D-Link Wireless N DWA-140] - C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe [1024000 2010-06-30] (D-Link Corp.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11930696 2013-03-29] (Realtek Semiconductor)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [Emcy] - C:\Users\Rob\AppData\Roaming\Izem\emcy.exe [532992 2012-04-10] ()
HKCU\...\Policies\Explorer: [TaskbarNoNotification] 1
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\IUSR_NMPR\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\IUSR_NMPR\...\Run: [Spotify Web Helper] - C:\Users\Rob\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [ 2013-11-24] (Spotify Ltd)
HKU\IUSR_NMPR\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-19] (Microsoft Corporation)
HKU\IUSR_NMPR\...\Run: [9B96A7B020B4A1AFDBE679503202A70F7D9CD849._service_run] - "C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Homestream.lnk
ShortcutTarget: Homestream.lnk -> C:\Program Files\Homestream\bin\HomestreamConsole.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thetechguys.com/welcome
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.co.uk/
CHR RestoreOnStartup: "hxxp://www.google.co.uk/"
CHR DefaultSearchKeyword: google.co.uk
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Extension: (Angry Birds) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0
CHR Extension: (Google Docs) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0
CHR Extension: (Keep My Opt-Outs) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0
CHR Extension: (Google Wallet) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [pfafkpaifpmpadngdmgiikeipjiedbpc] - C:\Users\Rob\AppData\Local\Temp\ccex.crx
 
========================== Services (Whitelisted) =================
 
S2 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [223448 2007-06-27] (Intel® Corporation)
S2 D-Link Wireless N DWA-140_WPS; C:\Program Files\D-Link\DWA-140 revB\ANIWConnService.exe [53248 2010-06-03] ()
S3 DHTRACE; C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [39640 2007-06-27] (Intel® Corporation)
S2 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2007-02-12] ()
S2 Homestream; C:\Program Files\Homestream\bin\HomestreamService.exe [278528 2012-05-25] ()
S2 HOSTS Anti-PUPs; C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2013-09-08] ()
S2 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [59096 2007-06-27] (Intel® Corporation)
S2 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [268504 2007-06-27] ()
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [157912 2007-06-27] (Intel® Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S2 NMSCore; C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [317656 2007-06-27] (Intel® Corporation)
S2 QualityManager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [272600 2007-06-27] (Intel® Corporation)
S2 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [446680 2007-06-27] (Intel® Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5a\RpcAgentSrv.exe [71832 2008-08-29] (SiSoftware)
S2 SplashtopRemoteService; C:\Program Files\Splashtop\Splashtop Remote\SERVER\SRService.exe [790368 2013-09-02] (Splashtop Inc.)
S2 SSUService; C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe [609056 2013-08-07] (Splashtop Inc.)
S2 StkASSrv; C:\Windows\System32\StkASv2K.exe [24576 2006-05-24] (Syntek America Inc.)
S2 tvMobiliService; C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe [1145344 2013-01-30] ()
 
==================== Drivers (Whitelisted) ====================
 
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-19] (Microsoft Corporation)
S1 anodlwf; C:\Windows\System32\DRIVERS\anodlwf.sys [12800 2009-03-06] ()
S3 ASPI; C:\Windows\System32\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec)
S3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx86.sys [43344 2013-09-16] ()
R0 DSFKSVCS; C:\Windows\System32\DRIVERS\dsfksvcs.sys [479992 2010-02-08] (Microsoft Corporation)
S0 dsfroot; C:\Windows\System32\DRIVERS\dsfroot.sys [31608 2010-02-08] (Microsoft Corporation)
S3 HRMCFGSPC; C:\Windows\System32\DRIVERS\HRMCFGSPC.SYS [92664 2010-02-08] (Microsoft Corporation)
S3 HRMINTS; C:\Windows\System32\DRIVERS\HRMINTS.SYS [89976 2010-02-08] (Microsoft Corporation)
S3 HRMPORTS; C:\Windows\System32\DRIVERS\HRMPORTS.SYS [103160 2010-02-08] (Microsoft Corporation)
R3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5632 2007-09-28] (Intel Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 netr28u; C:\Windows\System32\DRIVERS\Dnetr28u.sys [849248 2010-04-29] (Ralink Technology Corp.)
S2 nmsunidr; C:\Windows\System32\DRIVERS\nmsunidr.sys [5376 2007-02-18] (Gteko Ltd.)
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-08-10] (Microsoft Corporation)
S3 rt2870; C:\Windows\System32\DRIVERS\rt2870.sys [1690784 2013-02-06] (Ralink Technology, Corp.)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5a\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
S2 SBKUPNT; C:\Windows\system32\Drivers\SBKUPNT.SYS [14976 2001-07-13] ()
S3 StkAMini; C:\Windows\System32\Drivers\StkAMini.sys [241628 2006-09-27] (Syntek America Inc.)
S3 StkScan; C:\Windows\System32\Drivers\StkScan.sys [4772 2006-08-02] (Syntek America Inc.)
S3 TSHWMDTCP; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [14552 2007-06-27] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S3 PCIUtil; \??\C:\Users\Rob\AppData\Local\Temp\PCIUtil.sys [x]
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-21 12:09 - 2013-12-21 12:10 - 00011084 _____ C:\Users\Rob\Desktop\FRST.txt
2013-12-21 12:09 - 2013-12-21 12:09 - 00000000 ____D C:\FRST
2013-12-21 12:09 - 2013-12-21 11:53 - 01325858 _____ (Farbar) C:\Users\Rob\Desktop\FRST.exe
2013-12-20 20:23 - 2013-12-20 20:23 - 00008323 _____ C:\Users\Rob\Desktop\attach.txt
2013-12-20 20:23 - 2013-12-20 20:22 - 00013340 _____ C:\Users\Rob\Desktop\dds.txt
2013-12-14 13:20 - 2013-12-14 13:20 - 00000000 ___SD C:\etavaresCF
2013-12-14 13:20 - 2011-06-26 06:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-14 13:20 - 2010-11-07 17:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-14 13:20 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-14 13:20 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-14 13:20 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-14 13:20 - 2000-08-31 00:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-14 13:20 - 2000-08-31 00:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-14 13:20 - 2000-08-31 00:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-14 10:57 - 2013-12-14 13:20 - 00000000 ____D C:\Qoobox
2013-12-13 20:58 - 2013-12-17 14:48 - 00000795 _____ C:\Windows\setupact.log
2013-12-13 20:58 - 2013-12-13 20:58 - 00000000 _____ C:\Windows\setuperr.log
2013-12-13 17:29 - 2013-12-13 17:29 - 05154339 ____R (Swearware) C:\Users\Rob\Desktop\etavaresCF.exe
2013-12-13 17:21 - 2013-12-14 13:31 - 00000000 ___SD C:\32788R22FWJFW
2013-12-13 17:21 - 2013-12-13 17:21 - 00000000 ____D C:\Windows\erdnt
2013-12-13 15:45 - 2013-12-13 15:46 - 00358576 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-13 15:36 - 2013-12-13 15:36 - 00112744 _____ C:\Users\Rob\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-13 15:35 - 2013-12-21 12:08 - 00176737 _____ C:\Windows\WindowsUpdate.log
2013-12-12 21:46 - 2013-11-14 22:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 21:46 - 2013-11-14 22:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 21:46 - 2013-11-14 22:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-12 21:46 - 2013-11-14 22:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 21:46 - 2013-11-14 22:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-12 21:46 - 2013-11-14 22:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-12 21:46 - 2013-11-14 22:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 21:46 - 2013-11-14 22:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-12 21:46 - 2013-11-14 22:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 21:46 - 2013-11-14 22:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-12 21:46 - 2013-11-14 22:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 21:46 - 2013-11-14 22:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 21:45 - 2013-11-14 23:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 21:45 - 2013-11-14 22:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 21:45 - 2013-11-14 22:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 21:45 - 2013-11-14 22:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 17:08 - 2013-10-30 02:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2013-12-12 17:08 - 2013-10-30 01:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 17:08 - 2013-10-30 00:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-12 17:08 - 2013-10-30 00:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 17:08 - 2013-10-22 07:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 17:08 - 2013-10-11 02:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 17:08 - 2013-10-11 02:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 17:08 - 2013-10-11 02:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2013-12-12 17:08 - 2013-10-11 00:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 17:08 - 2013-10-11 00:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-09 14:40 - 2013-12-09 14:40 - 01191834 _____ C:\Users\Rob\Downloads\ProcessExplorer.zip
2013-12-09 13:41 - 2013-12-09 13:42 - 02799296 _____ (Sysinternals - www.sysinternals.com) C:\Users\Rob\Downloads\procexp.exe
2013-12-04 16:03 - 2013-12-04 16:03 - 00000000 ____D C:\Users\Rob\AppData\Local\NVIDIA
2013-12-04 15:30 - 2013-12-04 15:30 - 00000000 ____D C:\Program Files\AGEIA Technologies
2013-12-04 15:29 - 2013-12-04 15:29 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-12-04 15:29 - 2013-05-03 19:02 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Google
2013-12-04 15:29 - 2013-05-03 19:00 - 00000000 ____D C:\Users\UpdatusUser\AppData\LocalGoogle
2013-12-04 15:29 - 2012-04-04 20:09 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-04 15:29 - 2012-04-04 20:09 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-04 15:29 - 2007-09-28 20:04 - 00000943 _____ C:\Users\UpdatusUser\Desktop\CyberlinkPower2Go.lnk
2013-12-04 15:29 - 2007-09-28 20:04 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cyberlink Power2Go
2013-12-04 15:29 - 2007-04-24 09:26 - 00001578 ____R C:\Users\UpdatusUser\Desktop\The TechGuys DVD.lnk
2013-12-04 15:29 - 2006-11-10 08:59 - 00001737 _____ C:\Users\UpdatusUser\Desktop\Welcome Center.lnk
2013-12-04 15:25 - 2013-11-14 11:57 - 22951200 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2013-12-04 15:25 - 2013-11-14 11:57 - 15862272 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2013-12-04 15:25 - 2013-11-14 11:57 - 10446112 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-12-04 15:25 - 2013-11-14 11:57 - 09663656 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-12-04 15:25 - 2013-11-14 11:57 - 09619872 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-12-04 15:25 - 2013-11-14 11:57 - 02947872 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-12-04 15:25 - 2013-11-14 11:57 - 02747680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-12-04 15:25 - 2013-11-14 11:57 - 01049888 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3233182.dll
2013-12-04 15:25 - 2013-11-14 11:57 - 00893728 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3233182.dll
2013-12-04 15:24 - 2013-11-14 11:57 - 17560352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-12-04 15:16 - 2013-12-04 15:19 - 199358496 _____ (NVIDIA Corporation) C:\Users\Rob\Downloads\331.82-desktop-win8-win7-winvista-32bit-international-whql.exe
2013-12-03 15:56 - 2013-12-03 15:57 - 11370931 _____ (Shareaza Development Team                                   ) C:\Users\Rob\Downloads\Shareaza_2.7.1.0_Win32.exe
2013-12-02 11:51 - 2013-12-02 11:51 - 00000000 ____D C:\Program Files\Windows Kits
2013-12-02 11:51 - 2013-12-02 11:51 - 00000000 ____D C:\Program Files\Application Verifier
2013-11-29 10:44 - 2013-12-05 10:31 - 00001976 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-27 16:40 - 2013-11-27 16:40 - 00000000 ____D C:\Users\Rob\AppData\Roaming\Windows Live Writer
2013-11-27 16:40 - 2013-11-27 16:40 - 00000000 ____D C:\Users\Rob\AppData\Local\Windows Live Writer
2013-11-27 16:37 - 2013-11-27 16:38 - 00000000 ____D C:\Users\Rob\AppData\Local\{A85BAD7E-DECE-422A-944F-5EBBADA685A5}
2013-11-26 11:58 - 2013-11-26 11:58 - 00015106 _____ C:\Users\Rob\Documents\cc_20131126_115841.reg
2013-11-26 11:05 - 2013-11-26 11:05 - 04618136 _____ (Piriform Ltd) C:\Users\Rob\Downloads\ccsetup408.exe
2013-11-24 14:05 - 2013-11-24 14:05 - 18761576 _____ C:\Users\Rob\Downloads\C01A.tmp
2013-11-22 15:17 - 2013-11-22 15:17 - 00659968 _____ C:\Users\Rob\Downloads\MicrosoftFixit50195.msi
 
==================== One Month Modified Files and Folders =======
 
2013-12-21 12:10 - 2013-12-21 12:09 - 00011084 _____ C:\Users\Rob\Desktop\FRST.txt
2013-12-21 12:09 - 2013-12-21 12:09 - 00000000 ____D C:\FRST
2013-12-21 12:08 - 2013-12-13 15:35 - 00176737 _____ C:\Windows\WindowsUpdate.log
2013-12-21 11:53 - 2013-12-21 12:09 - 01325858 _____ (Farbar) C:\Users\Rob\Desktop\FRST.exe
2013-12-20 20:23 - 2013-12-20 20:23 - 00008323 _____ C:\Users\Rob\Desktop\attach.txt
2013-12-20 20:22 - 2013-12-20 20:23 - 00013340 _____ C:\Users\Rob\Desktop\dds.txt
2013-12-20 20:17 - 2013-06-20 10:07 - 00000000 ____D C:\ProgramData\TVMOBiLi
2013-12-20 20:17 - 2006-11-02 13:01 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-20 20:17 - 2006-11-02 13:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-20 20:17 - 2006-11-02 12:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-20 20:17 - 2006-11-02 12:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-20 20:16 - 2006-11-02 10:33 - 00795652 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-20 20:07 - 2012-06-28 16:36 - 00000876 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-20 20:07 - 2012-04-09 10:57 - 00000406 _____ C:\Windows\Tasks\PC Optimizer Pro startups.job
2013-12-17 16:27 - 2012-06-28 16:36 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-17 14:48 - 2013-12-13 20:58 - 00000795 _____ C:\Windows\setupact.log
2013-12-14 13:31 - 2013-12-13 17:21 - 00000000 ___SD C:\32788R22FWJFW
2013-12-14 13:20 - 2013-12-14 13:20 - 00000000 ___SD C:\etavaresCF
2013-12-14 13:20 - 2013-12-14 10:57 - 00000000 ____D C:\Qoobox
2013-12-13 20:58 - 2013-12-13 20:58 - 00000000 _____ C:\Windows\setuperr.log
2013-12-13 17:29 - 2013-12-13 17:29 - 05154339 ____R (Swearware) C:\Users\Rob\Desktop\etavaresCF.exe
2013-12-13 17:21 - 2013-12-13 17:21 - 00000000 ____D C:\Windows\erdnt
2013-12-13 15:46 - 2013-12-13 15:45 - 00358576 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-13 15:36 - 2013-12-13 15:36 - 00112744 _____ C:\Users\Rob\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-13 15:11 - 2007-09-29 08:42 - 00000000 ____D C:\Windows\Minidump
2013-12-13 10:33 - 2013-05-22 13:37 - 00000375 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-12-13 10:33 - 2012-04-04 11:56 - 00000000 ____D C:\Users\Rob
2013-12-13 09:47 - 2013-09-27 10:50 - 00000000 ____D C:\Windows\system32\RTCOM
2013-12-12 21:49 - 2013-08-14 08:45 - 00000000 ____D C:\Windows\system32\MRT
2013-12-12 21:46 - 2006-11-02 10:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-12-09 14:40 - 2013-12-09 14:40 - 01191834 _____ C:\Users\Rob\Downloads\ProcessExplorer.zip
2013-12-09 13:42 - 2013-12-09 13:41 - 02799296 _____ (Sysinternals - www.sysinternals.com) C:\Users\Rob\Downloads\procexp.exe
2013-12-09 12:48 - 2012-05-27 11:44 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-09 12:45 - 2011-10-12 10:35 - 00000000 __SHD C:\AI_RecycleBin
2013-12-09 12:45 - 2011-05-12 08:27 - 00000000 __SHD C:\Windows\system32\AI_RecycleBin
2013-12-05 10:31 - 2013-11-29 10:44 - 00001976 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-04 16:03 - 2013-12-04 16:03 - 00000000 ____D C:\Users\Rob\AppData\Local\NVIDIA
2013-12-04 15:31 - 2012-04-04 17:13 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-12-04 15:31 - 2012-04-04 17:13 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-12-04 15:31 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-04 15:30 - 2013-12-04 15:30 - 00000000 ____D C:\Program Files\AGEIA Technologies
2013-12-04 15:29 - 2013-12-04 15:29 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-12-04 15:29 - 2007-01-31 23:59 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-04 15:19 - 2013-12-04 15:16 - 199358496 _____ (NVIDIA Corporation) C:\Users\Rob\Downloads\331.82-desktop-win8-win7-winvista-32bit-international-whql.exe
2013-12-03 16:00 - 2012-07-02 17:48 - 00000000 ____D C:\Program Files\Shareaza
2013-12-03 15:59 - 2012-08-29 10:06 - 00000000 ____D C:\Users\Rob\Downloads\tvmobili
2013-12-03 15:57 - 2013-12-03 15:56 - 11370931 _____ (Shareaza Development Team                                   ) C:\Users\Rob\Downloads\Shareaza_2.7.1.0_Win32.exe
2013-12-03 12:16 - 2012-05-11 10:09 - 00000000 ____D C:\Users\Rob\AppData\Roaming\Spotify
2013-12-03 10:23 - 2012-05-11 10:09 - 00000000 ____D C:\Users\Rob\AppData\Local\Spotify
2013-12-03 09:53 - 2012-04-05 13:32 - 00051712 _____ C:\Users\Rob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-02 15:04 - 2012-05-02 10:59 - 00000000 ____D C:\Windows\pss
2013-12-02 11:51 - 2013-12-02 11:51 - 00000000 ____D C:\Program Files\Windows Kits
2013-12-02 11:51 - 2013-12-02 11:51 - 00000000 ____D C:\Program Files\Application Verifier
2013-12-02 11:51 - 2013-09-08 18:09 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-02 10:26 - 2012-04-16 13:05 - 00000000 ____D C:\Users\Rob\AppData\Local\Microsoft Help
2013-12-02 10:25 - 2012-04-16 13:05 - 00000000 ____D C:\Users\Rob\Documents\Visual Studio 2008
2013-11-29 20:52 - 2012-04-04 11:56 - 00000949 _____ C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2013-11-29 20:51 - 2013-09-29 14:11 - 00000000 ____D C:\Users\Rob\AppData\Roaming\vlc
2013-11-29 20:50 - 2013-09-29 14:11 - 00000864 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-29 17:24 - 2012-07-06 21:11 - 00000000 ____D C:\Users\Rob\Documents\Prescriptions
2013-11-29 16:21 - 2013-05-12 17:41 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2013-11-29 16:21 - 2012-04-17 10:40 - 00000000 ____D C:\Program Files\DivX
2013-11-29 16:21 - 2012-04-17 10:39 - 00000000 ____D C:\ProgramData\DivX
2013-11-29 10:44 - 2012-04-04 13:59 - 00000000 ____D C:\Users\Rob\AppData\Local\Google
2013-11-29 10:44 - 2008-03-21 11:38 - 00000000 ____D C:\Program Files\Google
2013-11-27 16:40 - 2013-11-27 16:40 - 00000000 ____D C:\Users\Rob\AppData\Roaming\Windows Live Writer
2013-11-27 16:40 - 2013-11-27 16:40 - 00000000 ____D C:\Users\Rob\AppData\Local\Windows Live Writer
2013-11-27 16:40 - 2012-10-04 09:10 - 00000000 ____D C:\Users\Rob\AppData\Local\Windows Live
2013-11-27 16:38 - 2013-11-27 16:37 - 00000000 ____D C:\Users\Rob\AppData\Local\{A85BAD7E-DECE-422A-944F-5EBBADA685A5}
2013-11-27 09:41 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\system32\LogFiles
2013-11-26 11:58 - 2013-11-26 11:58 - 00015106 _____ C:\Users\Rob\Documents\cc_20131126_115841.reg
2013-11-26 11:46 - 2012-04-08 12:33 - 00000000 ____D C:\Users\Rob\AppData\Roaming\BitTorrent
2013-11-26 11:06 - 2012-05-14 19:09 - 00000809 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-11-26 11:06 - 2012-05-14 19:09 - 00000000 ____D C:\Program Files\CCleaner
2013-11-26 11:05 - 2013-11-26 11:05 - 04618136 _____ (Piriform Ltd) C:\Users\Rob\Downloads\ccsetup408.exe
2013-11-24 14:07 - 2013-07-07 21:37 - 00001850 _____ C:\Users\Rob\Desktop\Homestream.lnk
2013-11-24 14:05 - 2013-11-24 14:05 - 18761576 _____ C:\Users\Rob\Downloads\C01A.tmp
2013-11-24 12:51 - 2012-08-29 15:36 - 00000000 ____D C:\Program Files\SlimCleaner
2013-11-22 15:17 - 2013-11-22 15:17 - 00659968 _____ C:\Users\Rob\Downloads\MicrosoftFixit50195.msi
 
Files to move or delete:
====================
C:\Users\Rob\AppData\Roaming\desktop.ini
C:\ProgramData\msagsu.exe
 
 
Some content of TEMP:
====================
C:\Users\Rob\AppData\Local\Temp\i4jdel0.exe
C:\Users\Rob\AppData\Local\Temp\msi62921.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-20 20:35
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-12-2013 02
Ran by Rob at 2013-12-21 12:10:41
Running from C:\Users\Rob\Desktop
Boot Mode: Safe Mode (minimal)
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
7-Zip 9.22beta
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Any Video Converter 3.5.8
Application Verifier x86 External Package (Version: 8.100.25984)
Audacity 2.0.3 (Version: 2.0.3)
audiosamples (Version: 1.1.6001.0)
avstreamsamples (Version: 1.1.6001.0)
avstreamtools_ia64fre (Version: 1.1.6001.0)
avstreamtools_x64fre (Version: 1.1.6001.0)
avstreamtools_x86fre (Version: 1.1.6001.0)
biometricsamples (Version: 1.1.6001.0)
biometrictools_x64fre (Version: 1.1.6001.0)
biometrictools_x86fre (Version: 1.1.6001.0)
BitTorrent (HKCU Version: 7.8.2.30182)
bluetoothsamples (Version: 1.1.6001.0)
bluetoothtools_ia64fre (Version: 1.1.6001.0)
bluetoothtools_x64fre (Version: 1.1.6001.0)
bluetoothtools_x86fre (Version: 1.1.6001.0)
Bonjour (Version: 2.0.2.0)
Bonjour Print Services (Version: 2.0.2.0)
buildsamples (Version: 1.1.6001.0)
buildtools_ia64fre (Version: 1.1.6001.0)
buildtools_x64fre (Version: 1.1.6001.0)
buildtools_x86fre (Version: 1.1.6001.0)
bussamples (Version: 1.1.6001.0)
Camera Window MC (Version: 6.0)
cancelsample (Version: 1.1.6001.0)
Canon Camera Window MC 6 for ZoomBrowser EX (Version: 6.0)
Canon MP Navigator EX 3.0
Canon MP270 series MP Drivers
Canon MP560 series MP Drivers
Canon My Printer (Version: 3.0.0)
Canon Utilities Solution Menu
CCleaner (Version: 4.08)
chkinftool_x86fre (Version: 1.1.6001.0)
D3DX10 (Version: 15.4.2368.0902)
debugfiles_win7 (Version: 1.1.6001.0)
Debugging Tools for Windows (x86) (Version: 6.12.2.633)
Debut Video Capture Software (Version: 1.82)
Device Simulation Framework 1.0.1 (Version: 1.0.1)
dfx_ia64fre (Version: 1.1.6001.0)
dfx_x64fre (Version: 1.1.6001.0)
dfx_x86fre (Version: 1.1.6001.0)
displaysamples (Version: 1.1.6001.0)
D-Link DWA-140
drvtools_ia64fre (Version: 1.1.6001.0)
drvtools_x64fre (Version: 1.1.6001.0)
drvtools_x86fre (Version: 1.1.6001.0)
DSF-KitSetup (Version: 1.1.6001.0)
dsfsamples (Version: 1.1.6001.0)
eventsample (Version: 1.1.6001.0)
evntdrvsample (Version: 1.1.6001.0)
File Type Assistant <==== ATTENTION
FileHippo.com Update Checker
fireflysample (Version: 1.1.6001.0)
Free File Viewer 2012
Free Word/Doc Txt to Image Jpg/Jpeg Bmp Tiff Png Converter 5.1
Garmin BaseCamp (Version: 4.2.3)
Garmin City Navigator Europe (Unicode) NT 2013.21 Update (Version: 16.21.0.0)
Garmin City Navigator Europe NT 2014.10 Update (Version: 17.10.0.0)
Garmin Communicator Plugin (Version: 4.0.4)
Garmin MapInstall (Version: 4.0.3)
Garmin POI Loader (Version: 2.7.1)
Garmin USB Drivers (Version: 2.3.1.0)
generalsamples (Version: 1.1.6001.0)
generaltools_ia64fre (Version: 1.1.6001.0)
generaltools_x64fre (Version: 1.1.6001.0)
generaltools_x86fre (Version: 1.1.6001.0)
GIMP 2.8.6 (Version: 2.8.6)
Google Chrome (Version: 31.0.1650.63)
Google Drive (Version: 1.12.5329.1887)
Google Earth (Version: 7.1.2.2041)
Google Update Helper (Version: 1.3.22.3)
headers (Version: 1.1.6001.0)
hid_inputsamples (Version: 1.1.6001.0)
hidsampleinput (Version: 1.1.6001.0)
hidsamples (Version: 1.1.6001.0)
Homestream
ifssamples (Version: 1.1.6001.0)
imagingtools_ia64fre (Version: 1.1.6001.0)
imagingtools_x64fre (Version: 1.1.6001.0)
imagingtools_x86fre (Version: 1.1.6001.0)
ImgBurn (Version: 2.5.7.0)
infsample_ia64fre (Version: 1.1.6001.0)
infsample_x64fre (Version: 1.1.6001.0)
infsample_x86fre (Version: 1.1.6001.0)
installhelp (Version: 1.1.6001.0)
Intel® PRO Network Connections Drivers
Intel® Viiv™ Software (Version: 1.7.512.0)
Intel® Matrix Storage Manager
Internet Explorer (Enable DEP)
ioctlsample (Version: 1.1.6001.0)
irsamples (Version: 1.1.6001.0)
iTunes (Version: 10.7.0.21)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Junk Mail filter update (Version: 15.4.3502.0922)
Kits Configuration Installer (Version: 8.100.25984)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MediaInfo 0.7.64 (Version: 0.7.64)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008 (Version: 9.0.21022)
Microsoft Excel 97
Microsoft Fix it Center (Version: 1.0.0100)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework 2.0 Core Components (x86) ENU  (Version: 2.0.1578.0)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU  (Version: 2.0.1578.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (Version: 12.0.20617.1)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.20617 (Version: 12.0.20617)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.20617 (Version: 12.0.20617)
Microsoft Web Publishing Wizard 1.5
Microsoft Windows Driver Kit 7.1.0.7600 (Version: 7.1.0.7600)
Microsoft Windows Driver Kit Documentation 7600.091201 (Version: 6.0.7600.0)
Microsoft Word 97
Microsoft Word 97 Web Authoring (Remove AutoUpdate release)
modemtools (Version: 1.1.6001.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
networklibraries_ia64fre (Version: 1.1.6001.0)
networklibraries_x64fre (Version: 1.1.6001.0)
networklibraries_x86fre (Version: 1.1.6001.0)
networksamples (Version: 1.1.6001.0)
NVIDIA 3D Vision Controller Driver 331.82 (Version: 331.82)
NVIDIA Control Panel 331.82 (Version: 331.82)
NVIDIA GeForce Experience 1.7.1 (Version: 1.7.1)
NVIDIA Graphics Driver 331.82 (Version: 331.82)
NVIDIA Install Application (Version: 2.1002.140.952)
NVIDIA LED Visualizer 1.0 (Version: 1.0)
NVIDIA PhysX (Version: 9.13.0725)
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725)
NVIDIA Update 9.3.21 (Version: 9.3.21)
NVIDIA Update Components (Version: 9.3.21)
oacr_x86fre (Version: 1.1.6001.0)
offreg_ia64fre (Version: 1.1.6001.0)
offreg_x64fre (Version: 1.1.6001.0)
offreg_x86fre (Version: 1.1.6001.0)
pcidrvsample (Version: 1.1.6001.0)
pfd_ia64fre (Version: 1.1.6001.0)
pfd_x64fre (Version: 1.1.6001.0)
pfd_x86fre (Version: 1.1.6001.0)
pnpportssample (Version: 1.1.6001.0)
pnptools_ia64fre (Version: 1.1.6001.0)
pnptools_x64fre (Version: 1.1.6001.0)
pnptools_x86fre (Version: 1.1.6001.0)
portiosample (Version: 1.1.6001.0)
Power2Go 5.0
powermanagement_ia64fre (Version: 1.1.6001.0)
powermanagement_x64fre (Version: 1.1.6001.0)
powermanagement_x86fre (Version: 1.1.6001.0)
printsamples (Version: 1.1.6001.0)
printtools_ia64fre (Version: 1.1.6001.0)
printtools_x64fre (Version: 1.1.6001.0)
printtools_x86fre (Version: 1.1.6001.0)
QuickTime (Version: 7.74.80.86)
readme (Version: 1.1.6001.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6873)
SDK Debuggers (Version: 8.100.25984)
sdv (Version: 1.1.6001.0)
Segoe UI (Version: 15.4.2271.0615)
sensorsamples (Version: 1.1.6001.0)
setupsamples (Version: 1.1.6001.0)
setuptools_ia64fre (Version: 1.1.6001.0)
setuptools_x64fre (Version: 1.1.6001.0)
setuptools_x86fre (Version: 1.1.6001.0)
Shareaza 2.6.0.0 (Version: 2.6.0.0)
sideshowsamples (Version: 1.1.6001.0)
SiSoftware Sandra Lite 2013.SP5 (Version: 19.58.2013.9)
SlimCleaner (Version: 4.0.30422)
smartcardsamples (Version: 1.1.6001.0)
Splashtop Software Updater (Version: 1.5.6.14)
Splashtop Streamer (Version: 2.4.5.2)
Spotify (HKCU Version: 0.9.6.72.ge389c074)
storagesamples (Version: 1.1.6001.0)
streammediasamples (Version: 1.1.6001.0)
swMSM (Version: 12.0.0.1)
swtuner (Version: 1.1.6001.0)
SyncToy 2.1 (x86) (Version: 2.1.0)
System Requirements Lab for Intel (Version: 4.5.13.0)
toastermetadatapackagesample (Version: 1.1.6001.0)
toastersample (Version: 1.1.6001.0)
toolindex (Version: 1.1.6001.0)
tracingtool_ia64fre (Version: 1.1.6001.0)
tracingtool_x64fre (Version: 1.1.6001.0)
tracingtool_x86fre (Version: 1.1.6001.0)
TVMOBiLi
umdfsamples (Version: 1.1.6001.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2750147) (Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (Version: 1)
usbsamples (Version: 1.1.6001.0)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
vistalibs_ia64fre (Version: 1.1.6001.0)
vistalibs_x64fre (Version: 1.1.6001.0)
vistalibs_x86fre (Version: 1.1.6001.0)
VLC media player 2.1.1 (Version: 2.1.1)
wcoinstallers (Version: 1.1.6001.0)
wdftools_ia64fre (Version: 1.1.6001.0)
wdftools_x64fre (Version: 1.1.6001.0)
wdftools_x86fre (Version: 1.1.6001.0)
wdtfbinaries_ia64fre (Version: 1.1.6001.0)
wdtfbinaries_x64fre (Version: 1.1.6001.0)
wdtfbinaries_x86fre (Version: 1.1.6001.0)
WinDirStat 1.1.2
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Software Development Kit EULA (Version: 8.100.25984)
Windows Software Development Kit for Windows 8.1 (Version: 8.100.25984)
WinRAR 5.01 beta 1 (32-bit) (Version: 5.01.1)
wmisamples (Version: 1.1.6001.0)
wnetlibs_ia64fre (Version: 1.1.6001.0)
wnetlibs_x64fre (Version: 1.1.6001.0)
wnetlibs_x86fre (Version: 1.1.6001.0)
wpdsamples (Version: 1.1.6001.0)
wpdtools_ia64fre (Version: 1.1.6001.0)
wpdtools_x64fre (Version: 1.1.6001.0)
wpdtools_x86fre (Version: 1.1.6001.0)
wsdtool_ia64fre (Version: 1.1.6001.0)
wsdtool_x64fre (Version: 1.1.6001.0)
wsdtool_x86fre (Version: 1.1.6001.0)
wxplibs_x86fre (Version: 1.1.6001.0)
 
==================== Restore Points  =========================
 
04-12-2013 11:03:16 Scheduled Checkpoint
04-12-2013 15:26:02 Device Driver Package Install: NVIDIA Display adapters
04-12-2013 15:30:09 Device Driver Package Install: NVIDIA Universal Serial Bus controllers
04-12-2013 16:03:48 Windows Update
05-12-2013 11:12:53 Scheduled Checkpoint
06-12-2013 00:00:05 Scheduled Checkpoint
07-12-2013 00:00:08 Scheduled Checkpoint
08-12-2013 11:38:13 Scheduled Checkpoint
09-12-2013 09:06:15 Windows Update
09-12-2013 12:44:23 Removed InstallIQ Updater
09-12-2013 12:45:34 Removed Garmin WebUpdater
09-12-2013 12:46:14 Removed Apple Application Support
09-12-2013 12:47:33 Removed Apple Software Update
09-12-2013 12:48:06 Removed Apple Mobile Device Support
10-12-2013 11:50:11 Scheduled Checkpoint
11-12-2013 10:50:22 Scheduled Checkpoint
12-12-2013 17:25:58 Windows Update
12-12-2013 21:45:35 Windows Update
13-12-2013 13:07:52 Scheduled Checkpoint
14-12-2013 13:59:21 Scheduled Checkpoint
15-12-2013 10:36:05 Scheduled Checkpoint
16-12-2013 10:16:30 Scheduled Checkpoint
17-12-2013 15:16:58 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
2006-11-02 10:23 - 2013-11-16 19:10 - 05947261 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 2010-fr.com # hosts anti-adware / pups
127.0.0.1 2012-new.biz # hosts anti-adware / pups
127.0.0.1 212link.com # hosts anti-adware / pups
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
127.0.0.1 24h00business.com # hosts anti-adware / pups
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
127.0.0.1 ad.adn360.com # hosts anti-adware / pups
127.0.0.1 adeartss.eu # hosts anti-adware / pups
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
127.0.0.1 adm.soft365.com # hosts anti-adware / pups
127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
127.0.0.1 ads.aff.co # hosts anti-adware / pups
127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
127.0.0.1 ads.icksor.com # hosts anti-adware / pups
127.0.0.1 ads.pornerbros.com # hosts anti-adware / pups
127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups
127.0.0.1 ads.sucomspot.com # hosts anti-adware / pups
127.0.0.1 ads.tersecta.com # hosts anti-adware / pups
127.0.0.1 a.dungtank.com # hosts anti-adware / pups
127.0.0.1 adwcleaner.programmesetjeux.com # hosts anti-adware / pups
127.0.0.1 adwcleaner.telecharger.toggle.com # hosts anti-adware / pups
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0860AC6A-D7D4-482D-A500-F3F49F88B0F9} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\ConfigExec => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunCollectConfigurationInfo
Task: {089FBFF1-DDFD-4992-90B6-41FF33D9BD46} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {151D6B8C-EBE2-42B4-86DA-24686A35EC94} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {194318BA-2FAB-4225-AC52-2F43CC142A9A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-28] (Google Inc.)
Task: {1C8D4BDC-41E3-4AAD-AD4C-32E445898923} - System32\Tasks\PC Optimizer Pro startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {429A56CE-9373-4F3A-B903-DC6F63512B59} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {45AF2EE3-8933-490D-9924-180DF3072892} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Rob => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {5277DE20-7657-4637-9A38-E17AF69831CE} - System32\Tasks\ProgramUpdateCheck => C:\Program Files\File Type Assistant\tsassist.exe [2012-08-10] (Trusted Software ApS) <==== ATTENTION
Task: {83B05DAE-DE5E-4110-93C4-83F1C800AD99} - System32\Tasks\SlimCleaner Run => C:\Program Files\SlimCleaner\SlimCleaner.exe [2013-06-21] (SlimWare Utilities, Inc.)
Task: {B178C292-1778-43E7-AEF3-6573CEBD71B4} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2011-08-10] (Microsoft Corporation)
Task: {B530C22C-D87D-40B2-8A21-78FF6BBE3C9B} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\OSUpgrade => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunHandleOSUpgrade
Task: {C85DFCA0-E93B-41E3-A031-5F096E0E90ED} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\MatSvc\DataUpload => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RetryDataUpload
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2012-04-04] ()
Task: {F3E876C4-111C-47C1-9C94-3A2E62484D80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-28] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PC Optimizer Pro startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Users\Rob\Downloads:Shareaza.GUID
AlternateDataStreams: C:\Users\Rob\Downloads\tvmobili:Shareaza.GUID
AlternateDataStreams: C:\Users\Rob\Documents\Video tools:Shareaza.GUID
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Spooler => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListenPush => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft RemoteAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
 
==================== Faulty Device Manager Devices =============
 
Name: DsfRoot for DSF
Description: DsfRoot for DSF
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: dsfroot
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/21/2013 00:08:42 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (12/20/2013 08:19:49 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (12/20/2013 08:17:18 PM) (Source: Application Error) (User: )
Description: Faulting application wsqmcons.exe, version 6.0.6001.18000, time stamp 0x47918ca3, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x000bb17b,
process id 0x1534, application start time 0xwsqmcons.exe0.
 
Error: (12/20/2013 08:17:12 PM) (Source: Application Error) (User: )
Description: Faulting application sdclt.exe, version 6.0.6002.18353, time stamp 0x4d0783f0, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0005b17b,
process id 0x1308, application start time 0xsdclt.exe0.
 
Error: (12/20/2013 08:15:48 PM) (Source: Application Error) (User: )
Description: Faulting application ns606C.tmp, version 0.0.0.0, time stamp 0x4b1ae3a8, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0015b17b,
process id 0x1740, application start time 0xns606C.tmp0.
 
Error: (12/20/2013 08:15:44 PM) (Source: Application Error) (User: )
Description: Faulting application ns5238.tmp, version 0.0.0.0, time stamp 0x4b1ae3a8, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0015b17b,
process id 0x12fc, application start time 0xns5238.tmp0.
 
Error: (12/20/2013 08:15:38 PM) (Source: Application Error) (User: )
Description: Faulting application ns394B.tmp, version 0.0.0.0, time stamp 0x4b1ae3a8, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0015b17b,
process id 0x11b8, application start time 0xns394B.tmp0.
 
Error: (12/20/2013 08:14:42 PM) (Source: Application Error) (User: )
Description: Faulting application London.com, version 2012.11.20.1, time stamp 0x4b1ae3c6, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0015b17b,
process id 0xc9c, application start time 0xLondon.com0.
 
Error: (12/20/2013 08:14:35 PM) (Source: Application Error) (User: )
Description: Faulting application London.com, version 2012.11.20.1, time stamp 0x4b1ae3c6, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0015b17b,
process id 0x14d8, application start time 0xLondon.com0.
 
Error: (12/20/2013 08:14:29 PM) (Source: Application Error) (User: )
Description: Faulting application London.com, version 2012.11.20.1, time stamp 0x4b1ae3c6, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0015b17b,
process id 0x448, application start time 0xLondon.com0.
 
 
System errors:
=============
Error: (12/21/2013 00:10:13 PM) (Source: Service Control Manager) (User: )
Description: Windows Media Center Extender ServiceFunction Discovery Provider Host%%1068
 
Error: (12/21/2013 00:10:13 PM) (Source: Service Control Manager) (User: )
Description: PnP-X IP Bus EnumeratorFunction Discovery Provider Host%%1068
 
Error: (12/21/2013 00:10:12 PM) (Source: Service Control Manager) (User: )
Description: PnP-X IP Bus EnumeratorFunction Discovery Provider Host%%1068
 
Error: (12/21/2013 00:09:37 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068
 
Error: (12/21/2013 00:09:37 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068
 
Error: (12/21/2013 00:09:37 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068
 
Error: (12/21/2013 00:09:37 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068
 
Error: (12/21/2013 00:09:37 PM) (Source: Service Control Manager) (User: )
Description: WinHTTP Web Proxy Auto-Discovery ServiceDHCP Client%%1068
 
Error: (12/21/2013 00:09:37 PM) (Source: Service Control Manager) (User: )
Description: AFD
anodlwf
DfsC
dsfroot
MpFilter
NetBIOS
netbt
nsiproxy
PSched
RasAcd
rdbss
Smb
spldr
tdx
Wanarpv6
ws2ifsl
 
Error: (12/21/2013 00:09:37 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (12/21/2013 00:08:42 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (12/20/2013 08:19:49 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (12/20/2013 08:17:18 PM) (Source: Application Error)(User: )
Description: wsqmcons.exe6.0.6001.1800047918ca3unknown0.0.0.000000000c0000005000bb17b153401cefdc0775eb7be
 
Error: (12/20/2013 08:17:12 PM) (Source: Application Error)(User: )
Description: sdclt.exe6.0.6002.183534d0783f0unknown0.0.0.000000000c00000050005b17b130801cefdc077547e8e
 
Error: (12/20/2013 08:15:48 PM) (Source: Application Error)(User: )
Description: ns606C.tmp0.0.0.04b1ae3a8unknown0.0.0.000000000c00000050015b17b174001cefdc044fbda5e
 
Error: (12/20/2013 08:15:44 PM) (Source: Application Error)(User: )
Description: ns5238.tmp0.0.0.04b1ae3a8unknown0.0.0.000000000c00000050015b17b12fc01cefdc042cd137e
 
Error: (12/20/2013 08:15:38 PM) (Source: Application Error)(User: )
Description: ns394B.tmp0.0.0.04b1ae3a8unknown0.0.0.000000000c00000050015b17b11b801cefdc03efcaa8e
 
Error: (12/20/2013 08:14:42 PM) (Source: Application Error)(User: )
Description: London.com2012.11.20.14b1ae3c6unknown0.0.0.000000000c00000050015b17bc9c01cefdc0157d583e
 
Error: (12/20/2013 08:14:35 PM) (Source: Application Error)(User: )
Description: London.com2012.11.20.14b1ae3c6unknown0.0.0.000000000c00000050015b17b14d801cefdc01578281e
 
Error: (12/20/2013 08:14:29 PM) (Source: Application Error)(User: )
Description: London.com2012.11.20.14b1ae3c6unknown0.0.0.000000000c00000050015b17b44801cefdc01572f7fe
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-10-15 23:57:00.657
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:57:00.508
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:57:00.358
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:57:00.204
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:56:26.249
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:56:26.087
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:56:25.894
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:56:25.696
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:56:25.451
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:56:25.301
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 24%
Total physical RAM: 2045.46 MB
Available physical RAM: 1538.73 MB
Total Pagefile: 4331.95 MB
Available Pagefile: 3997.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1931.17 MB
 
==================== Drives ================================
 
Drive c: (Vista) (Fixed) (Total:291.25 GB) (Free:151.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:76.68 GB) (Free:28.62 GB) NTFS
Drive f: () (Fixed) (Total:298.09 GB) (Free:50.63 GB) NTFS
Drive k: () (Removable) (Total:7.39 GB) (Free:3.27 GB) FAT32
Drive s: (System) (Fixed) (Total:1.46 GB) (Free:1.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 2F159D44)
Partition 1: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 313CBE4F)
Partition 1: (Not Active) - (Size=5 GB) - (Type=27)
Partition 2: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=291 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 77 GB) (Disk ID: 3AC0E280)
Partition 1: (Active) - (Size=77 GB) - (Type=07 NTFS)
 
========================================================
Disk: 7 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)
 
==================== End Of Log ============================


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:25 AM

Posted 24 December 2013 - 09:18 AM





Hello robpetcro

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 robpetcro

robpetcro
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 28 December 2013 - 03:43 PM

Sorry for the delay Gringo, as I had waited for over 10 days I didn't think anyone was going to contact me so I ended up using a tool called 'unhackme', this was before your post. It seemed to work as I can now use the pc without constant restrictions, however I am not fully convinced as I cannot use my local network, the pc seems to see the network but nothing sees the pc, I have tried a system restore in both normal and safe mode but that will not work. I have attached the latest 'farbar' results (previous results above). Rob

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-12-2013 01
Ran by Rob (administrator) on ROB-PC on 28-12-2013 17:34:10
Running from C:\Users\Rob\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel® Corporation) C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
() C:\Program Files\Homestream\bin\HomestreamService.exe
() C:\Program Files\Homestream\bin\HomestreamService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(D-Link Corp.) C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Program Files\TVMOBiLi\bin\iTunesAlbumArtGenerator.exe
() C:\Program Files\Homestream\bin\HomestreamConsole.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
(Intel® Corporation) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
(Syntek America Inc.) C:\Windows\System32\StkASv2K.exe
() C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Intel® Corporation) C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Remote\Server\SRFeature.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel® Corporation) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe
(Intel® Corporation) C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
() C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1313640 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [D-Link D-Link Wireless N DWA-140] - C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe [1024000 2010-06-30] (D-Link Corp.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11930696 2013-03-29] (Realtek Semiconductor)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Policies\Explorer: [TaskbarNoNotification] 1
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Homestream.lnk
ShortcutTarget: Homestream.lnk -> C:\Program Files\Homestream\bin\HomestreamConsole.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thetechguys.com/welcome
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.co.uk/
CHR RestoreOnStartup: "hxxp://www.google.co.uk/"
CHR DefaultSearchKeyword: google.co.uk
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Extension: (Angry Birds) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0
CHR Extension: (Google Docs) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0
CHR Extension: (Keep My Opt-Outs) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0
CHR Extension: (Google Wallet) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [pfafkpaifpmpadngdmgiikeipjiedbpc] - C:\Users\Rob\AppData\Local\Temp\ccex.crx
 
========================== Services (Whitelisted) =================
 
R2 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [223448 2007-06-27] (Intel® Corporation)
S2 D-Link Wireless N DWA-140_WPS; C:\Program Files\D-Link\DWA-140 revB\ANIWConnService.exe [53248 2010-06-03] ()
S3 DHTRACE; C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [39640 2007-06-27] (Intel® Corporation)
R2 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2007-02-12] ()
R2 Homestream; C:\Program Files\Homestream\bin\HomestreamService.exe [278528 2012-05-25] ()
S2 HOSTS Anti-PUPs; C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2013-09-08] ()
R2 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [59096 2007-06-27] (Intel® Corporation)
R2 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [268504 2007-06-27] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [157912 2007-06-27] (Intel® Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 NMSCore; C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [317656 2007-06-27] (Intel® Corporation)
R2 QualityManager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [272600 2007-06-27] (Intel® Corporation)
R2 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [446680 2007-06-27] (Intel® Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5a\RpcAgentSrv.exe [71832 2008-08-29] (SiSoftware)
R2 SplashtopRemoteService; C:\Program Files\Splashtop\Splashtop Remote\SERVER\SRService.exe [790368 2013-09-02] (Splashtop Inc.)
R2 SSUService; C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe [609056 2013-08-07] (Splashtop Inc.)
R2 StkASSrv; C:\Windows\System32\StkASv2K.exe [24576 2006-05-24] (Syntek America Inc.)
R2 tvMobiliService; C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe [1145344 2013-01-30] ()
 
==================== Drivers (Whitelisted) ====================
 
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-19] (Microsoft Corporation)
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwf.sys [12800 2009-03-06] ()
S3 ASPI; C:\Windows\System32\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec)
R3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx86.sys [43344 2013-09-16] ()
R0 DSFKSVCS; C:\Windows\System32\DRIVERS\dsfksvcs.sys [479992 2010-02-08] (Microsoft Corporation)
R0 dsfroot; C:\Windows\System32\DRIVERS\dsfroot.sys [31608 2010-02-08] (Microsoft Corporation)
S3 HRMCFGSPC; C:\Windows\System32\DRIVERS\HRMCFGSPC.SYS [92664 2010-02-08] (Microsoft Corporation)
S3 HRMINTS; C:\Windows\System32\DRIVERS\HRMINTS.SYS [89976 2010-02-08] (Microsoft Corporation)
S3 HRMPORTS; C:\Windows\System32\DRIVERS\HRMPORTS.SYS [103160 2010-02-08] (Microsoft Corporation)
R3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5632 2007-09-28] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R3 netr28u; C:\Windows\System32\DRIVERS\Dnetr28u.sys [849248 2010-04-29] (Ralink Technology Corp.)
R2 nmsunidr; C:\Windows\System32\DRIVERS\nmsunidr.sys [5376 2007-02-18] (Gteko Ltd.)
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-08-10] (Microsoft Corporation)
S3 rt2870; C:\Windows\System32\DRIVERS\rt2870.sys [1690784 2013-02-06] (Ralink Technology, Corp.)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5a\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
R2 SBKUPNT; C:\Windows\system32\Drivers\SBKUPNT.SYS [14976 2001-07-13] ()
S3 StkAMini; C:\Windows\System32\Drivers\StkAMini.sys [241628 2006-09-27] (Syntek America Inc.)
S3 StkScan; C:\Windows\System32\Drivers\StkScan.sys [4772 2006-08-02] (Syntek America Inc.)
S3 TSHWMDTCP; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [14552 2007-06-27] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
U3 Partizan; system32\drivers\Partizan.sys [x]
S3 PCIUtil; \??\C:\Users\Rob\AppData\Local\Temp\PCIUtil.sys [x]
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-27 22:19 - 2013-12-27 22:19 - 00347816 _____ (Microsoft Corporation) C:\Users\Rob\Downloads\MicrosoftFixit.WindowsFirewall.RNP.63311594205384582.6.1.Run.exe
2013-12-27 20:42 - 2013-12-27 20:42 - 00000000 _____ C:\Windows\setuperr.log
2013-12-27 20:42 - 2013-12-27 20:42 - 00000000 _____ C:\Windows\setupact.log
2013-12-26 11:56 - 2013-12-26 11:56 - 00244224 _____ C:\Users\Rob\Downloads\CF_UNINST.EXE
2013-12-26 11:54 - 2013-12-26 11:54 - 00000000 ___SD C:\ComboFix
2013-12-24 17:59 - 2013-12-24 17:59 - 00358576 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-24 17:59 - 2013-12-24 17:59 - 00112744 _____ C:\Users\Rob\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-24 15:01 - 2013-12-24 15:02 - 00031812 _____ C:\Users\Rob\Desktop\Addition.txt
2013-12-24 14:59 - 2013-12-28 17:34 - 00013566 _____ C:\Users\Rob\Desktop\FRST.txt
2013-12-24 14:56 - 2013-12-24 14:57 - 00013914 _____ C:\Users\Rob\Documents\cc_20131224_145654.reg
2013-12-22 18:27 - 2013-12-22 18:27 - 00000000 ____D C:\Users\Rob\Desktop\FRST-OlderVersion
2013-12-22 17:56 - 2013-12-22 17:56 - 00000000 ____D C:\@RestoreQuarantine
2013-12-22 16:14 - 2013-12-22 16:14 - 00000258 __RSH C:\ProgramData\ntuser.pol
2013-12-22 16:06 - 2013-12-22 18:01 - 00000672 _____ C:\Windows\system32\PARTIZAN.TXT
2013-12-22 15:57 - 2013-12-22 18:07 - 00000000 ____D C:\Program Files\UnHackMe
2013-12-22 15:57 - 2013-12-22 17:58 - 00000000 ____D C:\Users\Rob\Documents\RegRun2
2013-12-22 15:57 - 2013-12-22 17:58 - 00000000 ____D C:\ProgramData\RegRun
2013-12-22 15:57 - 2013-12-22 15:57 - 00000406 _____ C:\Windows\Tasks\UnHackMe Task Scheduler.job
2013-12-22 15:57 - 2013-12-22 15:57 - 00000002 RSHOT C:\Windows\winstart.bat
2013-12-21 12:09 - 2013-12-22 18:27 - 01061231 _____ (Farbar) C:\Users\Rob\Desktop\FRST.exe
2013-12-21 12:09 - 2013-12-22 18:27 - 00000000 ____D C:\FRST
2013-12-13 17:21 - 2013-12-26 11:56 - 00000000 ____D C:\Windows\erdnt
2013-12-13 15:35 - 2013-12-28 17:32 - 00691283 _____ C:\Windows\WindowsUpdate.log
2013-12-12 21:46 - 2013-11-14 22:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 21:46 - 2013-11-14 22:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 21:46 - 2013-11-14 22:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-12 21:46 - 2013-11-14 22:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 21:46 - 2013-11-14 22:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-12 21:46 - 2013-11-14 22:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-12 21:46 - 2013-11-14 22:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 21:46 - 2013-11-14 22:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-12 21:46 - 2013-11-14 22:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 21:46 - 2013-11-14 22:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-12 21:46 - 2013-11-14 22:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 21:46 - 2013-11-14 22:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 21:45 - 2013-11-14 23:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 21:45 - 2013-11-14 22:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 21:45 - 2013-11-14 22:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 21:45 - 2013-11-14 22:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 17:08 - 2013-10-30 02:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2013-12-12 17:08 - 2013-10-30 01:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 17:08 - 2013-10-30 00:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-12 17:08 - 2013-10-30 00:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 17:08 - 2013-10-22 07:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 17:08 - 2013-10-11 02:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 17:08 - 2013-10-11 02:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 17:08 - 2013-10-11 02:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2013-12-12 17:08 - 2013-10-11 00:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 17:08 - 2013-10-11 00:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-09 14:40 - 2013-12-09 14:40 - 01191834 _____ C:\Users\Rob\Downloads\ProcessExplorer.zip
2013-12-09 13:41 - 2013-12-09 13:42 - 02799296 _____ (Sysinternals - www.sysinternals.com) C:\Users\Rob\Downloads\procexp.exe
2013-12-04 15:30 - 2013-12-04 15:30 - 00000000 ____D C:\Program Files\AGEIA Technologies
2013-12-04 15:25 - 2013-11-14 11:57 - 22951200 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2013-12-04 15:25 - 2013-11-14 11:57 - 15862272 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2013-12-04 15:25 - 2013-11-14 11:57 - 10446112 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-12-04 15:25 - 2013-11-14 11:57 - 09663656 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-12-04 15:25 - 2013-11-14 11:57 - 09619872 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-12-04 15:25 - 2013-11-14 11:57 - 02947872 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-12-04 15:25 - 2013-11-14 11:57 - 02747680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-12-04 15:25 - 2013-11-14 11:57 - 01049888 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3233182.dll
2013-12-04 15:25 - 2013-11-14 11:57 - 00893728 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3233182.dll
2013-12-04 15:24 - 2013-11-14 11:57 - 17560352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-12-04 15:16 - 2013-12-04 15:19 - 199358496 _____ (NVIDIA Corporation) C:\Users\Rob\Downloads\331.82-desktop-win8-win7-winvista-32bit-international-whql.exe
2013-12-03 15:56 - 2013-12-03 15:57 - 11370931 _____ (Shareaza Development Team                                   ) C:\Users\Rob\Downloads\Shareaza_2.7.1.0_Win32.exe
2013-12-02 11:51 - 2013-12-02 11:51 - 00000000 ____D C:\Program Files\Windows Kits
2013-12-02 11:51 - 2013-12-02 11:51 - 00000000 ____D C:\Program Files\Application Verifier
2013-11-29 10:44 - 2013-12-05 10:31 - 00001976 _____ C:\Users\Public\Desktop\Google Chrome.lnk
 
==================== One Month Modified Files and Folders =======
 
2013-12-28 17:34 - 2013-12-24 14:59 - 00013566 _____ C:\Users\Rob\Desktop\FRST.txt
2013-12-28 17:33 - 2006-11-02 10:33 - 00795652 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-28 17:32 - 2013-12-13 15:35 - 00691283 _____ C:\Windows\WindowsUpdate.log
2013-12-28 17:31 - 2013-06-20 10:07 - 00000000 ____D C:\ProgramData\TVMOBiLi
2013-12-28 17:28 - 2012-06-28 16:36 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-28 17:27 - 2012-06-28 16:36 - 00000876 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-28 17:26 - 2006-11-02 13:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-28 17:26 - 2006-11-02 12:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-28 17:26 - 2006-11-02 12:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-28 11:30 - 2006-11-02 13:01 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-28 09:54 - 2012-04-21 13:40 - 00001356 _____ C:\Users\Rob\AppData\Local\d3d9caps.dat
2013-12-27 22:19 - 2013-12-27 22:19 - 00347816 _____ (Microsoft Corporation) C:\Users\Rob\Downloads\MicrosoftFixit.WindowsFirewall.RNP.63311594205384582.6.1.Run.exe
2013-12-27 22:07 - 2013-06-20 10:07 - 00001156 _____ C:\Users\Public\Desktop\TVMOBiLi.lnk
2013-12-27 20:42 - 2013-12-27 20:42 - 00000000 _____ C:\Windows\setuperr.log
2013-12-27 20:42 - 2013-12-27 20:42 - 00000000 _____ C:\Windows\setupact.log
2013-12-27 20:42 - 2012-04-04 17:13 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-12-27 20:42 - 2012-04-04 17:13 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-12-27 20:42 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-26 11:56 - 2013-12-26 11:56 - 00244224 _____ C:\Users\Rob\Downloads\CF_UNINST.EXE
2013-12-26 11:56 - 2013-12-13 17:21 - 00000000 ____D C:\Windows\erdnt
2013-12-26 11:54 - 2013-12-26 11:54 - 00000000 ___SD C:\ComboFix
2013-12-25 11:48 - 2012-04-04 12:49 - 00016322 _____ C:\Windows\system32\RaCoInst.log
2013-12-24 17:59 - 2013-12-24 17:59 - 00358576 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-24 17:59 - 2013-12-24 17:59 - 00112744 _____ C:\Users\Rob\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-24 15:02 - 2013-12-24 15:01 - 00031812 _____ C:\Users\Rob\Desktop\Addition.txt
2013-12-24 14:57 - 2013-12-24 14:56 - 00013914 _____ C:\Users\Rob\Documents\cc_20131224_145654.reg
2013-12-23 17:38 - 2012-04-28 14:05 - 00000000 ____D C:\Users\Rob\AppData\Roaming\SystemRequirementsLab
2013-12-23 17:24 - 2007-01-31 23:59 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-22 18:27 - 2013-12-22 18:27 - 00000000 ____D C:\Users\Rob\Desktop\FRST-OlderVersion
2013-12-22 18:27 - 2013-12-21 12:09 - 01061231 _____ (Farbar) C:\Users\Rob\Desktop\FRST.exe
2013-12-22 18:27 - 2013-12-21 12:09 - 00000000 ____D C:\FRST
2013-12-22 18:07 - 2013-12-22 15:57 - 00000000 ____D C:\Program Files\UnHackMe
2013-12-22 18:01 - 2013-12-22 16:06 - 00000672 _____ C:\Windows\system32\PARTIZAN.TXT
2013-12-22 17:58 - 2013-12-22 15:57 - 00000000 ____D C:\Users\Rob\Documents\RegRun2
2013-12-22 17:58 - 2013-12-22 15:57 - 00000000 ____D C:\ProgramData\RegRun
2013-12-22 17:56 - 2013-12-22 17:56 - 00000000 ____D C:\@RestoreQuarantine
2013-12-22 17:56 - 2013-09-08 08:54 - 00000000 ____D C:\Program Files\Hosts_Anti_Adwares_PUPs
2013-12-22 17:29 - 2012-05-14 19:09 - 00000809 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-22 17:29 - 2012-05-14 19:09 - 00000000 ____D C:\Program Files\CCleaner
2013-12-22 16:14 - 2013-12-22 16:14 - 00000258 __RSH C:\ProgramData\ntuser.pol
2013-12-22 16:03 - 2012-04-10 17:02 - 00000000 ____D C:\Users\Rob\AppData\Roaming\Izem
2013-12-22 15:57 - 2013-12-22 15:57 - 00000406 _____ C:\Windows\Tasks\UnHackMe Task Scheduler.job
2013-12-22 15:57 - 2013-12-22 15:57 - 00000002 RSHOT C:\Windows\winstart.bat
2013-12-22 15:57 - 2006-11-02 10:23 - 00002577 _____ C:\Windows\system32\config.nt
2013-12-22 15:57 - 2006-11-02 10:23 - 00001688 _____ C:\Windows\system32\autoexec.nt
2013-12-13 15:11 - 2007-09-29 08:42 - 00000000 ____D C:\Windows\Minidump
2013-12-13 10:33 - 2013-05-22 13:37 - 00000375 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-12-13 10:33 - 2012-04-04 11:56 - 00000000 ____D C:\Users\Rob
2013-12-13 09:47 - 2013-09-27 10:50 - 00000000 ____D C:\Windows\system32\RTCOM
2013-12-12 21:49 - 2013-08-14 08:45 - 00000000 ____D C:\Windows\system32\MRT
2013-12-12 21:46 - 2006-11-02 10:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-12-09 14:40 - 2013-12-09 14:40 - 01191834 _____ C:\Users\Rob\Downloads\ProcessExplorer.zip
2013-12-09 13:42 - 2013-12-09 13:41 - 02799296 _____ (Sysinternals - www.sysinternals.com) C:\Users\Rob\Downloads\procexp.exe
2013-12-09 12:48 - 2012-05-27 11:44 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-09 12:45 - 2011-10-12 10:35 - 00000000 __SHD C:\AI_RecycleBin
2013-12-09 12:45 - 2011-05-12 08:27 - 00000000 __SHD C:\Windows\system32\AI_RecycleBin
2013-12-05 10:31 - 2013-11-29 10:44 - 00001976 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-04 15:30 - 2013-12-04 15:30 - 00000000 ____D C:\Program Files\AGEIA Technologies
2013-12-04 15:19 - 2013-12-04 15:16 - 199358496 _____ (NVIDIA Corporation) C:\Users\Rob\Downloads\331.82-desktop-win8-win7-winvista-32bit-international-whql.exe
2013-12-03 16:00 - 2012-07-02 17:48 - 00000000 ____D C:\Program Files\Shareaza
2013-12-03 15:59 - 2012-08-29 10:06 - 00000000 ____D C:\Users\Rob\Downloads\tvmobili
2013-12-03 15:57 - 2013-12-03 15:56 - 11370931 _____ (Shareaza Development Team                                   ) C:\Users\Rob\Downloads\Shareaza_2.7.1.0_Win32.exe
2013-12-03 12:16 - 2012-05-11 10:09 - 00000000 ____D C:\Users\Rob\AppData\Roaming\Spotify
2013-12-03 10:23 - 2012-05-11 10:09 - 00000000 ____D C:\Users\Rob\AppData\Local\Spotify
2013-12-03 09:53 - 2012-04-05 13:32 - 00051712 _____ C:\Users\Rob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-02 15:04 - 2012-05-02 10:59 - 00000000 ____D C:\Windows\pss
2013-12-02 11:51 - 2013-12-02 11:51 - 00000000 ____D C:\Program Files\Windows Kits
2013-12-02 11:51 - 2013-12-02 11:51 - 00000000 ____D C:\Program Files\Application Verifier
2013-12-02 11:51 - 2013-09-08 18:09 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-02 10:26 - 2012-04-16 13:05 - 00000000 ____D C:\Users\Rob\AppData\Local\Microsoft Help
2013-12-02 10:25 - 2012-04-16 13:05 - 00000000 ____D C:\Users\Rob\Documents\Visual Studio 2008
2013-11-29 20:52 - 2012-04-04 11:56 - 00000949 _____ C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2013-11-29 20:51 - 2013-09-29 14:11 - 00000000 ____D C:\Users\Rob\AppData\Roaming\vlc
2013-11-29 20:50 - 2013-09-29 14:11 - 00000864 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-29 17:24 - 2012-07-06 21:11 - 00000000 ____D C:\Users\Rob\Documents\Prescriptions
2013-11-29 16:21 - 2013-05-12 17:41 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2013-11-29 16:21 - 2012-04-17 10:40 - 00000000 ____D C:\Program Files\DivX
2013-11-29 16:21 - 2012-04-17 10:39 - 00000000 ____D C:\ProgramData\DivX
2013-11-29 10:44 - 2012-04-04 13:59 - 00000000 ____D C:\Users\Rob\AppData\Local\Google
2013-11-29 10:44 - 2008-03-21 11:38 - 00000000 ____D C:\Program Files\Google
 
Files to move or delete:
====================
C:\Users\Rob\AppData\Roaming\desktop.ini
C:\ProgramData\msagsu.exe
 
 
Some content of TEMP:
====================
C:\Users\Rob\AppData\Local\Temp\i4jdel0.exe
C:\Users\Rob\AppData\Local\Temp\_isFCE9.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-28 17:33
 
==================== End Of Log ============================
 
 
 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-12-2013 01
Ran by Rob at 2013-12-28 17:35:08
Running from C:\Users\Rob\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
7-Zip 9.22beta
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Any Video Converter 3.5.8
Application Verifier x86 External Package (Version: 8.100.25984)
Audacity 2.0.3 (Version: 2.0.3)
audiosamples (Version: 1.1.6001.0)
avstreamsamples (Version: 1.1.6001.0)
avstreamtools_ia64fre (Version: 1.1.6001.0)
avstreamtools_x64fre (Version: 1.1.6001.0)
avstreamtools_x86fre (Version: 1.1.6001.0)
biometricsamples (Version: 1.1.6001.0)
biometrictools_x64fre (Version: 1.1.6001.0)
biometrictools_x86fre (Version: 1.1.6001.0)
BitTorrent (HKCU Version: 7.8.2.30182)
bluetoothsamples (Version: 1.1.6001.0)
bluetoothtools_ia64fre (Version: 1.1.6001.0)
bluetoothtools_x64fre (Version: 1.1.6001.0)
bluetoothtools_x86fre (Version: 1.1.6001.0)
Bonjour (Version: 2.0.2.0)
Bonjour Print Services (Version: 2.0.2.0)
buildsamples (Version: 1.1.6001.0)
buildtools_ia64fre (Version: 1.1.6001.0)
buildtools_x64fre (Version: 1.1.6001.0)
buildtools_x86fre (Version: 1.1.6001.0)
bussamples (Version: 1.1.6001.0)
Camera Window MC (Version: 6.0)
cancelsample (Version: 1.1.6001.0)
Canon Camera Window MC 6 for ZoomBrowser EX (Version: 6.0)
Canon MP Navigator EX 3.0
Canon MP270 series MP Drivers
Canon MP560 series MP Drivers
Canon My Printer (Version: 3.0.0)
Canon Utilities Solution Menu
CCleaner (Version: 4.09)
chkinftool_x86fre (Version: 1.1.6001.0)
D3DX10 (Version: 15.4.2368.0902)
debugfiles_win7 (Version: 1.1.6001.0)
Debugging Tools for Windows (x86) (Version: 6.12.2.633)
Debut Video Capture Software (Version: 1.82)
Device Simulation Framework 1.0.1 (Version: 1.0.1)
dfx_ia64fre (Version: 1.1.6001.0)
dfx_x64fre (Version: 1.1.6001.0)
dfx_x86fre (Version: 1.1.6001.0)
displaysamples (Version: 1.1.6001.0)
D-Link DWA-140
drvtools_ia64fre (Version: 1.1.6001.0)
drvtools_x64fre (Version: 1.1.6001.0)
drvtools_x86fre (Version: 1.1.6001.0)
DSF-KitSetup (Version: 1.1.6001.0)
dsfsamples (Version: 1.1.6001.0)
eventsample (Version: 1.1.6001.0)
evntdrvsample (Version: 1.1.6001.0)
File Type Assistant <==== ATTENTION
FileHippo.com Update Checker
fireflysample (Version: 1.1.6001.0)
Free File Viewer 2012
Free Word/Doc Txt to Image Jpg/Jpeg Bmp Tiff Png Converter 5.1
Garmin BaseCamp (Version: 4.2.3)
Garmin City Navigator Europe (Unicode) NT 2013.21 Update (Version: 16.21.0.0)
Garmin City Navigator Europe NT 2014.10 Update (Version: 17.10.0.0)
Garmin Communicator Plugin (Version: 4.0.4)
Garmin MapInstall (Version: 4.0.3)
Garmin POI Loader (Version: 2.7.1)
Garmin USB Drivers (Version: 2.3.1.0)
generalsamples (Version: 1.1.6001.0)
generaltools_ia64fre (Version: 1.1.6001.0)
generaltools_x64fre (Version: 1.1.6001.0)
generaltools_x86fre (Version: 1.1.6001.0)
GIMP 2.8.6 (Version: 2.8.6)
Google Chrome (Version: 31.0.1650.63)
Google Drive (Version: 1.13.5782.599)
Google Earth (Version: 7.1.2.2041)
Google Update Helper (Version: 1.3.22.3)
headers (Version: 1.1.6001.0)
hid_inputsamples (Version: 1.1.6001.0)
hidsampleinput (Version: 1.1.6001.0)
hidsamples (Version: 1.1.6001.0)
Homestream
ifssamples (Version: 1.1.6001.0)
imagingtools_ia64fre (Version: 1.1.6001.0)
imagingtools_x64fre (Version: 1.1.6001.0)
imagingtools_x86fre (Version: 1.1.6001.0)
ImgBurn (Version: 2.5.7.0)
infsample_ia64fre (Version: 1.1.6001.0)
infsample_x64fre (Version: 1.1.6001.0)
infsample_x86fre (Version: 1.1.6001.0)
installhelp (Version: 1.1.6001.0)
Intel® PRO Network Connections Drivers
Intel® Viiv™ Software (Version: 1.7.512.0)
Intel® Matrix Storage Manager
Internet Explorer (Enable DEP)
ioctlsample (Version: 1.1.6001.0)
irsamples (Version: 1.1.6001.0)
iTunes (Version: 10.7.0.21)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Junk Mail filter update (Version: 15.4.3502.0922)
Kits Configuration Installer (Version: 8.100.25984)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MediaInfo 0.7.64 (Version: 0.7.64)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008 (Version: 9.0.21022)
Microsoft Excel 97
Microsoft Fix it Center (Version: 1.0.0100)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework 2.0 Core Components (x86) ENU  (Version: 2.0.1578.0)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU  (Version: 2.0.1578.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (Version: 12.0.20617.1)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.20617 (Version: 12.0.20617)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.20617 (Version: 12.0.20617)
Microsoft Web Publishing Wizard 1.5
Microsoft Windows Driver Kit 7.1.0.7600 (Version: 7.1.0.7600)
Microsoft Windows Driver Kit Documentation 7600.091201 (Version: 6.0.7600.0)
Microsoft Word 97
Microsoft Word 97 Web Authoring (Remove AutoUpdate release)
modemtools (Version: 1.1.6001.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
networklibraries_ia64fre (Version: 1.1.6001.0)
networklibraries_x64fre (Version: 1.1.6001.0)
networklibraries_x86fre (Version: 1.1.6001.0)
networksamples (Version: 1.1.6001.0)
NVIDIA 3D Vision Controller Driver 331.82 (Version: 331.82)
NVIDIA Control Panel 331.82 (Version: 331.82)
NVIDIA Graphics Driver 331.82 (Version: 331.82)
NVIDIA Install Application (Version: 2.1002.142.992)
NVIDIA PhysX (Version: 9.13.0725)
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725)
oacr_x86fre (Version: 1.1.6001.0)
offreg_ia64fre (Version: 1.1.6001.0)
offreg_x64fre (Version: 1.1.6001.0)
offreg_x86fre (Version: 1.1.6001.0)
pcidrvsample (Version: 1.1.6001.0)
pfd_ia64fre (Version: 1.1.6001.0)
pfd_x64fre (Version: 1.1.6001.0)
pfd_x86fre (Version: 1.1.6001.0)
pnpportssample (Version: 1.1.6001.0)
pnptools_ia64fre (Version: 1.1.6001.0)
pnptools_x64fre (Version: 1.1.6001.0)
pnptools_x86fre (Version: 1.1.6001.0)
portiosample (Version: 1.1.6001.0)
Power2Go 5.0
powermanagement_ia64fre (Version: 1.1.6001.0)
powermanagement_x64fre (Version: 1.1.6001.0)
powermanagement_x86fre (Version: 1.1.6001.0)
printsamples (Version: 1.1.6001.0)
printtools_ia64fre (Version: 1.1.6001.0)
printtools_x64fre (Version: 1.1.6001.0)
printtools_x86fre (Version: 1.1.6001.0)
QuickTime (Version: 7.74.80.86)
readme (Version: 1.1.6001.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6873)
SDK Debuggers (Version: 8.100.25984)
sdv (Version: 1.1.6001.0)
Segoe UI (Version: 15.4.2271.0615)
sensorsamples (Version: 1.1.6001.0)
setupsamples (Version: 1.1.6001.0)
setuptools_ia64fre (Version: 1.1.6001.0)
setuptools_x64fre (Version: 1.1.6001.0)
setuptools_x86fre (Version: 1.1.6001.0)
Shareaza 2.6.0.0 (Version: 2.6.0.0)
sideshowsamples (Version: 1.1.6001.0)
SiSoftware Sandra Lite 2013.SP5 (Version: 19.58.2013.9)
SlimCleaner (Version: 4.0.30422)
smartcardsamples (Version: 1.1.6001.0)
Splashtop Software Updater (Version: 1.5.6.14)
Splashtop Streamer (Version: 2.4.5.2)
Spotify (HKCU Version: 0.9.6.72.ge389c074)
storagesamples (Version: 1.1.6001.0)
streammediasamples (Version: 1.1.6001.0)
swMSM (Version: 12.0.0.1)
swtuner (Version: 1.1.6001.0)
SyncToy 2.1 (x86) (Version: 2.1.0)
System Requirements Lab for Intel (Version: 4.5.13.0)
toastermetadatapackagesample (Version: 1.1.6001.0)
toastersample (Version: 1.1.6001.0)
toolindex (Version: 1.1.6001.0)
tracingtool_ia64fre (Version: 1.1.6001.0)
tracingtool_x64fre (Version: 1.1.6001.0)
tracingtool_x86fre (Version: 1.1.6001.0)
TVMOBiLi
umdfsamples (Version: 1.1.6001.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
usbsamples (Version: 1.1.6001.0)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
vistalibs_ia64fre (Version: 1.1.6001.0)
vistalibs_x64fre (Version: 1.1.6001.0)
vistalibs_x86fre (Version: 1.1.6001.0)
VLC media player 2.1.1 (Version: 2.1.1)
wcoinstallers (Version: 1.1.6001.0)
wdftools_ia64fre (Version: 1.1.6001.0)
wdftools_x64fre (Version: 1.1.6001.0)
wdftools_x86fre (Version: 1.1.6001.0)
wdtfbinaries_ia64fre (Version: 1.1.6001.0)
wdtfbinaries_x64fre (Version: 1.1.6001.0)
wdtfbinaries_x86fre (Version: 1.1.6001.0)
WinDirStat 1.1.2
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Software Development Kit EULA (Version: 8.100.25984)
Windows Software Development Kit for Windows 8.1 (Version: 8.100.25984)
WinRAR 5.01 beta 1 (32-bit) (Version: 5.01.1)
wmisamples (Version: 1.1.6001.0)
wnetlibs_ia64fre (Version: 1.1.6001.0)
wnetlibs_x64fre (Version: 1.1.6001.0)
wnetlibs_x86fre (Version: 1.1.6001.0)
wpdsamples (Version: 1.1.6001.0)
wpdtools_ia64fre (Version: 1.1.6001.0)
wpdtools_x64fre (Version: 1.1.6001.0)
wpdtools_x86fre (Version: 1.1.6001.0)
wsdtool_ia64fre (Version: 1.1.6001.0)
wsdtool_x64fre (Version: 1.1.6001.0)
wsdtool_x86fre (Version: 1.1.6001.0)
wxplibs_x86fre (Version: 1.1.6001.0)
 
==================== Restore Points  =========================
 
09-12-2013 09:06:15 Windows Update
09-12-2013 12:44:23 Removed InstallIQ Updater
09-12-2013 12:45:34 Removed Garmin WebUpdater
09-12-2013 12:46:14 Removed Apple Application Support
09-12-2013 12:47:33 Removed Apple Software Update
09-12-2013 12:48:06 Removed Apple Mobile Device Support
10-12-2013 11:50:11 Scheduled Checkpoint
11-12-2013 10:50:22 Scheduled Checkpoint
12-12-2013 17:25:58 Windows Update
12-12-2013 21:45:35 Windows Update
13-12-2013 13:07:52 Scheduled Checkpoint
14-12-2013 13:59:21 Scheduled Checkpoint
15-12-2013 10:36:05 Scheduled Checkpoint
16-12-2013 10:16:30 Scheduled Checkpoint
17-12-2013 15:16:58 Scheduled Checkpoint
22-12-2013 17:31:58 Windows Update
22-12-2013 17:42:17 Windows Update
22-12-2013 17:55:11 RegRun Virus Scan
23-12-2013 16:39:45 Scheduled Checkpoint
23-12-2013 17:25:24 Installed Driver Manager.
24-12-2013 10:42:09 Scheduled Checkpoint
25-12-2013 10:39:22 Scheduled Checkpoint
26-12-2013 10:24:48 Windows Update
27-12-2013 11:48:33 Restore Operation
27-12-2013 14:00:10 Restore Operation
28-12-2013 11:05:16 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
2006-11-02 10:23 - 2013-11-16 19:10 - 05947261 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 2010-fr.com # hosts anti-adware / pups
127.0.0.1 2012-new.biz # hosts anti-adware / pups
127.0.0.1 212link.com # hosts anti-adware / pups
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
127.0.0.1 24h00business.com # hosts anti-adware / pups
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
127.0.0.1 ad.adn360.com # hosts anti-adware / pups
127.0.0.1 adeartss.eu # hosts anti-adware / pups
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
127.0.0.1 adm.soft365.com # hosts anti-adware / pups
127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
127.0.0.1 ads.aff.co # hosts anti-adware / pups
127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
127.0.0.1 ads.icksor.com # hosts anti-adware / pups
127.0.0.1 ads.pornerbros.com # hosts anti-adware / pups
127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups
127.0.0.1 ads.sucomspot.com # hosts anti-adware / pups
127.0.0.1 ads.tersecta.com # hosts anti-adware / pups
127.0.0.1 a.dungtank.com # hosts anti-adware / pups
127.0.0.1 adwcleaner.programmesetjeux.com # hosts anti-adware / pups
127.0.0.1 adwcleaner.telecharger.toggle.com # hosts anti-adware / pups
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0860AC6A-D7D4-482D-A500-F3F49F88B0F9} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\ConfigExec => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunCollectConfigurationInfo
Task: {089FBFF1-DDFD-4992-90B6-41FF33D9BD46} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {151D6B8C-EBE2-42B4-86DA-24686A35EC94} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {194318BA-2FAB-4225-AC52-2F43CC142A9A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-28] (Google Inc.)
Task: {1C8D4BDC-41E3-4AAD-AD4C-32E445898923} - System32\Tasks\PC Optimizer Pro startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {429A56CE-9373-4F3A-B903-DC6F63512B59} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {5277DE20-7657-4637-9A38-E17AF69831CE} - System32\Tasks\ProgramUpdateCheck => C:\Program Files\File Type Assistant\tsassist.exe [2012-08-10] (Trusted Software ApS) <==== ATTENTION
Task: {83B05DAE-DE5E-4110-93C4-83F1C800AD99} - System32\Tasks\SlimCleaner Run => C:\Program Files\SlimCleaner\SlimCleaner.exe [2013-06-21] (SlimWare Utilities, Inc.)
Task: {A0D30CF6-1DDD-4109-813B-9C0FCDEE6EB3} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\MatSvc\DataUpload => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RetryDataUpload
Task: {B178C292-1778-43E7-AEF3-6573CEBD71B4} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2011-08-10] (Microsoft Corporation)
Task: {B530C22C-D87D-40B2-8A21-78FF6BBE3C9B} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\OSUpgrade => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunHandleOSUpgrade
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2012-04-04] ()
Task: {F3E876C4-111C-47C1-9C94-3A2E62484D80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-28] (Google Inc.)
Task: {F911EADD-D3E1-4A0B-B6E3-A049A96BA1B5} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Rob => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\UnHackMe Task Scheduler.job => C:\Program Files\UnHackMe\hackmon.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-04-04 12:50 - 2012-04-04 12:50 - 00315392 _____ () C:\Program Files\D-Link\DWA-140 revB\ANPDApi.dll
2012-04-04 12:50 - 2010-06-29 16:23 - 00299008 _____ () C:\Program Files\D-Link\DWA-140 revB\WlanApp.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Users\Rob\Downloads:Shareaza.GUID
AlternateDataStreams: C:\Users\Rob\Downloads\tvmobili:Shareaza.GUID
AlternateDataStreams: C:\Users\Rob\Documents\Video tools:Shareaza.GUID
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Spooler => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListenPush => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft RemoteAssist => ""="Service"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/28/2013 05:26:00 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
 
Error: (12/28/2013 03:06:51 PM) (Source: System Restore) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: .
 
Error: (12/28/2013 03:04:53 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (12/28/2013 11:32:43 AM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (12/28/2013 11:29:37 AM) (Source: System Restore) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: .
 
Error: (12/28/2013 09:45:53 AM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (12/27/2013 10:34:18 PM) (Source: MatSvc) (User: )
Description: The scheduled MATS task encountered a failure when collecting configuration data. hr=0x80070005
.
 
Error: (12/27/2013 02:50:56 PM) (Source: System Restore) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: .
 
Error: (12/27/2013 00:15:55 PM) (Source: System Restore) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: .
 
Error: (12/27/2013 11:43:42 AM) (Source: System Restore) (User: )
Description: System restore ended unexpectedly because of power loss or a program error. Additional information: (Scheduled Checkpoint).
 
 
System errors:
=============
Error: (12/28/2013 05:31:56 PM) (Source: Service Control Manager) (User: )
Description: Intel® Viiv™ Media Server
 
Error: (12/28/2013 05:28:32 PM) (Source: Service Control Manager) (User: )
Description: HOSTS Anti-PUPs%%1053
 
Error: (12/28/2013 05:28:32 PM) (Source: Service Control Manager) (User: )
Description: 30000HOSTS Anti-PUPs
 
Error: (12/28/2013 03:14:36 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.165.686.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.4.0304.00
 
Source Path: 4.4.0304.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (12/28/2013 03:14:36 PM) (Source: DCOM) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error: (12/28/2013 03:06:24 PM) (Source: Service Control Manager) (User: )
Description: Windows Media Center Extender ServiceFunction Discovery Provider Host%%1068
 
Error: (12/28/2013 03:06:24 PM) (Source: Service Control Manager) (User: )
Description: PnP-X IP Bus EnumeratorFunction Discovery Provider Host%%1068
 
Error: (12/28/2013 03:06:22 PM) (Source: Service Control Manager) (User: )
Description: PnP-X IP Bus EnumeratorFunction Discovery Provider Host%%1068
 
Error: (12/28/2013 03:05:47 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068
 
Error: (12/28/2013 03:05:47 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (12/28/2013 05:26:00 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
 
Error: (12/28/2013 03:06:51 PM) (Source: System Restore)(User: )
Description: Scheduled Checkpoint
 
Error: (12/28/2013 03:04:53 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (12/28/2013 11:32:43 AM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (12/28/2013 11:29:37 AM) (Source: System Restore)(User: )
Description: Scheduled Checkpoint
 
Error: (12/28/2013 09:45:53 AM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (12/27/2013 10:34:18 PM) (Source: MatSvc)(User: )
Description: hr=0x80070005
 
Error: (12/27/2013 02:50:56 PM) (Source: System Restore)(User: )
Description: Scheduled Checkpoint
 
Error: (12/27/2013 00:15:55 PM) (Source: System Restore)(User: )
Description: Scheduled Checkpoint
 
Error: (12/27/2013 11:43:42 AM) (Source: System Restore)(User: )
Description: Scheduled Checkpoint
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-10-15 23:57:00.657
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:57:00.508
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:57:00.358
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:57:00.204
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:56:26.249
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:56:26.087
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:56:25.894
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:56:25.696
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:56:25.451
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-15 23:56:25.301
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 74%
Total physical RAM: 2045.46 MB
Available physical RAM: 522.18 MB
Total Pagefile: 4331.95 MB
Available Pagefile: 2787.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1925.05 MB
 
==================== Drives ================================
 
Drive c: (Vista) (Fixed) (Total:291.25 GB) (Free:152.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:76.68 GB) (Free:28.62 GB) NTFS
Drive f: () (Fixed) (Total:298.09 GB) (Free:50.63 GB) NTFS
Drive s: (System) (Fixed) (Total:1.46 GB) (Free:1.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 2F159D44)
Partition 1: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 313CBE4F)
Partition 1: (Not Active) - (Size=5 GB) - (Type=27)
Partition 2: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=291 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 77 GB) (Disk ID: 3AC0E280)
Partition 1: (Active) - (Size=77 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:25 AM

Posted 28 December 2013 - 08:14 PM



Hello robpetcro

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 robpetcro

robpetcro
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 29 December 2013 - 05:16 PM

Results as requested, I was unable to run junkware in admin mode, I made 3 attempts to download it to desktop but it's not there, in fact I can't find it anywhere on pc so I just ran straight from download. The pc is a bit quicker but does not network and still get 'System Restore did not complete successfully ... an unspecified error occurred during system restore. Rob

 

# AdwCleaner v3.016 - Report created 29/12/2013 at 10:55:56
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Rob - ROB-PC
# Running from : C:\Users\Rob\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : splashtopremoteservice
Service Found : SSUService
 
***** [ Files / Folders ] *****
 
File Found : C:\END
File Found : C:\Windows\System32\Tasks\NCH Software
Folder Found C:\Program Files\NCH Software
Folder Found C:\Program Files\Splashtop
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\NCH Software
Folder Found C:\ProgramData\Splashtop
Folder Found C:\Users\Rob\AppData\Local\filetypeassistant
Folder Found C:\Users\Rob\AppData\Local\Splashtop
Folder Found C:\Users\Rob\AppData\Roaming\NCH Software
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{B7C5EA94-B96A-41F5-BE95-25D78B486678}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MapsGalaxy_39bar Uninstall
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Splashtop Software Updater
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Found : HKCU\Software\NCH Software
Key Found : HKCU\Software\Splashtop Inc.
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Found : HKLM\Software\Classes\Installer\Features\49AE5C7BA69B5F14EB59527DB8846687
Key Found : HKLM\Software\Classes\Installer\Products\49AE5C7BA69B5F14EB59527DB8846687
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\49AE5C7BA69B5F14EB59527DB8846687
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B7C5EA94-B96A-41F5-BE95-25D78B486678}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Splashtop Software Updater
Key Found : HKLM\Software\NCH Software
Key Found : HKLM\Software\Splashtop Inc.
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16526
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3473 octets] - [29/12/2013 10:55:56]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3533 octets] ##########
 
 
# AdwCleaner v3.016 - Report created 29/12/2013 at 10:57:27
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Rob - ROB-PC
# Running from : C:\Users\Rob\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : splashtopremoteservice
Service Deleted : SSUService
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\Splashtop
Folder Deleted : C:\Program Files\NCH Software
[!] Folder Deleted : C:\Program Files\Splashtop
Folder Deleted : C:\Users\Rob\AppData\Local\filetypeassistant
Folder Deleted : C:\Users\Rob\AppData\Local\Splashtop
Folder Deleted : C:\Users\Rob\AppData\Roaming\NCH Software
File Deleted : C:\END
File Deleted : C:\Windows\System32\Tasks\NCH Software
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\Splashtop Inc.
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\Splashtop Inc.
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B7C5EA94-B96A-41F5-BE95-25D78B486678}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Splashtop Software Updater
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{B7C5EA94-B96A-41F5-BE95-25D78B486678}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MapsGalaxy_39bar Uninstall
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Splashtop Software Updater
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\49AE5C7BA69B5F14EB59527DB8846687
Key Deleted : HKLM\Software\Classes\Installer\Features\49AE5C7BA69B5F14EB59527DB8846687
Key Deleted : HKLM\Software\Classes\Installer\Products\49AE5C7BA69B5F14EB59527DB8846687
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16526
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3613 octets] - [29/12/2013 10:55:56]
AdwCleaner[S0].txt - [3628 octets] - [29/12/2013 10:57:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3688 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista ™ Home Premium x86
Ran by Rob on 29/12/2013 at 11:57:25.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Rob\appdata\local\blekkotb_031"
Successfully deleted: [Folder] "C:\Users\Rob\appdata\local\filetypeassistant"
Successfully deleted: [Folder] "C:\Users\Rob\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Rob\appdata\local\{35EF1BD7-F41E-4ADE-B010-DE36885576DB}
Successfully deleted: [Empty Folder] C:\Users\Rob\appdata\local\{3DD47DD1-C0A6-4356-B6D5-3389E807F906}
Successfully deleted: [Empty Folder] C:\Users\Rob\appdata\local\{3E75E75D-73EF-49FF-A663-F06606242F1B}
Successfully deleted: [Empty Folder] C:\Users\Rob\appdata\local\{40219355-A72E-4471-BDC4-4AE557562D75}
Successfully deleted: [Empty Folder] C:\Users\Rob\appdata\local\{4A7F5021-61E6-4607-A501-B4B13381F805}
Successfully deleted: [Empty Folder] C:\Users\Rob\appdata\local\{4B9413E0-4D42-45F0-9180-C3C6A0653175}
Successfully deleted: [Empty Folder] C:\Users\Rob\appdata\local\{5053E6D1-280F-4540-9E46-4563AA230DAD}
Successfully deleted: [Empty Folder] C:\Users\Rob\appdata\local\{6B326822-3A64-4455-8851-28EFEBE5DEDB}
Successfully deleted: [Empty Folder] C:\Users\Rob\appdata\local\{76ABCBFA-E631-4573-89D4-76026CCD33E2}
Successfully deleted: [Empty Folder] C:\Users\Rob\appdata\local\{804B3CD4-C26F-41B7-8334-8CF9E95FC3B0}
Successfully deleted: [Empty Folder] C:\Users\Rob\appdata\local\{80AF29C0-F949-47C7-AC65-DCAB8FFC8291}
Successfully deleted: [Empty Folder] C:\Users\Rob\appdata\local\{81956B1A-1102-48A1-A64F-7E3E2F3A6F68}
Successfully deleted: [Empty Folder] C:\Users\Rob\appdata\local\{8718263E-E028-4087-B7DF-306EB0819540}
Successfully deleted: [Empty Folder] C:\Users\Rob\appdata\local\{876AA387-6203-43E0-947F-C9B037CD0BDC}
Successfully deleted: [Empty Folder] C:\Users\Rob\appdata\local\{8B227BB3-5C9B-4329-A9D8-68E5AE07DADC}
Successfully deleted: [Empty Folder] C:\Users\Rob\appdata\local\{8E1E1882-CDAD-4429-86F1-534019104783}
Successfully deleted: [Empty Folder] C:\Users\Rob\appdata\local\{8E55D79F-625A-4655-983A-29B223D735C7}
Successfully deleted: [Empty Folder] C:\Users\Rob\appdata\local\{9ADEE889-FD7E-464C-B48E-30D0D4C24B56}
Successfully deleted: [Empty Folder] C:\Users\Rob\appdata\local\{9EB995DF-AB86-440F-ACA0-531F46F05AB5}
Successfully deleted: [Empty Folder] C:\Users\Rob\appdata\local\{A042DCE9-BDF4-4AFE-A88C-7DADAF296559}
Successfully deleted: [Empty Folder] C:\Users\Rob\appdata\local\{A68E1F61-DDDB-40E6-840E-94C186A266EE}
Successfully deleted: [Empty Folder] C:\Users\Rob\appdata\local\{A85BAD7E-DECE-422A-944F-5EBBADA685A5}
Successfully deleted: [Empty Folder] C:\Users\Rob\appdata\local\{AF4DE35D-B700-4522-859A-E19E4FC62286}
Successfully deleted: [Empty Folder] C:\Users\Rob\appdata\local\{B6298377-7472-460E-9508-61A6959193D2}
Successfully deleted: [Empty Folder] C:\Users\Rob\appdata\local\{B8819C4E-D868-4D19-A928-78F66400EB99}
Successfully deleted: [Empty Folder] C:\Users\Rob\appdata\local\{C1B561C7-9C51-40F5-A95C-EC585B4259D6}
Successfully deleted: [Empty Folder] C:\Users\Rob\appdata\local\{C1E166F4-BBAC-474B-8E05-8292F5BF6E2C}
Successfully deleted: [Empty Folder] C:\Users\Rob\appdata\local\{C4A0F008-ACA3-465D-911F-8FAACB0F9E7F}
Successfully deleted: [Empty Folder] C:\Users\Rob\appdata\local\{C93F5796-8C13-46D9-93F3-D68827DD9F22}
Successfully deleted: [Empty Folder] C:\Users\Rob\appdata\local\{D8967F1F-A096-45FE-8EEA-3D7348216E51}
Successfully deleted: [Empty Folder] C:\Users\Rob\appdata\local\{DF40DE3A-A021-4374-817B-C068669684E3}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/12/2013 at 11:59:54.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:25 AM

Posted 29 December 2013 - 08:35 PM


Hello robpetcro

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 robpetcro

robpetcro
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 30 December 2013 - 07:34 AM

Here is the combofix log, I'm sending it now because I can't find where it's been stored! The scan ran without any reboot or queries. Rob

 

 

  ComboFix 13-12-29.01 - Rob 30/12/2013  11:01:03.1.4 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.2045.800 [GMT 0:00]
Running from: c:\users\Rob\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xml19E8.tmp
c:\programdata\xml1AD3.tmp
c:\programdata\xml4F49.tmp
c:\programdata\xml4FA8.tmp
c:\programdata\xml5035.tmp
c:\programdata\xml50C2.tmp
c:\programdata\xml9C72.tmp
c:\programdata\xml9D5D.tmp
c:\programdata\xmlC8EE.tmp
c:\programdata\xmlCA37.tmp
c:\programdata\xmlCAA5.tmp
c:\programdata\xmlCC70.tmp
c:\programdata\xmlCCFE.tmp
c:\programdata\xmlCF19.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-28 to 2013-12-30  )))))))))))))))))))))))))))))))
.
.
2013-12-30 11:10 . 2013-12-30 11:10 -------- d-----w- c:\users\Rob\AppData\Local\temp
2013-12-30 10:48 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38759228-50CF-4AA8-A95B-53734A3CC8E1}\mpengine.dll
2013-12-29 16:52 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-29 15:04 . 2013-12-29 15:04 -------- d-----w- c:\users\Rob\AppData\Local\FileTypeAssistant
2013-12-29 11:57 . 2013-12-29 11:57 -------- d-----w- c:\windows\ERUNT
2013-12-29 10:55 . 2013-12-29 10:57 -------- d-----w- C:\AdwCleaner
2013-12-27 22:20 . 2013-12-27 22:20 -------- d-----w- c:\users\Rob\AppData\Local\ElevatedDiagnostics
2013-12-22 17:56 . 2013-12-22 17:56 -------- d-----w- C:\@RestoreQuarantine
2013-12-22 17:44 . 2013-12-22 17:44 -------- d-----w- c:\windows\Migration
2013-12-22 15:57 . 2013-12-22 17:58 -------- d-----w- c:\programdata\RegRun
2013-12-22 15:57 . 2013-12-22 15:57 2 --shatr- c:\windows\winstart.bat
2013-12-22 15:57 . 2013-12-22 18:07 -------- d-----w- c:\program files\UnHackMe
2013-12-21 12:09 . 2013-12-22 18:27 -------- d-----w- C:\FRST
2013-12-12 21:45 . 2013-11-14 22:44 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2013-12-12 21:45 . 2013-11-14 22:43 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2013-12-12 21:45 . 2013-11-14 22:42 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-12-12 17:08 . 2013-10-30 00:35 2050560 ----a-w- c:\windows\system32\win32k.sys
2013-12-12 17:08 . 2013-10-30 02:12 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-12-12 17:08 . 2013-10-30 01:43 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-12 17:08 . 2013-10-30 00:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-12 17:08 . 2013-10-11 02:08 131072 ----a-w- c:\windows\system32\wshom.ocx
2013-12-12 17:08 . 2013-10-11 00:35 155648 ----a-w- c:\windows\system32\wscript.exe
2013-12-12 17:08 . 2013-10-22 07:19 158208 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-12 17:08 . 2013-10-11 02:08 36864 ----a-w- c:\windows\system32\wshcon.dll
2013-12-12 17:08 . 2013-10-11 02:08 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-12-12 17:08 . 2013-10-11 00:35 135168 ----a-w- c:\windows\system32\cscript.exe
2013-12-06 09:28 . 2013-10-19 08:23 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4A5F2136-6622-428F-8C86-5DBED0E4ED05}\gapaengine.dll
2013-12-04 15:30 . 2013-12-04 15:30 -------- d-----w- c:\program files\AGEIA Technologies
2013-12-04 15:25 . 2013-11-14 11:57 15862272 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-12-04 15:25 . 2013-11-14 11:57 9619872 ----a-w- c:\windows\system32\nvopencl.dll
2013-12-04 15:25 . 2013-11-14 11:57 22951200 ----a-w- c:\windows\system32\nvoglv32.dll
2013-12-04 15:25 . 2013-11-14 11:57 10446112 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-12-04 15:25 . 2013-11-14 11:57 893728 ----a-w- c:\windows\system32\nvdispgenco3233182.dll
2013-12-04 15:25 . 2013-11-14 11:57 2947872 ----a-w- c:\windows\system32\nvcuvid.dll
2013-12-04 15:25 . 2013-11-14 11:57 1049888 ----a-w- c:\windows\system32\nvdispco3233182.dll
2013-12-04 15:25 . 2013-11-14 11:57 9663656 ----a-w- c:\windows\system32\nvcuda.dll
2013-12-04 15:25 . 2013-11-14 11:57 2747680 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-12-04 15:24 . 2013-11-14 11:57 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
2013-12-02 11:51 . 2013-12-02 11:51 -------- d-----w- c:\program files\Application Verifier
2013-12-02 11:51 . 2013-12-02 11:51 -------- d-----w- c:\program files\Windows Kits
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 10:21 . 2012-04-04 13:03 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-14 11:57 . 2007-07-06 13:15 15218504 ----a-w- c:\windows\system32\nvd3dum.dll
2013-11-14 11:57 . 2007-07-06 13:15 2697248 ----a-w- c:\windows\system32\nvapi.dll
2013-11-11 14:26 . 2007-07-06 13:15 4321056 ----a-w- c:\windows\system32\nvcpl.dll
2013-11-11 14:26 . 2007-07-06 13:15 3036960 ----a-w- c:\windows\system32\nvsvc.dll
2013-11-11 14:26 . 2012-04-04 17:14 664352 ----a-w- c:\windows\system32\nvvsvc.exe
2013-11-11 14:26 . 2012-04-04 17:14 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-11-11 14:26 . 2012-04-04 17:14 2555168 ----a-w- c:\windows\system32\nvsvcr.dll
2013-11-11 14:26 . 2007-07-06 13:15 209184 ----a-w- c:\windows\system32\nvmctray.dll
2013-10-30 02:13 . 2006-11-02 10:25 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-19 08:23 . 2012-04-28 09:11 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-11 02:08 . 2013-11-13 14:28 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-11 02:07 . 2013-11-13 14:28 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-08 07:50 . 2013-11-05 17:54 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-03 12:45 . 2013-11-13 14:28 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 12:45 . 2013-11-13 14:28 993792 ----a-w- c:\windows\system32\crypt32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 15:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 15:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 15:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 15:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 15:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 15:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"D-Link D-Link Wireless N DWA-140"="c:\program files\D-Link\DWA-140 revB\AirNCFG.exe" [2010-06-30 1024000]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-03-29 11930696]
.
c:\users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Homestream.lnk - c:\program files\Homestream\bin\HomestreamConsole.exe [2012-5-25 290816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TVMOBiLiArtworkManager.lnk - c:\program files\TVMOBiLi\bin\iTunesAlbumArtGenerator.exe "/path:c:\programdata\TVMOBiLi\cache" [2013-1-30 67584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
"HideSCAHealth"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-09-04 01:43 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]
2007-06-27 09:18 215256 ----a-w- c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 23:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 02:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
2013-03-29 09:57 11930696 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2013-11-24 13:55 5955072 ----a-w- c:\users\Rob\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2013-11-24 13:55 1168896 ----a-w- c:\users\Rob\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
rsmsvcs REG_MULTI_SZ   ntmssvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 10:27 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-28 16:36]
.
2013-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-28 16:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.thetechguys.com/welcome
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MSConfigStartUp-DivXMediaServer - c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
AddRemove-Debut - c:\program files\NCH Software\Debut\debut.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-30 11:10
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DSFKSVCS\MofImagePath]
.
.
Completion time: 2013-12-30  11:12:57
ComboFix-quarantined-files.txt  2013-12-30 11:12
.
Pre-Run: 162,116,153,344 bytes free
Post-Run: 162,260,336,640 bytes free
.
- - End Of File - - 9A5A1BE0ABD9FE89416D3DB8A17BCBA7
5C616939100B85E558DA92B899A0FC36


#12 robpetcro

robpetcro
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 30 December 2013 - 08:52 AM

I've rebooted, minor points - side panel does not load and MSE has to be loaded manually, still no network and now I can only get a restore point on day of incident so obviously not going to even try that! Rob



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:25 AM

Posted 30 December 2013 - 10:18 PM





Hello robpetcro

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
  • •Internet access
    •Windows Update
    •Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.


--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from MBAR and Roguekiller and also let me know how the computer is doing at this time.

Gringo






When you are complete please send me both reports

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 robpetcro

robpetcro
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 31 December 2013 - 06:12 PM

Its like colonic irrigation for pc's! Logs attached, I just tried system restore using todays checkpoint but still not working and no network. Rob

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.0.6002 Windows Vista Service Pack 2 x86
 
Account is Administrative
 
Internet Explorer version: 9.0.8112.16421
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED, S:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 2144817152, free: 476454912
 
Downloaded database version: v2013.12.31.03
Downloaded database version: v2013.12.18.01
Initializing...
======================
------------ Kernel report ------------
     12/31/2013 09:38:45
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\DRIVERS\dsfksvcs.sys
\SystemRoot\system32\DRIVERS\DSFOleaut32.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\dsfroot.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\e1e6032.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\IntelDH.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\debutfilterx86.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\anodlwf.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\dc3d.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\NuidFltr.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\DRIVERS\nmsunidr.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\Windows\system32\Drivers\SBKUPNT.SYS
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\Dnetr28u.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xffffffff87f54030
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000074\
Lower Device Object: 0xffffffff87eee030
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff87eed8e8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000073\
Lower Device Object: 0xffffffff87eefcb8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff87eef618
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000072\
Lower Device Object: 0xffffffff87eee9a0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff87eef030
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000071\
Lower Device Object: 0xffffffff87ef0cb8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff86d15258
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xffffffff84c3e028
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86d15ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff85a83028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff86d15258, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86e18d18, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86d15258, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff84c3e028, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86d15ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86d157b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86d15ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff85a83028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2F159D44
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 625137664
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 320072933376 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 313CBE4F
 
Partition information:
 
    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 11264000
 
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 11266048  Numsec = 3072000
    Partition is not bootable
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 14338048  Numsec = 610801664
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 320072933376 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff87eef030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87eee4a8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87eef030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff87ef0cb8, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff87eef618, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87eed020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87eef618, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff87eee9a0, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff87eed8e8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87eed568, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87eed8e8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff87eefcb8, DeviceName: \Device\00000073\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xffffffff87f54030, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87f54cb0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87f54030, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff87eee030, DeviceName: \Device\00000074\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_1_1_11266048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removal finished
 
 
 
 
RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Rob [Admin rights]
Mode : Remove -- Date : 12/31/2013 10:20:54
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 3 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 2010-fr.com # hosts anti-adware / pups
127.0.0.1 2012-new.biz # hosts anti-adware / pups
127.0.0.1 212link.com # hosts anti-adware / pups
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
127.0.0.1 24h00business.com # hosts anti-adware / pups
127.0.0.1 a.adorika.net # hosts anti-adware / pups
127.0.0.1 a.ad-sys.com # hosts anti-adware / pups
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
127.0.0.1 ad.adn360.com # hosts anti-adware / pups
127.0.0.1 adeartss.eu # hosts anti-adware / pups
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
127.0.0.1 adm.soft365.com # hosts anti-adware / pups
127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups
127.0.0.1 ads.aff.co # hosts anti-adware / pups
[...]
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200AVVS-63L2B0 +++++
--- User ---
[MBR] 985dd14ff506b848b8a5c09cad41527e
[BSP] de17665fb329afe495a8dc3c00a30515 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) Hitachi HDT725032VLA360 +++++
--- User ---
[MBR] ffecb69a73087b9eff298ab7a48d8598
[BSP] 4b85497f3a875f3a44e146a9995db098 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 5500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 11266048 | Size: 1500 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 14338048 | Size: 298243 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_12312013_102054.txt >>
RKreport[0]_S_12312013_101908.txt
 
 
 


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:25 AM

Posted 02 January 2014 - 01:19 PM


Hello



Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users