Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast Malicious URLs Continually being Blocked


  • This topic is locked This topic is locked
33 replies to this topic

#1 Yerer

Yerer

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 02 January 2014 - 05:25 PM

 

Avast keeps popping up with messages (several a minute) claiming that it blocked a malicious URL.

 

Under object different websites come up, which I won't post in case they are dangerous, although all of them end in /task/2000/. Under infection it says URL:Mal. All of them are coming from the process C:\Windows\system32\svchost.exe. I can take a screenshot if requested.

 

Earlier I ran Malwarebytes and it found some objects but didn't claim any were serious.

 

After the notifications started popping up the computer is sometimes slower, with chrome freezing, and sometimes on a restart nothing other than task manager will even open given 5-10 minutes.

Previous Thread: http://www.bleepingcomputer.com/forums/t/519311/malicious-urls-continually-blocked-by-avast/

 

Following steps 6, 7, and 8 as instructed by boopme.

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.7600.16968  BrowserJavaVersion: 10.45.2
Run by Sean at 17:19:06 on 2014-01-02
Microsoft Windows 7 Enterprise   6.1.7600.0.1252.1.1033.18.2996.1470 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Online Games Manager\ogmservice.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\CCM\CcmExec.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft Application Virtualization Client\sftdcc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Sean\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\puush\puush.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\mobsync.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mWinlogon: Userinit = c:\windows\system32\userinit.exe,"c:\program files\microsoft application virtualization client\sftdcc.exe",
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Google Update] "c:\users\sean\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Spotify Web Helper] "c:\users\sean\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [puush] c:\program files\puush\puush.exe
mRun: [SoftGridTray] "c:\program files\microsoft application virtualization client\SFTTray.exe" /autostart
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "c:\windows\system32\config\systemprofile\appdata\roaming\SearchProtect"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: ForceClassicControlPanel = dword:1
mPolicies-Explorer: DisablePersonalDirChange = dword:1
mPolicies-Explorer: NoAutorun = dword:1
mPolicies-Explorer: AlwaysShowClassicMenu = dword:1
mPolicies-Explorer: DisallowCpl = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: nfuse1
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://intercall.webex.com/client/T27L10NSP21/webex/ieatgpc1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpn.urbn.com/dana-cached/sc/JuniperSetupClient.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928
TCP: NameServer = 192.168.1.1 71.250.0.12
TCP: Interfaces\{2226BABF-8D5F-41DA-BAD5-689673932CAB} : DHCPNameServer = 192.168.1.1 71.250.0.12
TCP: Interfaces\{2226BABF-8D5F-41DA-BAD5-689673932CAB}\354716A7E65647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2226BABF-8D5F-41DA-BAD5-689673932CAB}\84F4D454D264142423 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2226BABF-8D5F-41DA-BAD5-689673932CAB}\A6F656D2D6F62696C656 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{2226BABF-8D5F-41DA-BAD5-689673932CAB}\A6F656F537F6574786 : DHCPNameServer = 71.242.0.12 71.252.0.12 192.168.15.10
TCP: Interfaces\{2226BABF-8D5F-41DA-BAD5-689673932CAB}\A6F656F537F6574786F5537686A7 : DHCPNameServer = 71.242.0.12 71.252.0.12 192.168.15.10
TCP: Interfaces\{2226BABF-8D5F-41DA-BAD5-689673932CAB}\C616772756E63656C6962627162797 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2226BABF-8D5F-41DA-BAD5-689673932CAB}\D496649643632303C402A45647071636B6024454735302355636572756 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sean\appdata\roaming\mozilla\firefox\profiles\xx7xh2tx.default\
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\users\sean\appdata\local\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\users\sean\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-8-31 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-8-31 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-8-31 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-8-31 369584]
R1 TmLwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2011-7-19 146960]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-8-31 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-8-31 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-8-31 46808]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2010-12-15 198000]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-1-1 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-1-1 701512]
R2 ogmservice;Online Games Manager;c:\program files\online games manager\ogmservice.exe [2013-8-8 559552]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2011-4-8 48640]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2011-4-8 49152]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-2-12 483688]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-7-23 57424]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2011-7-19 283152]
R2 uvnc_service;uvnc_service;c:\program files\ultravnc\winvnc.exe [2011-4-7 1795832]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-4-8 215208]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-4-8 132480]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-4-7 269824]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [2012-7-20 34432]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-1-1 22856]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2012-7-20 25088]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2011-4-8 6114816]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-2-12 550760]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-2-12 195944]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-2-12 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-2-12 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-2-12 209768]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2011-4-8 38912]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-12-24 245760]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TmPfw;OfficeScan NT Firewall;"c:\program files\trend micro\officescan client\tmpfw.exe" --> c:\program files\trend micro\officescan client\TmPfw.exe [?]
S3 TmProxy;OfficeScan NT Proxy Service;"c:\program files\trend micro\officescan client\tmproxy.exe" --> c:\program files\trend micro\officescan client\TmProxy.exe [?]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-4 1343400]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\razer\razer game booster\driver\WinRing0.sys [2012-11-13 14416]
.
=============== Created Last 30 ================
.
2014-01-01 06:24:59 -------- d-----w- c:\users\sean\appdata\roaming\Malwarebytes
2014-01-01 06:23:52 -------- d-----w- c:\programdata\Malwarebytes
2014-01-01 06:23:51 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-01 06:23:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-31 22:03:43 98304 ----a-r- c:\users\sean\appdata\roaming\microsoft\installer\{3577e42b-3347-4eb8-bfda-d36e8ed3c519}\icons.exe
2013-12-29 23:35:14 -------- d-----w- c:\programdata\Game House
2013-12-29 23:35:02 -------- d-----w- c:\program files\Online Games Manager
2013-12-29 23:34:56 -------- d-----w- c:\programdata\Trymedia
2013-12-29 23:34:29 -------- d-----w- C:\GameHouse Games
2013-12-29 23:32:10 -------- d-----w- c:\program files\RealArcade
2013-12-24 19:36:24 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6ca1842e-fc89-4c08-b884-4d0d6f02bd09}\offreg.dll
2013-12-24 19:35:29 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6ca1842e-fc89-4c08-b884-4d0d6f02bd09}\mpengine.dll
2013-12-23 05:48:31 -------- d-----w- c:\programdata\Conduit
2013-12-23 05:48:30 -------- d-----w- c:\users\sean\appdata\local\Conduit
2013-12-23 05:48:17 -------- d-----w- c:\program files\Conduit
2013-12-18 02:24:36 -------- d-----w- c:\programdata\boost_interprocess
2013-12-18 02:24:20 -------- d-----w- c:\users\sean\appdata\roaming\DogeCoin
.
==================== Find3M  ====================
.
2013-10-27 20:22:01 231760 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2013-10-08 11:50:41 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 17:19:49.96 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 AM

Posted 07 January 2014 - 05:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/519406 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Yerer

Yerer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 08 January 2014 - 06:43 PM

I do not believe that I still have the original windows CD

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.7600.16968  BrowserJavaVersion: 10.45.2
Run by Sean at 18:39:58 on 2014-01-08
Microsoft Windows 7 Enterprise   6.1.7600.0.1252.1.1033.18.2996.1380 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Online Games Manager\ogmservice.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\CCM\CcmExec.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft Application Virtualization Client\sftdcc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Sean\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\puush\puush.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Python27\pythonw.exe
C:\Python27\pythonw.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mWinlogon: Userinit = c:\windows\system32\userinit.exe,"c:\program files\microsoft application virtualization client\sftdcc.exe",
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Google Update] "c:\users\sean\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Spotify Web Helper] "c:\users\sean\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [puush] c:\program files\puush\puush.exe
uRun: [Facebook Update] "c:\users\sean\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_8_800_168_Plugin.exe -update plugin
mRun: [SoftGridTray] "c:\program files\microsoft application virtualization client\SFTTray.exe" /autostart
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "c:\windows\system32\config\systemprofile\appdata\roaming\SearchProtect"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: ForceClassicControlPanel = dword:1
mPolicies-Explorer: DisablePersonalDirChange = dword:1
mPolicies-Explorer: NoAutorun = dword:1
mPolicies-Explorer: AlwaysShowClassicMenu = dword:1
mPolicies-Explorer: DisallowCpl = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: nfuse1
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://intercall.webex.com/client/T27L10NSP21/webex/ieatgpc1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpn.urbn.com/dana-cached/sc/JuniperSetupClient.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928
TCP: NameServer = 192.168.1.1 71.250.0.12
TCP: Interfaces\{2226BABF-8D5F-41DA-BAD5-689673932CAB} : DHCPNameServer = 192.168.1.1 71.250.0.12
TCP: Interfaces\{2226BABF-8D5F-41DA-BAD5-689673932CAB}\354716A7E65647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2226BABF-8D5F-41DA-BAD5-689673932CAB}\84F4D454D264142423 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2226BABF-8D5F-41DA-BAD5-689673932CAB}\A6F656D2D6F62696C656 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{2226BABF-8D5F-41DA-BAD5-689673932CAB}\A6F656F537F6574786 : DHCPNameServer = 71.242.0.12 71.252.0.12 192.168.15.10
TCP: Interfaces\{2226BABF-8D5F-41DA-BAD5-689673932CAB}\A6F656F537F6574786F5537686A7 : DHCPNameServer = 71.242.0.12 71.252.0.12 192.168.15.10
TCP: Interfaces\{2226BABF-8D5F-41DA-BAD5-689673932CAB}\C616772756E63656C6962627162797 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2226BABF-8D5F-41DA-BAD5-689673932CAB}\D496649643632303C402A45647071636B6024454735302355636572756 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sean\appdata\roaming\mozilla\firefox\profiles\xx7xh2tx.default\
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\users\sean\appdata\local\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\users\sean\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-8-31 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-8-31 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-8-31 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-8-31 410528]
R1 TmLwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2011-7-19 146960]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-8-31 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-1-2 50344]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2010-12-15 198000]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-1-1 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-1-1 701512]
R2 ogmservice;Online Games Manager;c:\program files\online games manager\ogmservice.exe [2013-8-8 559552]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2011-4-8 48640]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2011-4-8 49152]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-2-12 483688]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-7-23 57424]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2011-7-19 283152]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2014-1-2 64168]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-4-8 215208]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-4-8 132480]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-4-7 269824]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [2012-7-20 34432]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-1-1 22856]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2012-7-20 25088]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2011-4-8 6114816]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-2-12 550760]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-2-12 195944]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-2-12 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-2-12 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-2-12 209768]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2011-4-8 38912]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-12-24 245760]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TmPfw;OfficeScan NT Firewall;"c:\program files\trend micro\officescan client\tmpfw.exe" --> c:\program files\trend micro\officescan client\TmPfw.exe [?]
S3 TmProxy;OfficeScan NT Proxy Service;"c:\program files\trend micro\officescan client\tmproxy.exe" --> c:\program files\trend micro\officescan client\TmProxy.exe [?]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-4 1343400]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\razer\razer game booster\driver\WinRing0.sys [2012-11-13 14416]
.
=============== Created Last 30 ================
.
2014-01-08 22:57:46 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0e1068c8-7bdc-44d8-aff3-d68ba8aa7f29}\offreg.dll
2014-01-08 22:57:01 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0e1068c8-7bdc-44d8-aff3-d68ba8aa7f29}\mpengine.dll
2014-01-06 02:17:27 -------- d-----w- c:\users\sean\appdata\local\Facebook
2014-01-03 06:38:19 -------- d-----w- c:\users\sean\appdata\local\Macromedia
2014-01-03 04:01:40 -------- d-----w- c:\users\sean\appdata\roaming\AVAST Software
2014-01-03 03:54:27 64168 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-01-01 06:24:59 -------- d-----w- c:\users\sean\appdata\roaming\Malwarebytes
2014-01-01 06:23:52 -------- d-----w- c:\programdata\Malwarebytes
2014-01-01 06:23:51 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-01 06:23:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-31 22:03:43 98304 ----a-r- c:\users\sean\appdata\roaming\microsoft\installer\{3577e42b-3347-4eb8-bfda-d36e8ed3c519}\icons.exe
2013-12-29 23:35:14 -------- d-----w- c:\programdata\Game House
2013-12-29 23:35:02 -------- d-----w- c:\program files\Online Games Manager
2013-12-29 23:34:56 -------- d-----w- c:\programdata\Trymedia
2013-12-29 23:34:29 -------- d-----w- C:\GameHouse Games
2013-12-29 23:32:10 -------- d-----w- c:\program files\RealArcade
2013-12-23 05:48:31 -------- d-----w- c:\programdata\Conduit
2013-12-23 05:48:30 -------- d-----w- c:\users\sean\appdata\local\Conduit
2013-12-23 05:48:17 -------- d-----w- c:\program files\Conduit
2013-12-18 02:24:36 -------- d-----w- c:\programdata\boost_interprocess
2013-12-18 02:24:20 -------- d-----w- c:\users\sean\appdata\roaming\DogeCoin
.
==================== Find3M  ====================
.
2014-01-03 03:54:20 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-01-03 03:54:20 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-03 03:54:20 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-03 03:54:20 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-03 03:54:20 43152 ----a-w- c:\windows\avastSS.scr
2014-01-03 03:54:20 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-10-27 20:22:01 231760 ----a-w- c:\windows\system32\drivers\truecrypt.sys
.
============= FINISH: 18:40:39.02 ===============
 

Attached Files



#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 AM

Posted 08 January 2014 - 08:35 PM

Hello, Yerer.
My name is etavares and I will be helping you with this log.
 
Here are some guidelines to ensure we are able to get your machine back under your control.
 
  • Please do not run any unsupervised scans, fixes, etc.  We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so.  Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned.  Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first.  There's no harm in asking questions!
  •  
     
     
    Step 1
     
    Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.
  •  
     
     
    Step 2
     
    Please download Farbar Recovery Scan Tool and save it to a flash drive.
     
    Plug the flashdrive into the infected PC.
     
    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.
     
    If you are using Vista or Windows 7 enter System Recovery Options
     
    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  •  
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  •  
    On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
     
    Select Command Prompt
     
    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64)  and press Enter 
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  •  
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #5 Yerer

    Yerer
    • Topic Starter

    • Members
    • 19 posts
    • OFFLINE
    •  
    • Local time:02:54 AM

    Posted 08 January 2014 - 09:59 PM

    In regards to Step 1, I did not see a Search button, I assumed that Scan was the same thing, so I pressed that. It gave me the option to remove some things, but I declined. After Step 2, when I first restarted my computer, it shut down right after I logged in giving the prompt of something along the lines of "Windows must now shutdown because the DCOM unexpectedly quit." This has happened to me before but I believe it had a different prompt, something with plug and play.

     

    # AdwCleaner v3.016 - Report created 08/01/2014 at 21:40:03
    # Updated 23/12/2013 by Xplode
    # Operating System : Windows 7 Enterprise  (32 bits)
    # Username : Sean - LENOVO
    # Running from : C:\Users\Sean\Desktop\AdwCleaner.exe
    # Option : Scan
     
    ***** [ Services ] *****
     
     
    ***** [ Files / Folders ] *****
     
    File Found : C:\END
    Folder Found C:\Program Files\Conduit
    Folder Found C:\ProgramData\Ask
    Folder Found C:\ProgramData\boost_interprocess
    Folder Found C:\ProgramData\Conduit
    Folder Found C:\ProgramData\Trymedia
    Folder Found C:\Users\Administrator\AppData\Local\NativeMessaging
    Folder Found C:\Users\Administrator\AppData\Local\Searchprotect
    Folder Found C:\Users\Administrator\AppData\LocalLow\Conduit
    Folder Found C:\Users\Sean\AppData\Local\apn
    Folder Found C:\Users\Sean\AppData\Local\Conduit
    Folder Found C:\Users\Sean\AppData\Local\Temp\AskSearch
    Folder Found C:\Users\Sean\AppData\Local\Temp\NativeMessaging
    Folder Found C:\Users\Sean\AppData\LocalLow\Conduit
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
    Key Found : HKCU\Software\APN PIP
    Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainer
    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Found : HKCU\Software\AppDataLow\Software\SmartBar
    Key Found : HKCU\Software\AppDataLow\Toolbar
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\PIP
    Key Found : HKCU\Software\Softonic
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\Software\InstallIQ
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_game-booster_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_game-booster_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\BackgroundContainer Startup Task
    Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC263028-5D21-42F5-AF8A-A46B82815365}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC263028-5D21-42F5-AF8A-A46B82815365}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\Software\PIP
    Key Found : HKLM\Software\SearchProtect
    Key Found : HKLM\Software\Trymedia Systems
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v8.0.7600.16968
     
     
    -\\ Mozilla Firefox v4.0 (en-US)
     
    [ File : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\xx7xh2tx.default\prefs.js ]
     
     
    [ File : C:\Users\beasleyj1\AppData\Roaming\Mozilla\Firefox\Profiles\prgszm68.default\prefs.js ]
     
     
    -\\ Google Chrome v
     
    [ File : C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\preferences ]
     
     
    *************************
     
    AdwCleaner[R0].txt - [4952 octets] - [08/01/2014 21:40:03]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5012 octets] ##########
     
     
     
     
     
     

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-01-2014 01
    Ran by SYSTEM on MININT-0S4DQG0 on 08-01-2014 21:50:50
    Running from F:\
    Windows 7 Enterprise (X86) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Recovery
     
    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
     
     
    ==================== Registry (Whitelisted) ==================
     
    HKLM\...\Run: [SoftGridTray] - C:\Program Files\Microsoft Application Virtualization Client\sfttray.exe [807272 2010-02-12] (Microsoft Corporation)
    HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe [35736 2010-11-10] (Adobe Systems Incorporated)
    HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-10] (Adobe Systems Incorporated)
    HKLM\...\Run: [OfficeScanNT Monitor] - "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
    HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
    HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
    HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2200872 2011-02-17] (Synaptics Incorporated)
    HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
    HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-02] (AVAST Software)
    HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,"C:\Program Files\Microsoft Application Virtualization Client\sftdcc.exe",
    HKU\beasleyj1\...\Run: [OfficeSyncProcess] - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [ 2010-03-15] (Microsoft Corporation)
    HKU\loidolts1\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [ 2010-11-29] (Apple Inc.)
    HKU\Sean\...\Run: [Google Update] - C:\Users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe [ 2012-06-09] (Google Inc.)
    HKU\Sean\...\Run: [Spotify Web Helper] - C:\Users\Sean\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [ 2013-12-21] (Spotify Ltd)
    HKU\Sean\...\Run: [puush] - C:\Program Files\puush\puush.exe [ 2013-10-13] ()
    HKU\Sean\...\Run: [Facebook Update] - C:\Users\Sean\AppData\Local\Facebook\Update\FacebookUpdate.exe [ 2014-01-05] (Facebook Inc.)
    HKU\Sean\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_8_800_168_Plugin.exe [ 2013-09-30] (Adobe Systems Incorporated)
    Startup: C:\Users\beasleyj1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
     
    ========================== Services (Whitelisted) =================
     
    S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-02] (AVAST Software)
    S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
    S2 CcmExec; C:\Windows\system32\CCM\CcmExec.exe [764768 2009-09-18] (Microsoft Corporation)
    S2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [664944 2011-03-16] (Juniper Networks)
    S2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [198000 2010-12-15] (Juniper Networks)
    S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    S2 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [559552 2013-08-08] (RealNetworks, Inc.)
    S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
    S3 smstsmgr; C:\Windows\system32\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
    S3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [345424 2010-06-14] (Trend Micro Inc.)
    S2 ntrtscan; "C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe" [x]
    S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]
    S2 tmlisten; "C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe" [x]
    S3 TmPfw; "C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe" [x]
    S3 TmProxy; "C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe" [x]
     
    ==================== Drivers (Whitelisted) ====================
     
    S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-01-02] (AVAST Software)
    S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2014-01-02] (AVAST Software)
    S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-01-02] ()
    S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-01-02] (AVAST Software)
    S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410528 2014-01-02] (AVAST Software)
    S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-01-02] (AVAST Software)
    S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-12-19] (AVAST Software)
    S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [180248 2014-01-02] ()
    S3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2011-03-16] (Juniper Networks)
    S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-07-20] (ManyCam LLC)
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
    S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [25088 2012-07-20] (ManyCam LLC)
    S2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
    S3 prepdrvr; C:\Windows\system32\CCM\prepdrv.sys [20848 2009-09-18] (Microsoft Corporation)
    S2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [49152 2009-10-29] (REDC)
    S2 rixdpcie; C:\Windows\System32\DRIVERS\rixdpe86.sys [38912 2009-09-28] (REDC)
    S2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [67664 2010-06-14] (Trend Micro Inc.)
    S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [177232 2010-06-14] (Trend Micro Inc.)
    S2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [57424 2010-06-14] (Trend Micro Inc.)
    S1 TmLwf; C:\Windows\System32\DRIVERS\tmlwf.sys [146960 2010-04-24] (Trend Micro Inc.)
    S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [90256 2010-04-24] (Trend Micro Inc.)
    S2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [283152 2010-04-24] (Trend Micro Inc.)
    S3 WinRing0_1_2_0; C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys [14416 2012-11-13] (OpenLibSys.org)
    S2 TmFilter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys [x]
    S2 TmPreFilter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys [x]
    S5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()
    S2 VSApiNt; \??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys [x]
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    ==================== One Month Created Files and Folders ========
     
    2014-01-08 21:50 - 2014-01-08 21:50 - 00000000 ____D C:\FRST
    2014-01-08 18:44 - 2014-01-08 18:44 - 01065947 _____ (Farbar) C:\Users\Sean\Downloads\FRST.exe
    2014-01-08 18:39 - 2014-01-08 18:40 - 00000000 ____D C:\AdwCleaner
    2014-01-08 18:39 - 2014-01-08 18:39 - 01233962 _____ C:\Users\Sean\Desktop\AdwCleaner.exe
    2014-01-07 18:46 - 2014-01-07 18:46 - 00222024 _____ C:\Windows\Minidump\010714-18876-01.dmp
    2014-01-05 18:17 - 2014-01-05 18:17 - 00501248 _____ (Facebook Inc.) C:\Users\Sean\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
    2014-01-05 18:17 - 2014-01-05 18:17 - 00000000 ____D C:\Users\Sean\AppData\Local\Facebook
    2014-01-04 21:39 - 2014-01-04 22:22 - 583488186 _____ C:\Users\Sean\Downloads\Watch playnow Spring breakers 2012 720p x264 mp4 mp4.mp4.crdownload
    2014-01-04 21:24 - 2014-01-04 21:35 - 14224928 _____ C:\Users\Sean\Downloads\SpringBreakers2012BRRipXviD-S4Aavi  PutLocker.flv
    2014-01-02 22:38 - 2014-01-02 22:38 - 00000000 ____D C:\Users\Sean\AppData\Local\Macromedia
    2014-01-02 20:01 - 2014-01-02 20:01 - 00000000 ____D C:\Users\Sean\AppData\Roaming\AVAST Software
    2014-01-02 19:54 - 2014-01-02 21:06 - 00064168 _____ (AVAST Software) C:\Windows\System32\Drivers\aswstm.sys
    2014-01-02 19:54 - 2014-01-02 19:54 - 00002053 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-01-02 19:41 - 2014-01-02 19:42 - 08459811 _____ C:\Users\Sean\Downloads\The Family Dance.mp4
    2014-01-02 14:20 - 2014-01-08 15:43 - 00015012 _____ C:\Users\Sean\Desktop\attach.txt
    2014-01-02 14:20 - 2014-01-08 15:40 - 00017018 _____ C:\Users\Sean\Desktop\dds.txt
    2014-01-02 14:17 - 2014-01-02 14:18 - 00688992 ____R (Swearware) C:\Users\Sean\Desktop\dds.com
    2014-01-01 15:14 - 2014-01-01 15:14 - 00235008 _____ C:\Windows\Minidump\010114-16036-01.dmp
    2014-01-01 12:29 - 2014-01-07 18:46 - 423165481 _____ C:\Windows\MEMORY.DMP
    2014-01-01 12:29 - 2014-01-07 18:46 - 00000000 ____D C:\Windows\Minidump
    2014-01-01 12:29 - 2014-01-01 12:29 - 00222024 _____ C:\Windows\Minidump\010114-17877-01.dmp
    2013-12-31 22:24 - 2013-12-31 22:24 - 00000000 ____D C:\Users\Sean\AppData\Roaming\Malwarebytes
    2013-12-31 22:23 - 2013-12-31 22:23 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Sean\Downloads\mbam-setup-1.75.0.1300.exe
    2013-12-31 22:23 - 2013-12-31 22:23 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-12-31 22:23 - 2013-12-31 22:23 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-12-31 22:23 - 2013-12-31 22:23 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2013-12-31 22:23 - 2013-04-04 11:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-12-31 22:21 - 2013-12-31 22:21 - 00028672 _____ C:\Windows\System32\qwhp.iji
    2013-12-31 22:09 - 2014-01-08 18:37 - 00000083 _____ C:\Windows\System32\mjdq.ucm
    2013-12-31 21:59 - 2013-12-31 22:21 - 00000097 _____ C:\Windows\System32\uytnrx.bvt
    2013-12-31 21:59 - 2013-12-31 21:59 - 00000064 _____ C:\Windows\System32\axyfyhs.esf
    2013-12-31 21:44 - 2013-12-31 21:44 - 00101213 ____S C:\Windows\System32\yowb.sbs
    2013-12-31 14:03 - 2013-12-31 14:14 - 00000000 ____D C:\Users\Sean\AppData\Local\Apps\Windows 7 USB DVD Download Tool
    2013-12-31 14:03 - 2013-12-31 14:03 - 00969504 _____ (Microsoft Corporation) C:\Users\Sean\Downloads\Windows7-USB-DVD-tool.exe
    2013-12-30 23:22 - 2013-12-30 23:23 - 2147483648 _____ C:\Users\Sean\Downloads\nerdlet
    2013-12-30 20:08 - 2013-12-30 20:08 - 00000000 ____D C:\ProgramData\Package Cache
    2013-12-30 20:08 - 2010-06-02 01:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
    2013-12-30 20:08 - 2010-06-02 01:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
    2013-12-30 20:08 - 2010-06-02 01:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
    2013-12-30 20:08 - 2010-05-26 08:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
    2013-12-30 20:08 - 2010-05-26 08:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
    2013-12-30 20:08 - 2010-05-26 08:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
    2013-12-30 20:08 - 2010-05-26 08:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
    2013-12-30 20:08 - 2010-05-26 08:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
    2013-12-30 20:08 - 2009-09-04 14:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
    2013-12-30 20:08 - 2009-09-04 14:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
    2013-12-30 20:08 - 2009-09-04 14:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
    2013-12-30 20:08 - 2009-09-04 14:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
    2013-12-30 20:08 - 2009-09-04 14:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
    2013-12-30 20:08 - 2009-09-04 14:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
    2013-12-30 20:08 - 2009-09-04 14:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
    2013-12-30 20:08 - 2009-09-04 14:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
    2013-12-30 20:08 - 2008-10-27 07:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
    2013-12-30 20:08 - 2008-10-27 07:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
    2013-12-30 20:08 - 2008-10-27 07:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
    2013-12-30 20:08 - 2008-10-27 07:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
    2013-12-30 20:08 - 2008-07-31 07:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
    2013-12-30 20:08 - 2008-07-31 07:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
    2013-12-30 20:08 - 2008-07-31 07:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
    2013-12-29 15:35 - 2013-12-29 15:35 - 00000000 ____D C:\ProgramData\Game House
    2013-12-29 15:35 - 2013-12-29 15:35 - 00000000 ____D C:\Program Files\Online Games Manager
    2013-12-29 15:34 - 2013-12-29 15:35 - 00000000 ____D C:\ProgramData\Trymedia
    2013-12-29 15:34 - 2013-12-29 15:34 - 00000000 ____D C:\GameHouse Games
    2013-12-29 15:32 - 2013-12-29 15:32 - 00000000 ____D C:\Program Files\RealArcade
    2013-12-29 14:11 - 2013-12-29 14:29 - 00000000 ____D C:\Users\Sean\Desktop\eulernew
    2013-12-25 21:26 - 2013-12-25 21:27 - 00229965 _____ C:\Users\Sean\Downloads\fvd_single.2.0.8.crx
    2013-12-25 13:05 - 2013-12-25 13:05 - 00657408 _____ C:\Users\Sean\Downloads\MicrosoftFixit50465.msi
    2013-12-24 21:23 - 2009-03-16 11:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
    2013-12-24 21:23 - 2009-03-16 11:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
    2013-12-24 21:23 - 2009-03-16 11:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
    2013-12-24 21:23 - 2009-03-09 12:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
    2013-12-24 21:23 - 2009-03-09 12:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
    2013-12-24 21:23 - 2008-10-15 03:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
    2013-12-24 21:23 - 2008-10-15 03:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
    2013-12-24 21:23 - 2008-05-30 11:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
    2013-12-24 21:23 - 2008-05-30 11:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
    2013-12-24 21:23 - 2008-05-30 11:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
    2013-12-24 21:23 - 2008-05-30 11:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
    2013-12-24 21:23 - 2008-05-30 11:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
    2013-12-24 21:23 - 2008-05-30 11:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
    2013-12-24 21:23 - 2008-05-30 11:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
    2013-12-24 21:23 - 2008-03-05 13:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
    2013-12-24 21:23 - 2008-03-05 13:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
    2013-12-24 21:23 - 2008-03-05 13:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
    2013-12-24 21:23 - 2008-03-05 12:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
    2013-12-24 21:23 - 2008-03-05 12:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
    2013-12-24 21:23 - 2008-02-05 20:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
    2013-12-24 21:23 - 2007-10-22 00:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll
    2013-12-24 21:23 - 2007-10-22 00:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll
    2013-12-24 21:23 - 2007-10-12 12:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll
    2013-12-24 21:23 - 2007-10-12 12:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll
    2013-12-24 21:23 - 2007-10-02 06:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll
    2013-12-24 21:23 - 2007-07-19 21:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll
    2013-12-24 21:23 - 2007-07-19 15:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_35.dll
    2013-12-24 21:23 - 2007-07-19 15:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll
    2013-12-24 21:23 - 2007-07-19 15:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll
    2013-12-24 21:23 - 2007-06-20 17:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll
    2013-12-24 21:23 - 2007-05-16 13:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll
    2013-12-24 21:23 - 2007-05-16 13:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll
    2013-12-24 21:23 - 2007-05-16 13:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll
    2013-12-24 21:23 - 2007-04-04 15:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
    2013-12-24 21:23 - 2007-03-15 13:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
    2013-12-24 21:23 - 2007-03-12 13:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
    2013-12-24 21:23 - 2007-03-05 09:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
    2013-12-24 21:23 - 2007-01-24 12:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
    2013-12-24 21:23 - 2006-12-08 09:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
    2013-12-24 21:23 - 2006-11-29 10:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
    2013-12-24 21:23 - 2006-11-29 10:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10.dll
    2013-12-24 21:23 - 2006-09-28 13:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll
    2013-12-24 21:23 - 2006-09-28 13:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
    2013-12-24 21:23 - 2006-07-28 06:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
    2013-12-24 21:23 - 2006-07-28 06:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
    2013-12-24 21:23 - 2006-05-31 04:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
    2013-12-24 21:23 - 2006-03-31 09:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
    2013-12-24 21:23 - 2006-03-31 09:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
    2013-12-24 21:23 - 2006-03-31 09:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
    2013-12-24 21:23 - 2006-02-03 05:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
    2013-12-24 21:23 - 2006-02-03 05:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
    2013-12-24 21:23 - 2006-02-03 05:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
    2013-12-24 21:23 - 2005-12-05 15:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
    2013-12-24 21:23 - 2005-07-22 16:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
    2013-12-24 21:23 - 2005-05-26 12:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll
    2013-12-24 21:23 - 2005-03-18 14:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
    2013-12-24 21:23 - 2005-02-05 16:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
    2013-12-24 09:41 - 2013-12-24 09:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\SearchProtect
    2013-12-22 21:48 - 2014-01-01 14:57 - 00000000 ____D C:\ProgramData\Conduit
    2013-12-22 21:48 - 2013-12-22 21:48 - 00000000 ____D C:\Users\Sean\AppData\Local\Conduit
    2013-12-22 21:48 - 2013-12-22 21:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\NativeMessaging
    2013-12-22 21:48 - 2013-12-22 21:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\CRE
    2013-12-22 21:48 - 2013-12-22 21:48 - 00000000 ____D C:\Program Files\Conduit
    2013-12-22 21:47 - 2013-12-22 21:48 - 00000009 _____ C:\END
    2013-12-22 21:47 - 2013-12-22 21:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
    2013-12-22 21:46 - 2013-12-22 21:46 - 00923784 _____ (CNET Download.com) C:\Users\Sean\Downloads\cbsidlm-cbsi145-Flash_Video_Downloader_for_Google_Chrome-SEO-75327988.exe
    2013-12-17 18:24 - 2013-12-20 12:53 - 00000000 ____D C:\Users\Sean\AppData\Roaming\DogeCoin
    2013-12-17 18:24 - 2013-12-20 12:40 - 00000000 ____D C:\ProgramData\boost_interprocess
    2013-12-15 16:27 - 2013-12-15 16:30 - 00000000 ____D C:\Users\Sean\Desktop\pyscript
    2013-12-11 18:06 - 2013-12-11 18:06 - 00182303 _____ C:\Users\Sean\Downloads\8_Test08_1998_81.djvu
    2013-12-11 18:06 - 2013-12-11 18:06 - 00162101 _____ C:\Users\Sean\Downloads\13_Test13_1998_73.djvu
    2013-12-11 18:06 - 2013-12-11 18:06 - 00162101 _____ C:\Users\Sean\Downloads\13_Test13_1998_73 (1).djvu
    2013-12-11 17:56 - 2013-12-11 17:56 - 00882176 _____ C:\Users\Sean\Downloads\Knight_ch05.ppt
    2013-12-11 17:56 - 2013-12-11 17:56 - 00659968 _____ C:\Users\Sean\Downloads\Knight_ch17.ppt
    2013-12-11 17:56 - 2013-12-11 17:56 - 00277504 _____ C:\Users\Sean\Downloads\Knight_ch01.ppt
    2013-12-11 16:42 - 2013-12-11 16:59 - 00005198 _____ C:\Users\Sean\Documents\numbers.txt
     
    ==================== One Month Modified Files and Folders =======
     
    2014-01-08 21:50 - 2014-01-08 21:50 - 00000000 ____D C:\FRST
    2014-01-08 18:47 - 2011-04-07 15:29 - 00265948 _____ C:\Windows\PFRO.log
    2014-01-08 18:47 - 2011-04-07 14:51 - 00002598 __RSH C:\ProgramData\ntuser.pol
    2014-01-08 18:47 - 2009-07-13 20:39 - 00105107 _____ C:\Windows\setupact.log
    2014-01-08 18:46 - 2012-06-09 05:23 - 00000000 ____D C:\Users\Sean\AppData\Roaming\SoftGrid Client
    2014-01-08 18:46 - 2011-04-08 03:44 - 01913857 _____ C:\Windows\WindowsUpdate.log
    2014-01-08 18:44 - 2014-01-08 18:44 - 01065947 _____ (Farbar) C:\Users\Sean\Downloads\FRST.exe
    2014-01-08 18:40 - 2014-01-08 18:39 - 00000000 ____D C:\AdwCleaner
    2014-01-08 18:39 - 2014-01-08 18:39 - 01233962 _____ C:\Users\Sean\Desktop\AdwCleaner.exe
    2014-01-08 18:37 - 2013-12-31 22:09 - 00000083 _____ C:\Windows\System32\mjdq.ucm
    2014-01-08 15:43 - 2014-01-02 14:20 - 00015012 _____ C:\Users\Sean\Desktop\attach.txt
    2014-01-08 15:40 - 2014-01-02 14:20 - 00017018 _____ C:\Users\Sean\Desktop\dds.txt
    2014-01-07 19:12 - 2013-11-28 07:12 - 00000000 ____D C:\Users\Sean\Desktop\Euler
    2014-01-07 19:03 - 2009-07-13 20:34 - 00015344 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-01-07 19:03 - 2009-07-13 20:34 - 00015344 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-01-07 18:57 - 2011-04-07 14:48 - 00000462 _____ C:\Windows\SMSCFG.ini
    2014-01-07 18:46 - 2014-01-07 18:46 - 00222024 _____ C:\Windows\Minidump\010714-18876-01.dmp
    2014-01-07 18:46 - 2014-01-01 12:29 - 423165481 _____ C:\Windows\MEMORY.DMP
    2014-01-07 18:46 - 2014-01-01 12:29 - 00000000 ____D C:\Windows\Minidump
    2014-01-06 21:15 - 2013-04-26 18:54 - 00000000 ____D C:\Users\Sean\AppData\Roaming\vlc
    2014-01-06 12:27 - 2012-10-15 12:15 - 00000000 ____D C:\Users\Sean\AppData\Roaming\Skype
    2014-01-05 18:17 - 2014-01-05 18:17 - 00501248 _____ (Facebook Inc.) C:\Users\Sean\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
    2014-01-05 18:17 - 2014-01-05 18:17 - 00000000 ____D C:\Users\Sean\AppData\Local\Facebook
    2014-01-05 11:04 - 2012-06-09 09:52 - 00000000 ____D C:\Program Files\Steam
    2014-01-04 22:22 - 2014-01-04 21:39 - 583488186 _____ C:\Users\Sean\Downloads\Watch playnow Spring breakers 2012 720p x264 mp4 mp4.mp4.crdownload
    2014-01-04 21:35 - 2014-01-04 21:24 - 14224928 _____ C:\Users\Sean\Downloads\SpringBreakers2012BRRipXviD-S4Aavi  PutLocker.flv
    2014-01-04 20:55 - 2012-11-01 16:20 - 00000000 ____D C:\Users\Sean\AppData\Roaming\Spotify
    2014-01-04 20:44 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
    2014-01-03 20:24 - 2012-11-01 16:21 - 00000000 ____D C:\Users\Sean\AppData\Local\Spotify
    2014-01-02 22:38 - 2014-01-02 22:38 - 00000000 ____D C:\Users\Sean\AppData\Local\Macromedia
    2014-01-02 21:06 - 2014-01-02 19:54 - 00064168 _____ (AVAST Software) C:\Windows\System32\Drivers\aswstm.sys
    2014-01-02 20:57 - 2011-04-07 14:57 - 00000000 ____D C:\Program Files\UltraVNC
    2014-01-02 20:01 - 2014-01-02 20:01 - 00000000 ____D C:\Users\Sean\AppData\Roaming\AVAST Software
    2014-01-02 19:54 - 2014-01-02 19:54 - 00002053 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-01-02 19:54 - 2013-08-31 20:22 - 00775952 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2014-01-02 19:54 - 2013-08-31 20:22 - 00410528 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2014-01-02 19:54 - 2013-08-31 20:22 - 00270240 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
    2014-01-02 19:54 - 2013-08-31 20:22 - 00180248 _____ C:\Windows\System32\Drivers\aswVmm.sys
    2014-01-02 19:54 - 2013-08-31 20:22 - 00079720 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
    2014-01-02 19:54 - 2013-08-31 20:22 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2014-01-02 19:54 - 2013-08-31 20:22 - 00049944 _____ C:\Windows\System32\Drivers\aswRvrt.sys
    2014-01-02 19:54 - 2013-08-31 20:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-01-02 19:44 - 2013-08-31 20:21 - 00000000 ____D C:\ProgramData\AVAST Software
    2014-01-02 19:43 - 2009-07-13 18:04 - 00002577 _____ C:\Windows\System32\config.nt
    2014-01-02 19:42 - 2014-01-02 19:41 - 08459811 _____ C:\Users\Sean\Downloads\The Family Dance.mp4
    2014-01-02 14:18 - 2014-01-02 14:17 - 00688992 ____R (Swearware) C:\Users\Sean\Desktop\dds.com
    2014-01-01 17:12 - 2011-03-04 16:49 - 00847832 _____ C:\Windows\System32\PerfStringBackup.INI
    2014-01-01 15:14 - 2014-01-01 15:14 - 00235008 _____ C:\Windows\Minidump\010114-16036-01.dmp
    2014-01-01 15:14 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Branding
    2014-01-01 14:57 - 2013-12-22 21:48 - 00000000 ____D C:\ProgramData\Conduit
    2014-01-01 12:29 - 2014-01-01 12:29 - 00222024 _____ C:\Windows\Minidump\010114-17877-01.dmp
    2013-12-31 22:24 - 2013-12-31 22:24 - 00000000 ____D C:\Users\Sean\AppData\Roaming\Malwarebytes
    2013-12-31 22:23 - 2013-12-31 22:23 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Sean\Downloads\mbam-setup-1.75.0.1300.exe
    2013-12-31 22:23 - 2013-12-31 22:23 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-12-31 22:23 - 2013-12-31 22:23 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-12-31 22:23 - 2013-12-31 22:23 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2013-12-31 22:21 - 2013-12-31 22:21 - 00028672 _____ C:\Windows\System32\qwhp.iji
    2013-12-31 22:21 - 2013-12-31 21:59 - 00000097 _____ C:\Windows\System32\uytnrx.bvt
    2013-12-31 21:59 - 2013-12-31 21:59 - 00000064 _____ C:\Windows\System32\axyfyhs.esf
    2013-12-31 21:44 - 2013-12-31 21:44 - 00101213 ____S C:\Windows\System32\yowb.sbs
    2013-12-31 14:14 - 2013-12-31 14:03 - 00000000 ____D C:\Users\Sean\AppData\Local\Apps\Windows 7 USB DVD Download Tool
    2013-12-31 14:03 - 2013-12-31 14:03 - 00969504 _____ (Microsoft Corporation) C:\Users\Sean\Downloads\Windows7-USB-DVD-tool.exe
    2013-12-30 23:23 - 2013-12-30 23:22 - 2147483648 _____ C:\Users\Sean\Downloads\nerdlet
    2013-12-30 20:08 - 2013-12-30 20:08 - 00000000 ____D C:\ProgramData\Package Cache
    2013-12-30 13:45 - 2012-12-08 21:13 - 00000011 _____ C:\Users\Sean\Desktop\$20.txt
    2013-12-29 15:35 - 2013-12-29 15:35 - 00000000 ____D C:\ProgramData\Game House
    2013-12-29 15:35 - 2013-12-29 15:35 - 00000000 ____D C:\Program Files\Online Games Manager
    2013-12-29 15:35 - 2013-12-29 15:34 - 00000000 ____D C:\ProgramData\Trymedia
    2013-12-29 15:34 - 2013-12-29 15:34 - 00000000 ____D C:\GameHouse Games
    2013-12-29 15:32 - 2013-12-29 15:32 - 00000000 ____D C:\Program Files\RealArcade
    2013-12-29 14:29 - 2013-12-29 14:11 - 00000000 ____D C:\Users\Sean\Desktop\eulernew
    2013-12-25 21:27 - 2013-12-25 21:26 - 00229965 _____ C:\Users\Sean\Downloads\fvd_single.2.0.8.crx
    2013-12-25 13:05 - 2013-12-25 13:05 - 00657408 _____ C:\Users\Sean\Downloads\MicrosoftFixit50465.msi
    2013-12-25 08:33 - 2012-06-09 09:52 - 00000000 ____D C:\Program Files\Common Files\Steam
    2013-12-25 06:37 - 2011-04-07 15:18 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2013-12-24 21:24 - 2011-04-07 14:45 - 00000000 ____D C:\Program Files\Microsoft.NET
    2013-12-24 15:23 - 2013-05-11 13:28 - 00000000 ____D C:\Python27
    2013-12-24 09:41 - 2013-12-24 09:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\SearchProtect
    2013-12-22 21:48 - 2013-12-22 21:48 - 00000000 ____D C:\Users\Sean\AppData\Local\Conduit
    2013-12-22 21:48 - 2013-12-22 21:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\NativeMessaging
    2013-12-22 21:48 - 2013-12-22 21:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\CRE
    2013-12-22 21:48 - 2013-12-22 21:48 - 00000000 ____D C:\Program Files\Conduit
    2013-12-22 21:48 - 2013-12-22 21:47 - 00000009 _____ C:\END
    2013-12-22 21:47 - 2013-12-22 21:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
    2013-12-22 21:46 - 2013-12-22 21:46 - 00923784 _____ (CNET Download.com) C:\Users\Sean\Downloads\cbsidlm-cbsi145-Flash_Video_Downloader_for_Google_Chrome-SEO-75327988.exe
    2013-12-20 18:52 - 2013-09-02 17:43 - 00000024 _____ C:\Users\Sean\random.dat
    2013-12-20 18:48 - 2013-09-02 17:43 - 00000043 _____ C:\Users\Sean\jagex_cl_runescape_LIVE.dat
    2013-12-20 13:13 - 2012-06-23 10:35 - 00000000 ____D C:\Users\Sean\AppData\Roaming\.minecraft
    2013-12-20 12:53 - 2013-12-17 18:24 - 00000000 ____D C:\Users\Sean\AppData\Roaming\DogeCoin
    2013-12-20 12:40 - 2013-12-17 18:24 - 00000000 ____D C:\ProgramData\boost_interprocess
    2013-12-19 05:11 - 2013-08-31 20:22 - 00056080 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2013-12-15 16:30 - 2013-12-15 16:27 - 00000000 ____D C:\Users\Sean\Desktop\pyscript
    2013-12-11 18:06 - 2013-12-11 18:06 - 00182303 _____ C:\Users\Sean\Downloads\8_Test08_1998_81.djvu
    2013-12-11 18:06 - 2013-12-11 18:06 - 00162101 _____ C:\Users\Sean\Downloads\13_Test13_1998_73.djvu
    2013-12-11 18:06 - 2013-12-11 18:06 - 00162101 _____ C:\Users\Sean\Downloads\13_Test13_1998_73 (1).djvu
    2013-12-11 17:56 - 2013-12-11 17:56 - 00882176 _____ C:\Users\Sean\Downloads\Knight_ch05.ppt
    2013-12-11 17:56 - 2013-12-11 17:56 - 00659968 _____ C:\Users\Sean\Downloads\Knight_ch17.ppt
    2013-12-11 17:56 - 2013-12-11 17:56 - 00277504 _____ C:\Users\Sean\Downloads\Knight_ch01.ppt
    2013-12-11 16:59 - 2013-12-11 16:42 - 00005198 _____ C:\Users\Sean\Documents\numbers.txt
     
    Files to move or delete:
    ====================
    C:\Users\Sean\AppData\Roaming\Camdata.ini
    C:\Users\Sean\AppData\Roaming\CamLayout.ini
    C:\Users\Sean\AppData\Roaming\CamShapes.ini
    C:\Users\Public\ntuser (1).dat
    C:\Users\Sean\jagex_cl_oldschool_LIVE.dat
    C:\Users\Sean\jagex_cl_runescape_LIVE.dat
    C:\Users\Sean\jagex_cl_runescape_LIVE1.dat
    C:\Users\Sean\random.dat
     
     
    Some content of TEMP:
    ====================
    C:\Users\Administrator\AppData\Local\Temp\InstallAX.exe
    C:\Users\Administrator\AppData\Local\Temp\InstallPlugin.exe
    C:\Users\beasleyj1\AppData\Local\Temp\G2MInstallerExtractor.exe
    C:\Users\beasleyj1\AppData\Local\Temp\_is9872.exe
    C:\Users\Sean\AppData\Local\Temp\ApnStub.exe
    C:\Users\Sean\AppData\Local\Temp\gbinit.exe
    C:\Users\Sean\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
    C:\Users\Sean\AppData\Local\Temp\nitro_pro8.exe
    C:\Users\Sean\AppData\Local\Temp\setup.exe
    C:\Users\Sean\AppData\Local\Temp\swt-win32-3349.dll
    C:\Users\Sean\AppData\Local\Temp\VerizonRCFile.EXE
     
     
    ==================== Known DLLs (Whitelisted) ============
     
     
    ==================== Bamital & volsnap Check =================
     
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll
    [2009-07-13 15:45] - [2009-07-13 17:16] - 0376320 ____A (Microsoft Corporation) 418F4CFC99B454CBF626BFB9D58F91FB
     
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
     
    ==================== EXE ASSOCIATION =====================
     
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
     
    ==================== Restore Points  =========================
     
     
    ==================== Memory info =========================== 
     
    Percentage of memory in use: 13%
    Total physical RAM: 3891.67 MB
    Available physical RAM: 3385.41 MB
    Total Pagefile: 3889.95 MB
    Available Pagefile: 3398.88 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1934.2 MB
     
    ==================== Drives ================================
     
    Drive c: (OSDisk) (Fixed) (Total:297.79 GB) (Free:236.17 GB) NTFS
    Drive f: () (Removable) (Total:1.85 GB) (Free:1.8 GB) FAT
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: (BDEDrive) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 8F857E0F)
    Partition 1: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
    Partition 2: (Active) - (Size=300 MB) - (Type=07 NTFS)
     
    ========================================================
    Disk: 1 (Size: 2 GB) (Disk ID: E1D61897)
    Partition 1: (Not Active) - (Size=2 GB) - (Type=06)
     
     
    LastRegBack: 2013-12-31 12:00
     
    ==================== End Of Log ============================


    #6 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:03:54 AM

    Posted 09 January 2014 - 08:45 PM

    Hello, Yerer.
     
    Step 1
     
     
    This time, run adwCleaner...when asked to delete, let it do so.  Those are all adware entries in the scan.  Please post the resulting log.
     
     
     
    Step 2
     
    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it on the flash drive as fixlist.txt
     

    2013-12-31 22:21 - 2013-12-31 22:21 - 00028672 _____ C:\Windows\System32\qwhp.iji
    2013-12-31 22:09 - 2014-01-08 18:37 - 00000083 _____ C:\Windows\System32\mjdq.ucm
    2013-12-31 21:59 - 2013-12-31 22:21 - 00000097 _____ C:\Windows\System32\uytnrx.bvt
    2013-12-31 21:59 - 2013-12-31 21:59 - 00000064 _____ C:\Windows\System32\axyfyhs.esf
    2013-12-31 21:44 - 2013-12-31 21:44 - 00101213 ____S C:\Windows\System32\yowb.sbs
    2013-12-24 09:41 - 2013-12-24 09:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\SearchProtect
    2013-12-22 21:48 - 2014-01-01 14:57 - 00000000 ____D C:\ProgramData\Conduit
    2013-12-22 21:48 - 2013-12-22 21:48 - 00000000 ____D C:\Users\Sean\AppData\Local\Conduit
    2013-12-22 21:48 - 2013-12-22 21:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\NativeMessaging
    2013-12-22 21:48 - 2013-12-22 21:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\CRE
    2013-12-22 21:48 - 2013-12-22 21:48 - 00000000 ____D C:\Program Files\Conduit
    2013-12-22 21:47 - 2013-12-22 21:48 - 00000009 _____ C:\END
     
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
     
    On Vista or Windows 7: Now please enter System Recovery Options.
     
    On Windows XP: Now please boot into the PE (Preinstallation Environment) disk.
     
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will generate a log on the flashdrive (Fixlog.txt) please post it in your reply.
     
     
     
    Step 3
     
    After running the fixlist, next while still in FRST type rpcss.dll in the search box and press Search File(s).  Post the resulting log (search.txt) that will appear in the same location as FRST. 
     
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #7 Yerer

    Yerer
    • Topic Starter

    • Members
    • 19 posts
    • OFFLINE
    •  
    • Local time:02:54 AM

    Posted 11 January 2014 - 11:11 AM

    So after I used the FRST tool, my computer would no longer work. After showing the windows logo, my computer would simply have a black screen with the mouse, no log in screen. I was unable to do anything at all, and I tried lots of options, safe mode, etc. Finally I went back and put all the files FRST removed into their original spots and now the computer boots up again, although it has been slow and restarts randomly. Here is the adware log

    # AdwCleaner v3.016 - Report created 09/01/2014 at 23:08:40
    # Updated 23/12/2013 by Xplode
    # Operating System : Windows 7 Enterprise  (32 bits)
    # Username : Sean - LENOVO
    # Running from : C:\Users\Sean\Desktop\AdwCleaner.exe
    # Option : Clean
     
    ***** [ Services ] *****
     
     
    ***** [ Files / Folders ] *****
     
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\ProgramData\Conduit
    Folder Deleted : C:\ProgramData\Trymedia
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Users\Sean\AppData\Local\apn
    Folder Deleted : C:\Users\Sean\AppData\Local\Conduit
    Folder Deleted : C:\Users\Sean\AppData\Local\Temp\AskSearch
    Folder Deleted : C:\Users\Sean\AppData\Local\Temp\NativeMessaging
    Folder Deleted : C:\Users\Sean\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Administrator\AppData\Local\NativeMessaging
    Folder Deleted : C:\Users\Administrator\AppData\Local\Searchprotect
    Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Conduit
    File Deleted : C:\END
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FC263028-5D21-42F5-AF8A-A46B82815365}
    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC263028-5D21-42F5-AF8A-A46B82815365}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_game-booster_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_game-booster_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\PIP
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\InstallIQ
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\Software\SearchProtect
    Key Deleted : HKLM\Software\Trymedia Systems
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v8.0.7600.16968
     
     
    -\\ Mozilla Firefox v4.0 (en-US)
     
    [ File : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\xx7xh2tx.default\prefs.js ]
     
     
    [ File : C:\Users\beasleyj1\AppData\Roaming\Mozilla\Firefox\Profiles\prgszm68.default\prefs.js ]
     
     
    -\\ Google Chrome v
     
    [ File : C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\preferences ]
     
     
    *************************
     
    AdwCleaner[R0].txt - [5092 octets] - [08/01/2014 21:40:03]
    AdwCleaner[R1].txt - [5152 octets] - [09/01/2014 23:06:48]
    AdwCleaner[S0].txt - [5098 octets] - [09/01/2014 23:08:40]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5158 octets] ##########
     
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-01-2014 01
    Ran by SYSTEM at 2014-01-09 23:22:37 Run:1
    Running from F:\
    Boot Mode: Recovery
     
    ==============================================
     
    Content of fixlist:
    *****************
    2013-12-31 22:21 - 2013-12-31 22:21 - 00028672 _____ C:\Windows\System32\qwhp.iji
    2013-12-31 22:09 - 2014-01-08 18:37 - 00000083 _____ C:\Windows\System32\mjdq.ucm
    2013-12-31 21:59 - 2013-12-31 22:21 - 00000097 _____ C:\Windows\System32\uytnrx.bvt
    2013-12-31 21:59 - 2013-12-31 21:59 - 00000064 _____ C:\Windows\System32\axyfyhs.esf
    2013-12-31 21:44 - 2013-12-31 21:44 - 00101213 ____S C:\Windows\System32\yowb.sbs
    2013-12-24 09:41 - 2013-12-24 09:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\SearchProtect
    2013-12-22 21:48 - 2014-01-01 14:57 - 00000000 ____D C:\ProgramData\Conduit
    2013-12-22 21:48 - 2013-12-22 21:48 - 00000000 ____D C:\Users\Sean\AppData\Local\Conduit
    2013-12-22 21:48 - 2013-12-22 21:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\NativeMessaging
    2013-12-22 21:48 - 2013-12-22 21:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\CRE
    2013-12-22 21:48 - 2013-12-22 21:48 - 00000000 ____D C:\Program Files\Conduit
    2013-12-22 21:47 - 2013-12-22 21:48 - 00000009 _____ C:\END
    *****************
     
    C:\Windows\System32\qwhp.iji => Moved successfully.
    C:\Windows\System32\mjdq.ucm => Moved successfully.
    C:\Windows\System32\uytnrx.bvt => Moved successfully.
    C:\Windows\System32\axyfyhs.esf => Moved successfully.
    C:\Windows\System32\yowb.sbs => Moved successfully.
    "C:\Users\Administrator\AppData\Local\SearchProtect" => File/Directory not found.
    "C:\ProgramData\Conduit" => File/Directory not found.
    "C:\Users\Sean\AppData\Local\Conduit" => File/Directory not found.
    "C:\Users\Administrator\AppData\Local\NativeMessaging" => File/Directory not found.
    C:\Users\Administrator\AppData\Local\CRE => Moved successfully.
    "C:\Program Files\Conduit" => File/Directory not found.
    "C:\END" => File/Directory not found.
     
    ==== End of Fixlog ====

     

     

    Farbar Recovery Scan Tool (x86) Version: 08-01-2014 01
    Ran by SYSTEM at 2014-01-09 23:23:20
    Running from F:\
    Boot Mode: Recovery
     
    ================== Search: "rpcss.dll" ===================
     
    C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll
    [2009-07-13 15:45] - [2009-07-13 17:16] - 0376320 ____A (Microsoft Corporation) B82CD39E336973359D7C9BF911E8E84F
     
    C:\Windows\System32\rpcss.dll
    [2009-07-13 15:45] - [2009-07-13 17:16] - 0376320 ____A (Microsoft Corporation) 418F4CFC99B454CBF626BFB9D58F91FB
     
    C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
    [2011-05-25 13:29] - [2010-11-20 04:21] - 0376832 ____A (Microsoft Corporation) 7660F01D3B38ACA1747E397D21D790AF
     
    X:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll
    [2009-07-13 15:45] - [2009-07-13 17:16] - 0376320 ____A (Microsoft Corporation) B82CD39E336973359D7C9BF911E8E84F
     
    X:\Windows\System32\rpcss.dll
    [2009-07-13 15:45] - [2009-07-13 17:16] - 0376320 ____A (Microsoft Corporation) B82CD39E336973359D7C9BF911E8E84F
     
    X:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll
    [2009-07-13 15:45] - [2009-07-13 17:16] - 0376320 ____A (Microsoft Corporation) B82CD39E336973359D7C9BF911E8E84F
     
    X:\Windows\System32\rpcss.dll
    [2009-07-13 15:45] - [2009-07-13 17:16] - 0376320 ____A (Microsoft Corporation) B82CD39E336973359D7C9BF911E8E84F
     
    === End Of Search ===

    Edited by Yerer, 11 January 2014 - 11:12 AM.


    #8 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:03:54 AM

    Posted 11 January 2014 - 11:22 AM

    This will fix that.  Copy/paste the text in the box below to notepad and save it to the FRST flash drive as fixlist.txt then boot into FRST, click Fix just once.  It will make the log fixlog.txt, copy/paste the contents of that in your reply.  Also, try booting into Windows after that and confirm it does boot OK.  Let me know the results of that and post the log.

     

    Replace: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll C:\Windows\System32\rpcss.dll

     

    -etavares



    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #9 Yerer

    Yerer
    • Topic Starter

    • Members
    • 19 posts
    • OFFLINE
    •  
    • Local time:02:54 AM

    Posted 12 January 2014 - 01:24 AM

    The computer will no longer boot, just like before. It shows the windows logo then just a black screen with the mouse.

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-01-2014 01
    Ran by SYSTEM at 2014-01-12 01:07:20 Run:2
    Running from F:\
    Boot Mode: Recovery
     
    ==============================================
     
    Content of fixlist:
    *****************
    Replace: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll C:\Windows\System32\rpcss.dll
    *****************
     
    C:\Windows\System32\rpcss.dll => Moved successfully.
    C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
     
    ==== End of Fixlog ====


    #10 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:03:54 AM

    Posted 12 January 2014 - 07:13 AM

    That's surprising it's not booting at this point.  Let's try a different copy:  Please run the fix again with this code.

     

    Replace: C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll C:\Windows\System32\rpcss.dll


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #11 Yerer

    Yerer
    • Topic Starter

    • Members
    • 19 posts
    • OFFLINE
    •  
    • Local time:02:54 AM

    Posted 12 January 2014 - 12:58 PM

    Still isn't booting correctly. Oh by the way, since the first time I fixed the booting issue by putting all the things from FRST's quarantine back where they belong, should we re-run the original fixlist to remove what is actually bad?

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-01-2014 01
    Ran by SYSTEM at 2014-01-12 12:53:57 Run:3
    Running from F:\
    Boot Mode: Recovery
     
    ==============================================
     
    Content of fixlist:
    *****************
    Replace: C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll C:\Windows\System32\rpcss.dll
    *****************
     
    C:\Windows\System32\rpcss.dll => Moved successfully.
    C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
     
    ==== End of Fixlog ====


    #12 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:03:54 AM

    Posted 12 January 2014 - 02:14 PM

    Hi,

     

    Still isn't booting correctly. Oh by the way, since the first time I fixed the booting issue by putting all the things from FRST's quarantine back where they belong, should we re-run the original fixlist to remove what is actually bad?

     

    When did you do that?  Making changes without being instructed leads to us working against each other, not on the same team.  It can delay fixing the issue or worse, do damage to the computer.  Let's figure out exactly where we are.  Did you replace everything from the quarantine?  Just now?  Or before?  Or multiple times  Everything, or just rpcss.dll?  Please post a fresh scan log from FRST as well with your reply.

     

    -etavares



    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #13 Yerer

    Yerer
    • Topic Starter

    • Members
    • 19 posts
    • OFFLINE
    •  
    • Local time:02:54 AM

    Posted 12 January 2014 - 11:26 PM

    I replaced the items from the quarantine when I posted in post #7, as I had no other computer working and it was the only way I could even get my computer to boot. I'll try to be more clear and cautious in the future. Replacing the items is what allowed me to boot in the first place, although it still no longer boots. I did this only once as I described in post 7.

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-01-2014 01
    Ran by SYSTEM on MININT-LUQQF0Q on 12-01-2014 23:24:20
    Running from F:\
    Windows 7 Enterprise (X86) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Recovery
     
    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
     
     
    ==================== Registry (Whitelisted) ==================
     
    HKLM\...\Run: [SoftGridTray] - C:\Program Files\Microsoft Application Virtualization Client\sfttray.exe [807272 2010-02-12] (Microsoft Corporation)
    HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe [35736 2010-11-10] (Adobe Systems Incorporated)
    HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-10] (Adobe Systems Incorporated)
    HKLM\...\Run: [OfficeScanNT Monitor] - "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
    HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
    HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
    HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2200872 2011-02-17] (Synaptics Incorporated)
    HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
    HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-02] (AVAST Software)
    HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [360448 2009-07-13] (Microsoft Corporation)
    HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,"C:\Program Files\Microsoft Application Virtualization Client\sftdcc.exe",
    HKU\beasleyj1\...\Run: [OfficeSyncProcess] - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [ 2010-03-15] (Microsoft Corporation)
    HKU\loidolts1\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [ 2010-11-29] (Apple Inc.)
    HKU\Sean\...\Run: [Google Update] - C:\Users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe [ 2012-06-09] (Google Inc.)
    HKU\Sean\...\Run: [Spotify Web Helper] - C:\Users\Sean\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [ 2013-12-21] (Spotify Ltd)
    HKU\Sean\...\Run: [puush] - C:\Program Files\puush\puush.exe [ 2013-10-13] ()
    HKU\Sean\...\Run: [Facebook Update] - C:\Users\Sean\AppData\Local\Facebook\Update\FacebookUpdate.exe [ 2014-01-05] (Facebook Inc.)
    Startup: C:\Users\beasleyj1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
     
    ========================== Services (Whitelisted) =================
     
    S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-02] (AVAST Software)
    S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
    S2 CcmExec; C:\Windows\system32\CCM\CcmExec.exe [764768 2009-09-18] (Microsoft Corporation)
    S2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [664944 2011-03-16] (Juniper Networks)
    S2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [198000 2010-12-15] (Juniper Networks)
    S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    S2 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [559552 2013-08-08] (RealNetworks, Inc.)
    S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
    S3 smstsmgr; C:\Windows\system32\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
    S3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [345424 2010-06-14] (Trend Micro Inc.)
    S2 ntrtscan; "C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe" [x]
    S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]
    S2 tmlisten; "C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe" [x]
    S3 TmPfw; "C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe" [x]
    S3 TmProxy; "C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe" [x]
     
    ==================== Drivers (Whitelisted) ====================
     
    S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-01-02] (AVAST Software)
    S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2014-01-02] (AVAST Software)
    S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-01-02] ()
    S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-01-02] (AVAST Software)
    S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410528 2014-01-02] (AVAST Software)
    S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-01-02] (AVAST Software)
    S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-12-19] (AVAST Software)
    S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [180248 2014-01-02] ()
    S3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2011-03-16] (Juniper Networks)
    S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-07-20] (ManyCam LLC)
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
    S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [25088 2012-07-20] (ManyCam LLC)
    S2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
    S3 prepdrvr; C:\Windows\system32\CCM\prepdrv.sys [20848 2009-09-18] (Microsoft Corporation)
    S2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [49152 2009-10-29] (REDC)
    S2 rixdpcie; C:\Windows\System32\DRIVERS\rixdpe86.sys [38912 2009-09-28] (REDC)
    S2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [67664 2010-06-14] (Trend Micro Inc.)
    S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [177232 2010-06-14] (Trend Micro Inc.)
    S2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [57424 2010-06-14] (Trend Micro Inc.)
    S1 TmLwf; C:\Windows\System32\DRIVERS\tmlwf.sys [146960 2010-04-24] (Trend Micro Inc.)
    S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [90256 2010-04-24] (Trend Micro Inc.)
    S2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [283152 2010-04-24] (Trend Micro Inc.)
    S3 WinRing0_1_2_0; C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys [14416 2012-11-13] (OpenLibSys.org)
    S2 TmFilter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys [x]
    S2 TmPreFilter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys [x]
    S5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()
    S2 VSApiNt; \??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys [x]
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    ==================== One Month Created Files and Folders ========
     
    2014-01-11 22:35 - 2014-01-11 22:35 - 00222024 _____ C:\Windows\Minidump\011214-19468-01.dmp
    2014-01-11 02:15 - 2014-01-09 20:05 - 00000086 _____ C:\Windows\System32\mjdq.ucm
    2014-01-11 02:15 - 2013-12-31 22:21 - 00028672 _____ C:\Windows\System32\qwhp.iji
    2014-01-11 02:15 - 2013-12-31 22:21 - 00000097 _____ C:\Windows\System32\uytnrx.bvt
    2014-01-11 02:15 - 2013-12-31 21:59 - 00000064 _____ C:\Windows\System32\axyfyhs.esf
    2014-01-11 02:15 - 2013-12-31 21:44 - 00101213 _____ C:\Windows\System32\yowb.sbs
    2014-01-09 20:13 - 2014-01-09 20:13 - 00005238 _____ C:\Users\Sean\Desktop\AdwCleaner[S0].txt
    2014-01-09 16:41 - 2014-01-09 16:41 - 00000092 ____H C:\Users\Sean\Downloads\.~lock.Heart of Darkness Discussion Questions.docx#
    2014-01-08 21:50 - 2014-01-08 21:50 - 00000000 ____D C:\FRST
    2014-01-08 18:44 - 2014-01-08 18:44 - 01065947 _____ (Farbar) C:\Users\Sean\Downloads\FRST.exe
    2014-01-08 18:39 - 2014-01-09 20:08 - 00000000 ____D C:\AdwCleaner
    2014-01-08 18:39 - 2014-01-08 18:39 - 01233962 _____ C:\Users\Sean\Desktop\AdwCleaner.exe
    2014-01-07 18:46 - 2014-01-07 18:46 - 00222024 _____ C:\Windows\Minidump\010714-18876-01.dmp
    2014-01-05 18:17 - 2014-01-05 18:17 - 00501248 _____ (Facebook Inc.) C:\Users\Sean\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
    2014-01-05 18:17 - 2014-01-05 18:17 - 00000000 ____D C:\Users\Sean\AppData\Local\Facebook
    2014-01-04 21:39 - 2014-01-04 22:22 - 583488186 _____ C:\Users\Sean\Downloads\Watch playnow Spring breakers 2012 720p x264 mp4 mp4.mp4.crdownload
    2014-01-04 21:24 - 2014-01-04 21:35 - 14224928 _____ C:\Users\Sean\Downloads\SpringBreakers2012BRRipXviD-S4Aavi  PutLocker.flv
    2014-01-02 22:38 - 2014-01-02 22:38 - 00000000 ____D C:\Users\Sean\AppData\Local\Macromedia
    2014-01-02 20:01 - 2014-01-02 20:01 - 00000000 ____D C:\Users\Sean\AppData\Roaming\AVAST Software
    2014-01-02 19:54 - 2014-01-02 21:06 - 00064168 _____ (AVAST Software) C:\Windows\System32\Drivers\aswstm.sys
    2014-01-02 19:54 - 2014-01-02 19:54 - 00002053 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-01-02 19:41 - 2014-01-02 19:42 - 08459811 _____ C:\Users\Sean\Downloads\The Family Dance.mp4
    2014-01-02 14:20 - 2014-01-08 15:43 - 00015012 _____ C:\Users\Sean\Desktop\attach.txt
    2014-01-02 14:20 - 2014-01-08 15:40 - 00017018 _____ C:\Users\Sean\Desktop\dds.txt
    2014-01-02 14:17 - 2014-01-02 14:18 - 00688992 ____R (Swearware) C:\Users\Sean\Desktop\dds.com
    2014-01-01 15:14 - 2014-01-01 15:14 - 00235008 _____ C:\Windows\Minidump\010114-16036-01.dmp
    2014-01-01 12:29 - 2014-01-11 22:35 - 210016531 _____ C:\Windows\MEMORY.DMP
    2014-01-01 12:29 - 2014-01-11 22:35 - 00000000 ____D C:\Windows\Minidump
    2014-01-01 12:29 - 2014-01-01 12:29 - 00222024 _____ C:\Windows\Minidump\010114-17877-01.dmp
    2013-12-31 22:24 - 2013-12-31 22:24 - 00000000 ____D C:\Users\Sean\AppData\Roaming\Malwarebytes
    2013-12-31 22:23 - 2013-12-31 22:23 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Sean\Downloads\mbam-setup-1.75.0.1300.exe
    2013-12-31 22:23 - 2013-12-31 22:23 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-12-31 22:23 - 2013-12-31 22:23 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-12-31 22:23 - 2013-12-31 22:23 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2013-12-31 22:23 - 2013-04-04 11:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-12-31 14:03 - 2013-12-31 14:14 - 00000000 ____D C:\Users\Sean\AppData\Local\Apps\Windows 7 USB DVD Download Tool
    2013-12-31 14:03 - 2013-12-31 14:03 - 00969504 _____ (Microsoft Corporation) C:\Users\Sean\Downloads\Windows7-USB-DVD-tool.exe
    2013-12-30 23:22 - 2013-12-30 23:23 - 2147483648 _____ C:\Users\Sean\Downloads\nerdlet
    2013-12-30 20:08 - 2013-12-30 20:08 - 00000000 ____D C:\ProgramData\Package Cache
    2013-12-30 20:08 - 2010-06-02 01:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
    2013-12-30 20:08 - 2010-06-02 01:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
    2013-12-30 20:08 - 2010-06-02 01:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
    2013-12-30 20:08 - 2010-05-26 08:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
    2013-12-30 20:08 - 2010-05-26 08:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
    2013-12-30 20:08 - 2010-05-26 08:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
    2013-12-30 20:08 - 2010-05-26 08:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
    2013-12-30 20:08 - 2010-05-26 08:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
    2013-12-30 20:08 - 2009-09-04 14:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
    2013-12-30 20:08 - 2009-09-04 14:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
    2013-12-30 20:08 - 2009-09-04 14:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
    2013-12-30 20:08 - 2009-09-04 14:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
    2013-12-30 20:08 - 2009-09-04 14:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
    2013-12-30 20:08 - 2009-09-04 14:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
    2013-12-30 20:08 - 2009-09-04 14:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
    2013-12-30 20:08 - 2009-09-04 14:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
    2013-12-30 20:08 - 2008-10-27 07:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
    2013-12-30 20:08 - 2008-10-27 07:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
    2013-12-30 20:08 - 2008-10-27 07:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
    2013-12-30 20:08 - 2008-10-27 07:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
    2013-12-30 20:08 - 2008-07-31 07:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
    2013-12-30 20:08 - 2008-07-31 07:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
    2013-12-30 20:08 - 2008-07-31 07:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
    2013-12-29 15:35 - 2013-12-29 15:35 - 00000000 ____D C:\ProgramData\Game House
    2013-12-29 15:35 - 2013-12-29 15:35 - 00000000 ____D C:\Program Files\Online Games Manager
    2013-12-29 15:34 - 2013-12-29 15:34 - 00000000 ____D C:\GameHouse Games
    2013-12-29 15:32 - 2013-12-29 15:32 - 00000000 ____D C:\Program Files\RealArcade
    2013-12-29 14:11 - 2013-12-29 14:29 - 00000000 ____D C:\Users\Sean\Desktop\eulernew
    2013-12-25 21:26 - 2013-12-25 21:27 - 00229965 _____ C:\Users\Sean\Downloads\fvd_single.2.0.8.crx
    2013-12-25 13:05 - 2013-12-25 13:05 - 00657408 _____ C:\Users\Sean\Downloads\MicrosoftFixit50465.msi
    2013-12-24 21:23 - 2009-03-16 11:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
    2013-12-24 21:23 - 2009-03-16 11:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
    2013-12-24 21:23 - 2009-03-16 11:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
    2013-12-24 21:23 - 2009-03-09 12:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
    2013-12-24 21:23 - 2009-03-09 12:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
    2013-12-24 21:23 - 2008-10-15 03:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
    2013-12-24 21:23 - 2008-10-15 03:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
    2013-12-24 21:23 - 2008-05-30 11:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
    2013-12-24 21:23 - 2008-05-30 11:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
    2013-12-24 21:23 - 2008-05-30 11:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
    2013-12-24 21:23 - 2008-05-30 11:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
    2013-12-24 21:23 - 2008-05-30 11:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
    2013-12-24 21:23 - 2008-05-30 11:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
    2013-12-24 21:23 - 2008-05-30 11:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
    2013-12-24 21:23 - 2008-03-05 13:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
    2013-12-24 21:23 - 2008-03-05 13:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
    2013-12-24 21:23 - 2008-03-05 13:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
    2013-12-24 21:23 - 2008-03-05 12:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
    2013-12-24 21:23 - 2008-03-05 12:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
    2013-12-24 21:23 - 2008-02-05 20:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
    2013-12-24 21:23 - 2007-10-22 00:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll
    2013-12-24 21:23 - 2007-10-22 00:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll
    2013-12-24 21:23 - 2007-10-12 12:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll
    2013-12-24 21:23 - 2007-10-12 12:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll
    2013-12-24 21:23 - 2007-10-02 06:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll
    2013-12-24 21:23 - 2007-07-19 21:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll
    2013-12-24 21:23 - 2007-07-19 15:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_35.dll
    2013-12-24 21:23 - 2007-07-19 15:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll
    2013-12-24 21:23 - 2007-07-19 15:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll
    2013-12-24 21:23 - 2007-06-20 17:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll
    2013-12-24 21:23 - 2007-05-16 13:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll
    2013-12-24 21:23 - 2007-05-16 13:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll
    2013-12-24 21:23 - 2007-05-16 13:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll
    2013-12-24 21:23 - 2007-04-04 15:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
    2013-12-24 21:23 - 2007-03-15 13:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
    2013-12-24 21:23 - 2007-03-12 13:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
    2013-12-24 21:23 - 2007-03-05 09:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
    2013-12-24 21:23 - 2007-01-24 12:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
    2013-12-24 21:23 - 2006-12-08 09:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
    2013-12-24 21:23 - 2006-11-29 10:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
    2013-12-24 21:23 - 2006-11-29 10:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10.dll
    2013-12-24 21:23 - 2006-09-28 13:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll
    2013-12-24 21:23 - 2006-09-28 13:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
    2013-12-24 21:23 - 2006-07-28 06:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
    2013-12-24 21:23 - 2006-07-28 06:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
    2013-12-24 21:23 - 2006-05-31 04:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
    2013-12-24 21:23 - 2006-03-31 09:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
    2013-12-24 21:23 - 2006-03-31 09:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
    2013-12-24 21:23 - 2006-03-31 09:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
    2013-12-24 21:23 - 2006-02-03 05:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
    2013-12-24 21:23 - 2006-02-03 05:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
    2013-12-24 21:23 - 2006-02-03 05:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
    2013-12-24 21:23 - 2005-12-05 15:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
    2013-12-24 21:23 - 2005-07-22 16:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
    2013-12-24 21:23 - 2005-05-26 12:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll
    2013-12-24 21:23 - 2005-03-18 14:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
    2013-12-24 21:23 - 2005-02-05 16:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
    2013-12-22 21:47 - 2013-12-22 21:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
    2013-12-22 21:46 - 2013-12-22 21:46 - 00923784 _____ (CNET Download.com) C:\Users\Sean\Downloads\cbsidlm-cbsi145-Flash_Video_Downloader_for_Google_Chrome-SEO-75327988.exe
    2013-12-17 18:24 - 2013-12-20 12:53 - 00000000 ____D C:\Users\Sean\AppData\Roaming\DogeCoin
    2013-12-15 16:27 - 2013-12-15 16:30 - 00000000 ____D C:\Users\Sean\Desktop\pyscript
     
    ==================== One Month Modified Files and Folders =======
     
    2014-01-11 22:35 - 2014-01-11 22:35 - 00222024 _____ C:\Windows\Minidump\011214-19468-01.dmp
    2014-01-11 22:35 - 2014-01-01 12:29 - 210016531 _____ C:\Windows\MEMORY.DMP
    2014-01-11 22:35 - 2014-01-01 12:29 - 00000000 ____D C:\Windows\Minidump
    2014-01-11 22:05 - 2012-06-09 05:23 - 00000000 ____D C:\Users\Sean\AppData\Roaming\SoftGrid Client
    2014-01-11 22:05 - 2011-04-08 03:44 - 01933787 _____ C:\Windows\WindowsUpdate.log
    2014-01-11 08:20 - 2009-07-13 20:34 - 00015344 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-01-11 08:20 - 2009-07-13 20:34 - 00015344 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-01-11 08:14 - 2011-04-07 14:48 - 00000462 _____ C:\Windows\SMSCFG.ini
    2014-01-11 08:13 - 2009-07-13 20:39 - 00105891 _____ C:\Windows\setupact.log
    2014-01-10 21:15 - 2009-07-13 20:34 - 00003072 _____ C:\Windows\System32\umstartup.etl
    2014-01-09 23:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles
    2014-01-09 20:14 - 2011-04-07 14:51 - 00002598 __RSH C:\ProgramData\ntuser.pol
    2014-01-09 20:13 - 2014-01-09 20:13 - 00005238 _____ C:\Users\Sean\Desktop\AdwCleaner[S0].txt
    2014-01-09 20:09 - 2011-04-07 15:29 - 00266640 _____ C:\Windows\PFRO.log
    2014-01-09 20:08 - 2014-01-08 18:39 - 00000000 ____D C:\AdwCleaner
    2014-01-09 20:05 - 2014-01-11 02:15 - 00000086 _____ C:\Windows\System32\mjdq.ucm
    2014-01-09 16:41 - 2014-01-09 16:41 - 00000092 ____H C:\Users\Sean\Downloads\.~lock.Heart of Darkness Discussion Questions.docx#
    2014-01-08 21:50 - 2014-01-08 21:50 - 00000000 ____D C:\FRST
    2014-01-08 18:44 - 2014-01-08 18:44 - 01065947 _____ (Farbar) C:\Users\Sean\Downloads\FRST.exe
    2014-01-08 18:39 - 2014-01-08 18:39 - 01233962 _____ C:\Users\Sean\Desktop\AdwCleaner.exe
    2014-01-08 15:43 - 2014-01-02 14:20 - 00015012 _____ C:\Users\Sean\Desktop\attach.txt
    2014-01-08 15:40 - 2014-01-02 14:20 - 00017018 _____ C:\Users\Sean\Desktop\dds.txt
    2014-01-07 19:12 - 2013-11-28 07:12 - 00000000 ____D C:\Users\Sean\Desktop\Euler
    2014-01-07 18:46 - 2014-01-07 18:46 - 00222024 _____ C:\Windows\Minidump\010714-18876-01.dmp
    2014-01-06 21:15 - 2013-04-26 18:54 - 00000000 ____D C:\Users\Sean\AppData\Roaming\vlc
    2014-01-06 12:27 - 2012-10-15 12:15 - 00000000 ____D C:\Users\Sean\AppData\Roaming\Skype
    2014-01-05 18:17 - 2014-01-05 18:17 - 00501248 _____ (Facebook Inc.) C:\Users\Sean\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
    2014-01-05 18:17 - 2014-01-05 18:17 - 00000000 ____D C:\Users\Sean\AppData\Local\Facebook
    2014-01-05 11:04 - 2012-06-09 09:52 - 00000000 ____D C:\Program Files\Steam
    2014-01-04 22:22 - 2014-01-04 21:39 - 583488186 _____ C:\Users\Sean\Downloads\Watch playnow Spring breakers 2012 720p x264 mp4 mp4.mp4.crdownload
    2014-01-04 21:35 - 2014-01-04 21:24 - 14224928 _____ C:\Users\Sean\Downloads\SpringBreakers2012BRRipXviD-S4Aavi  PutLocker.flv
    2014-01-04 20:55 - 2012-11-01 16:20 - 00000000 ____D C:\Users\Sean\AppData\Roaming\Spotify
    2014-01-04 20:44 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
    2014-01-03 20:24 - 2012-11-01 16:21 - 00000000 ____D C:\Users\Sean\AppData\Local\Spotify
    2014-01-02 22:38 - 2014-01-02 22:38 - 00000000 ____D C:\Users\Sean\AppData\Local\Macromedia
    2014-01-02 21:06 - 2014-01-02 19:54 - 00064168 _____ (AVAST Software) C:\Windows\System32\Drivers\aswstm.sys
    2014-01-02 20:57 - 2011-04-07 14:57 - 00000000 ____D C:\Program Files\UltraVNC
    2014-01-02 20:01 - 2014-01-02 20:01 - 00000000 ____D C:\Users\Sean\AppData\Roaming\AVAST Software
    2014-01-02 19:54 - 2014-01-02 19:54 - 00002053 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-01-02 19:54 - 2013-08-31 20:22 - 00775952 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2014-01-02 19:54 - 2013-08-31 20:22 - 00410528 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2014-01-02 19:54 - 2013-08-31 20:22 - 00270240 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
    2014-01-02 19:54 - 2013-08-31 20:22 - 00180248 _____ C:\Windows\System32\Drivers\aswVmm.sys
    2014-01-02 19:54 - 2013-08-31 20:22 - 00079720 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
    2014-01-02 19:54 - 2013-08-31 20:22 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2014-01-02 19:54 - 2013-08-31 20:22 - 00049944 _____ C:\Windows\System32\Drivers\aswRvrt.sys
    2014-01-02 19:54 - 2013-08-31 20:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-01-02 19:44 - 2013-08-31 20:21 - 00000000 ____D C:\ProgramData\AVAST Software
    2014-01-02 19:43 - 2009-07-13 18:04 - 00002577 _____ C:\Windows\System32\config.nt
    2014-01-02 19:42 - 2014-01-02 19:41 - 08459811 _____ C:\Users\Sean\Downloads\The Family Dance.mp4
    2014-01-02 14:18 - 2014-01-02 14:17 - 00688992 ____R (Swearware) C:\Users\Sean\Desktop\dds.com
    2014-01-01 17:12 - 2011-03-04 16:49 - 00847832 _____ C:\Windows\System32\PerfStringBackup.INI
    2014-01-01 15:14 - 2014-01-01 15:14 - 00235008 _____ C:\Windows\Minidump\010114-16036-01.dmp
    2014-01-01 15:14 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Branding
    2014-01-01 12:29 - 2014-01-01 12:29 - 00222024 _____ C:\Windows\Minidump\010114-17877-01.dmp
    2013-12-31 22:24 - 2013-12-31 22:24 - 00000000 ____D C:\Users\Sean\AppData\Roaming\Malwarebytes
    2013-12-31 22:23 - 2013-12-31 22:23 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Sean\Downloads\mbam-setup-1.75.0.1300.exe
    2013-12-31 22:23 - 2013-12-31 22:23 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-12-31 22:23 - 2013-12-31 22:23 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-12-31 22:23 - 2013-12-31 22:23 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2013-12-31 22:21 - 2014-01-11 02:15 - 00028672 _____ C:\Windows\System32\qwhp.iji
    2013-12-31 22:21 - 2014-01-11 02:15 - 00000097 _____ C:\Windows\System32\uytnrx.bvt
    2013-12-31 21:59 - 2014-01-11 02:15 - 00000064 _____ C:\Windows\System32\axyfyhs.esf
    2013-12-31 21:44 - 2014-01-11 02:15 - 00101213 _____ C:\Windows\System32\yowb.sbs
    2013-12-31 14:14 - 2013-12-31 14:03 - 00000000 ____D C:\Users\Sean\AppData\Local\Apps\Windows 7 USB DVD Download Tool
    2013-12-31 14:03 - 2013-12-31 14:03 - 00969504 _____ (Microsoft Corporation) C:\Users\Sean\Downloads\Windows7-USB-DVD-tool.exe
    2013-12-30 23:23 - 2013-12-30 23:22 - 2147483648 _____ C:\Users\Sean\Downloads\nerdlet
    2013-12-30 20:08 - 2013-12-30 20:08 - 00000000 ____D C:\ProgramData\Package Cache
    2013-12-30 13:45 - 2012-12-08 21:13 - 00000011 _____ C:\Users\Sean\Desktop\$20.txt
    2013-12-29 15:35 - 2013-12-29 15:35 - 00000000 ____D C:\ProgramData\Game House
    2013-12-29 15:35 - 2013-12-29 15:35 - 00000000 ____D C:\Program Files\Online Games Manager
    2013-12-29 15:34 - 2013-12-29 15:34 - 00000000 ____D C:\GameHouse Games
    2013-12-29 15:32 - 2013-12-29 15:32 - 00000000 ____D C:\Program Files\RealArcade
    2013-12-29 14:29 - 2013-12-29 14:11 - 00000000 ____D C:\Users\Sean\Desktop\eulernew
    2013-12-25 21:27 - 2013-12-25 21:26 - 00229965 _____ C:\Users\Sean\Downloads\fvd_single.2.0.8.crx
    2013-12-25 13:05 - 2013-12-25 13:05 - 00657408 _____ C:\Users\Sean\Downloads\MicrosoftFixit50465.msi
    2013-12-25 08:33 - 2012-06-09 09:52 - 00000000 ____D C:\Program Files\Common Files\Steam
    2013-12-25 06:37 - 2011-04-07 15:18 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2013-12-24 21:24 - 2011-04-07 14:45 - 00000000 ____D C:\Program Files\Microsoft.NET
    2013-12-24 15:23 - 2013-05-11 13:28 - 00000000 ____D C:\Python27
    2013-12-22 21:47 - 2013-12-22 21:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
    2013-12-22 21:46 - 2013-12-22 21:46 - 00923784 _____ (CNET Download.com) C:\Users\Sean\Downloads\cbsidlm-cbsi145-Flash_Video_Downloader_for_Google_Chrome-SEO-75327988.exe
    2013-12-20 18:52 - 2013-09-02 17:43 - 00000024 _____ C:\Users\Sean\random.dat
    2013-12-20 18:48 - 2013-09-02 17:43 - 00000043 _____ C:\Users\Sean\jagex_cl_runescape_LIVE.dat
    2013-12-20 13:13 - 2012-06-23 10:35 - 00000000 ____D C:\Users\Sean\AppData\Roaming\.minecraft
    2013-12-20 12:53 - 2013-12-17 18:24 - 00000000 ____D C:\Users\Sean\AppData\Roaming\DogeCoin
    2013-12-19 05:11 - 2013-08-31 20:22 - 00056080 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2013-12-15 16:30 - 2013-12-15 16:27 - 00000000 ____D C:\Users\Sean\Desktop\pyscript
     
    Files to move or delete:
    ====================
    C:\Users\Sean\AppData\Roaming\Camdata.ini
    C:\Users\Sean\AppData\Roaming\CamLayout.ini
    C:\Users\Sean\AppData\Roaming\CamShapes.ini
    C:\Users\Public\ntuser (1).dat
    C:\Users\Sean\jagex_cl_oldschool_LIVE.dat
    C:\Users\Sean\jagex_cl_runescape_LIVE.dat
    C:\Users\Sean\jagex_cl_runescape_LIVE1.dat
    C:\Users\Sean\random.dat
     
     
    Some content of TEMP:
    ====================
    C:\Users\Administrator\AppData\Local\Temp\InstallAX.exe
    C:\Users\Administrator\AppData\Local\Temp\InstallPlugin.exe
    C:\Users\beasleyj1\AppData\Local\Temp\G2MInstallerExtractor.exe
    C:\Users\beasleyj1\AppData\Local\Temp\_is9872.exe
    C:\Users\Sean\AppData\Local\Temp\ApnStub.exe
    C:\Users\Sean\AppData\Local\Temp\gbinit.exe
    C:\Users\Sean\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
    C:\Users\Sean\AppData\Local\Temp\nitro_pro8.exe
    C:\Users\Sean\AppData\Local\Temp\Quarantine.exe
    C:\Users\Sean\AppData\Local\Temp\setup.exe
    C:\Users\Sean\AppData\Local\Temp\swt-win32-3349.dll
    C:\Users\Sean\AppData\Local\Temp\VerizonRCFile.EXE
     
     
    ==================== Known DLLs (Whitelisted) ============
     
     
    ==================== Bamital & volsnap Check =================
     
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
     
    ==================== EXE ASSOCIATION =====================
     
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
     
    ==================== Restore Points  =========================
     
     
    ==================== Memory info =========================== 
     
    Percentage of memory in use: 13%
    Total physical RAM: 3891.67 MB
    Available physical RAM: 3384.67 MB
    Total Pagefile: 3889.95 MB
    Available Pagefile: 3397.04 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1943.12 MB
     
    ==================== Drives ================================
     
    Drive c: (OSDisk) (Fixed) (Total:297.79 GB) (Free:236.26 GB) NTFS
    Drive f: () (Removable) (Total:1.85 GB) (Free:1.8 GB) FAT
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: (BDEDrive) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 8F857E0F)
    Partition 1: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
    Partition 2: (Active) - (Size=300 MB) - (Type=07 NTFS)
     
    ========================================================
    Disk: 1 (Size: 2 GB) (Disk ID: E1D61897)
    Partition 1: (Not Active) - (Size=2 GB) - (Type=06)
     
     
    LastRegBack: 2014-01-09 14:34
     
    ==================== End Of Log ============================


    #14 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:03:54 AM

    Posted 13 January 2014 - 08:22 PM

    Hmmm, that looks OK.  rpcss.dll is properly replaced and valid.  Copy back the items from the quarantine and let me know if you can boot after that.  I understand why you replaced them last time, I just need to know if you do anything besides what I ask to ensure we end up in a good spot.

     

    Thanks!

     

    -etavares



    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #15 Yerer

    Yerer
    • Topic Starter

    • Members
    • 19 posts
    • OFFLINE
    •  
    • Local time:02:54 AM

    Posted 14 January 2014 - 12:01 AM

    Just to clarify, do you want me to move rpcss.dll back as well? It's included in the FRST quarantine folder. When I attempted to move it, it said there was not enough memory and didn't move it anyway. Also, is there a good way to use the file system in repair mode? I've been going to repair mode and using the notepad save function to navigate, which isn't the most efficient I'm guessing haha






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users