Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help removing BitMefender virus


  • This topic is locked This topic is locked
19 replies to this topic

#1 SamsDad55

SamsDad55

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 08 January 2014 - 10:14 AM

Help!  I just got this yesterday.  I ran malwarebytes and it looked like it cleaned it, but it's back again today.  Following your Step 1 from above, here are my results...

(this is my first day on this forum; I posted this somewhere else as a reply to a similar problem, but got no replies, so trying this way; thanks in advance; I will be away until evening)

 

MiniToolBox by Farbar  Version: 18-12-2013
Ran by Admin6 (administrator) on 08-01-2014 at 07:42:14
Running from "C:\Users\Admin6\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WMULL11X"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1  localhost

127.0.0.1  localhost
127.0.0.1  fr.a2dfp.net
127.0.0.1  m.fr.a2dfp.net
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  abcstats.com
127.0.0.1  a.abv.bg
127.0.0.1  adserver.abv.bg
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  ca.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  track.acclaimnetwork.com
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
127.0.0.1  achmedia.com
127.0.0.1  aconti.net
127.0.0.1  secure.aconti.net
127.0.0.1  www.aconti.net 127.0.0.1  csh.actiondesk.com

There are 28246 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Intel® Centrino® Ultimate-N 6300 AGN = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Ray-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
   Physical Address. . . . . . . . . : 24-77-03-40-BF-C9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 24-77-03-40-BF-C9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® Centrino® Ultimate-N 6300 AGN
   Physical Address. . . . . . . . . : 24-77-03-40-BF-C8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::b8d2:dd85:bdf9:f88c%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.104(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, January 08, 2014 7:37:42 AM
   Lease Expires . . . . . . . . . . : Thursday, January 09, 2014 7:37:42 AM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 304379651
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-20-F8-BA-00-90-F5-CC-CF-9D
   DNS Servers . . . . . . . . . . . : 75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 00-90-F5-CC-CF-9D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{FFD40DF0-1B36-4760-883C-A9473C97CCAA}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{D4CE287D-46FE-4EED-A296-DE8770972574}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:48f:287e:3f57:fd97(Preferred)
   Link-local IPv6 Address . . . . . : fe80::48f:287e:3f57:fd97%15(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{BD9B3690-F213-4F86-BB77-8B0200EDA53B}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{909DFDD4-1B10-416C-BBE0-1B57C9475BF8}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  cdns01.comcast.net
Address:  75.75.75.75

Name:    google.com
Addresses:  2607:f8b0:4009:800::1003
   74.125.225.72
   74.125.225.73
   74.125.225.78
   74.125.225.66
   74.125.225.69
   74.125.225.67
   74.125.225.71
   74.125.225.64
   74.125.225.70
   74.125.225.68
   74.125.225.65

Pinging google.com [74.125.225.71] with 32 bytes of data:
Reply from 74.125.225.71: bytes=32 time=21ms TTL=54
Reply from 74.125.225.71: bytes=32 time=22ms TTL=54

Ping statistics for 74.125.225.71:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 21ms, Maximum = 22ms, Average = 21ms
Server:  cdns01.comcast.net
Address:  75.75.75.75

Name:    yahoo.com
Addresses:  98.138.253.109
   98.139.183.24
   206.190.36.45

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=72ms TTL=50
Reply from 98.139.183.24: bytes=32 time=84ms TTL=50

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 72ms, Maximum = 84ms, Average = 78ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 14...24 77 03 40 bf c9 ......Microsoft Virtual WiFi Miniport Adapter #2
 13...24 77 03 40 bf c9 ......Microsoft Virtual WiFi Miniport Adapter
 12...24 77 03 40 bf c8 ......Intel® Centrino® Ultimate-N 6300 AGN
 11...00 90 f5 cc cf 9d ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1    192.168.2.104     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link     192.168.2.104    281
    192.168.2.104  255.255.255.255         On-link     192.168.2.104    281
    192.168.2.255  255.255.255.255         On-link     192.168.2.104    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.2.104    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.2.104    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 15     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 15     58 2001::/32                On-link
 15    306 2001:0:9d38:90d7:48f:287e:3f57:fd97/128
                                    On-link
 12    281 fe80::/64                On-link
 15    306 fe80::/64                On-link
 15    306 fe80::48f:287e:3f57:fd97/128
                                    On-link
 12    281 fe80::b8d2:dd85:bdf9:f88c/128
                                    On-link
  1    306 ff00::/8                 On-link
 15    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/08/2014 07:12:50 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2014 07:10:55 AM) (Source: Application Error) (User: )
Description: Faulting application name: xayzec.exe, version: 0.1024.27500.4148, time stamp: 0x5287b82d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x002d8253
Faulting process id: 0x58c
Faulting application start time: 0xxayzec.exe0
Faulting application path: xayzec.exe1
Faulting module path: xayzec.exe2
Report Id: xayzec.exe3

Error: (01/08/2014 00:30:13 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (01/08/2014 00:30:01 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (01/07/2014 10:38:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/07/2014 09:56:46 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/07/2014 09:56:46 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/07/2014 09:56:46 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/07/2014 09:56:46 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (01/07/2014 09:56:46 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (01/08/2014 07:23:32 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.165.1320.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.4.0304.00

 Source Path: 4.4.0304.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (01/08/2014 07:14:08 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/08/2014 07:12:49 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (01/07/2014 10:39:35 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/07/2014 10:38:15 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (01/07/2014 09:57:16 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (01/07/2014 09:56:46 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/07/2014 09:56:46 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (01/07/2014 09:55:15 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/07/2014 09:53:56 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Microsoft Office Sessions:
=========================
Error: (01/08/2014 07:12:50 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2014 07:10:55 AM) (Source: Application Error)(User: )
Description: xayzec.exe0.1024.27500.41485287b82dunknown0.0.0.000000000c0000005002d825358c01cf0c730f3b3f6cC:\Users\Ray\AppData\Roaming\Poceespa\xayzec.exeunknown4e056f6e-7866-11e3-a01f-0090f5cccf9d

Error: (01/08/2014 00:30:13 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (01/08/2014 00:30:01 AM) (Source: SideBySide)(User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2

Error: (01/07/2014 10:38:16 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/07/2014 09:56:46 PM) (Source: Windows Search Service)(User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/07/2014 09:56:46 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/07/2014 09:56:46 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/07/2014 09:56:46 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (01/07/2014 09:56:46 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

=========================== Installed Programs ============================

Acronis True Image Home 2012 (Version: 15.0.6131)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.152)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
AuthenTec TrueSuite (Version: 5.2.0.642)
BisonCam (Version: )
CCleaner (Version: 4.08)
Core Temp 1.0 RC6 (Version: 1.0)
CyberLink Media Suite (Version: 8.0.3518)
CyberLink Power2Go (Version: 7.0.0.2211)
CyberLink PowerDVD 10 (Version: 10.0.3523.02)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
GoToAssist Customer 1.6.0.594 (Version: 1.6.0.594)
Hotkey 6.0044 (Version: 6.0044)
HttpWatch Basic 8.5.6 (Version: 8.5.6)
Intel PROSet Wireless
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 8.0.1.1399)
Intel® OpenCL CPU Runtime
Intel® Processor Graphics (Version: 8.15.10.2696)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.0.0.0083)
Intel® Rapid Storage Technology (Version: 11.0.0.1032)
Intel® USB 3.0 eXtensible Host Controller Driver (Version: 1.0.3.214)
Intel® PROSet/Wireless WiFi Software (Version: 15.00.0000.0708)
Intel® Trusted Connect Service Client (Version: 1.23.219.2)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Home and Business 2010 (Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0)
Mozilla Maintenance Service (Version: 26.0)
Nikon Message Center 2 (Version: 2.1.0)
Nikon Movie Editor (Version: 2.6.0)
NVIDIA Control Panel 296.16 (Version: 296.16)
NVIDIA Graphics Driver 296.16 (Version: 296.16)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA Optimus 1.7.12 (Version: 1.7.12)
NVIDIA PhysX (Version: 9.12.0209)
NVIDIA PhysX System Software 9.12.0209 (Version: 9.12.0209)
NVIDIA Update 1.7.12 (Version: 1.7.12)
NVIDIA Update Components (Version: 1.7.12)
Picture Control Utility x64 (Version: 1.4.7)
QuickTime (Version: 7.72.80.56)
Realtek Ethernet Controller Driver (Version: 7.52.203.2012)
Realtek High Definition Audio Driver (Version: 6.0.1.6526)
Realtek PCIE Card Reader (Version: 6.1.7601.27015)
RootsMagic 5.0.4.1
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Sid Meier's Civilization V
Soluto (Version: 1.3.979.0)
Spybot - Search & Destroy (Version: 1.6.2)
Steam (Version: 1.0.0.0)
Strat-O-Matic Baseball 2012f
SUPERAntiSpyware (Version: 5.5.1016)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.1.14.0)
THX TruStudio Pro (Version: TAMB-CVS1D-1-LB R07)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
ViewNX 2 (Version: 2.6.0)
WebCam Installer (Version: 4.04)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinZip 17.5 (Version: 17.5.10480)

========================= Devices: ================================

Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

========================= Memory info: ===================================

Percentage of memory in use: 15%
Total physical RAM: 16278.56 MB
Available physical RAM: 13795.87 MB
Total Pagefile: 32555.3 MB
Available Pagefile: 29799.51 MB
Total Virtual: 4095.88 MB
Available Virtual: 3968.24 MB

========================= Partitions: =====================================

1 Drive c: (Windows) (Fixed) (Total:223.37 GB) (Free:141.76 GB) NTFS
2 Drive d: (ViewNX 2) (CDROM) (Total:0.26 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\RAY-PC

Admin6                   Administrator            Guest                   
Ray                      UpdatusUser             

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

09-12-2013 07:27:14 Windows Update
12-12-2013 07:27:34 Windows Update
16-12-2013 07:27:22 Windows Update
20-12-2013 07:27:20 Windows Update
24-12-2013 07:27:24 Windows Update
28-12-2013 07:27:32 Windows Update
01-01-2014 07:28:31 Windows Update
05-01-2014 07:27:36 Windows Update
08-01-2014 04:34:45 Windows Update

**** End of log ****

 

ESET scan log

C:\Users\Ray\AppData\Local\Temp\AtmosBill_Downers_Grove_60515.zip a variant of Generik.FJCIJN trojan deleted - quarantined
C:\Users\Ray\Downloads\ccsetup402.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantined
C:\Users\Ray\Downloads\ccsetup406.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantined
C:\Users\Ray\Downloads\ccsetup408.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantined
C:\Users\Ray\Downloads\coretemp_1236.exe a variant of Win32/InstallIQ.A application cleaned by deleting - quarantined
 



BC AdBot (Login to Remove)

 


#2 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 08 January 2014 - 11:34 PM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

:)


Hello there, SamsDad55

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#3 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 08 January 2014 - 11:36 PM

Hello,

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

===================================================

Please download aswMBR.exe and save it to your desktop.

  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan
    • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
    • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

===================================================

On your next reply please post :
FRST log
Addition log (attached)
aswMBR log
MBR.dat (attached)



Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.


Edited by Conspire, 08 January 2014 - 11:36 PM.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#4 SamsDad55

SamsDad55
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 09 January 2014 - 01:06 AM

Thank you for the reply.

After initially trying to clean it yesterday, before posting here, I kept getting this popup that says:
"Restart required
"To complete the cleanup, you'll need to restart your PC.
"Important: Before restarting, close any open programs to prevent data loss."

 

So anyway, I originally thought that was Microsoft's Security Essentials and clicked the "Restart now."

 

However, that keeps coming up even after the restart as my original user (even if I log out and back in).

In the meantime, I've created a new Admin6 user and this one seems to be running clean.  Also, on the original user, a persisten java update (or so it calls itself) keeps trying to install (but I have those updates turned
off).

 

Back to Admin6, now running the Farbar Recovery Scan Tool (64-bit)...

 

** FRST log **
(pasted)

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-01-2014 01
Ran by Admin6 (administrator) on RAY-PC on 08-01-2014 23:04:10
Running from C:\Users\Admin6\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_service.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_comm_customer.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_system_customer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Authentec) C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe
(Bison Inc.) C:\Program Files (x86)\BisonCam\PID_0361\DeLay.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_152_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_user_customer.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [KeepSafe] - C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe [38728 2011-10-21] (Authentec)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [THXCfg64] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [DeLay] - C:\Program Files (x86)\BisonCam\PID_0361\DeLay.exe [53248 2008-12-05] (Bison Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403096 2011-11-10] (Acronis)
HKLM\...\Run: [LogMeIn GUI] - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1374720 2010-11-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5954016 2011-11-10] (Acronis)
HKLM-x32\...\Run: [HttpWatch_RegIEPlugin] - C:\Program Files (x86)\HttpWatch\regieplugin.exe [2269408 2012-09-03] (Simtec Limited)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Ray\...\Run: [GoToAssist Remote Support Expert] - C:\Users\Ray\AppData\Local\Citrix\GoToAssist Remote Support Expert\594\g2ax_start.exe [610376 2013-12-06] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\Ray\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [6563096 2013-12-20] (SUPERAntiSpyware)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [260928 2012-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [215360 2012-03-04] (NVIDIA Corporation)
Startup: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\IEBHO.dll (AuthenTec Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HttpWatch Basic - {F1F69322-008F-4895-B2BF-AD194219825A} - C:\Program Files (x86)\HttpWatch\httpwatchsc.dll (Simtec Limited)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com)
R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [299848 2011-11-03] (AuthenTec, Inc)
R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_service.exe [610376 2013-11-27] (Citrix Online, a division of Citrix Systems, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 PowerBiosServer; c:\Program Files (x86)\Hotkey\PowerBiosServer.exe [35328 2011-02-18] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S1 laovnwst; C:\Windows\system32\drivers\laovnwst.sys [56616 2014-01-08] (Microsoft Corporation)
S4 LMIRfsClientNP; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 vidsflt61; C:\Windows\System32\DRIVERS\vsflt61.sys [142944 2012-05-07] (Acronis)
R3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-08 23:04 - 2014-01-08 23:04 - 00010693 _____ C:\Users\Admin6\Desktop\FRST.txt
2014-01-08 23:03 - 2014-01-08 23:03 - 00000000 ____D C:\FRST
2014-01-08 23:02 - 2014-01-08 23:02 - 01931770 _____ (Farbar) C:\Users\Admin6\Desktop\FRST64.exe
2014-01-08 09:10 - 2014-01-08 09:10 - 00000591 _____ C:\Users\Admin6\Desktop\ESET_scan.txt
2014-01-08 09:02 - 2014-01-08 09:02 - 00000000 ____D C:\Users\Admin6\AppData\Roaming\Macromedia
2014-01-08 08:43 - 2014-01-08 08:43 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\laovnwst.sys
2014-01-08 08:20 - 2014-01-08 08:20 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-08 08:19 - 2014-01-08 08:19 - 02347384 _____ (ESET) C:\Users\Admin6\Desktop\esetsmartinstaller_enu.exe
2014-01-08 08:07 - 2014-01-08 08:09 - 00000000 ____D C:\AdwCleaner
2014-01-08 08:07 - 2014-01-08 08:07 - 01233962 _____ C:\Users\Admin6\Desktop\AdwCleaner.exe
2014-01-08 08:04 - 2014-01-08 08:04 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Admin6\Desktop\tdsskiller.exe
2014-01-08 07:42 - 2014-01-08 07:46 - 00029178 _____ C:\Users\Admin6\Desktop\Result.txt
2014-01-08 07:35 - 2014-01-08 07:35 - 00086552 _____ C:\Users\Admin6\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-08 07:35 - 2014-01-08 07:35 - 00001424 _____ C:\Users\Admin6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ___RD C:\Users\Admin6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ___RD C:\Users\Admin6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ____D C:\Users\Admin6\AppData\Roaming\KeepSafe
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ____D C:\Users\Admin6\AppData\Roaming\Intel Corporation
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ____D C:\Users\Admin6\AppData\Roaming\Adobe
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ____D C:\Users\Admin6\AppData\Local\VirtualStore
2014-01-08 07:34 - 2014-01-08 07:35 - 00000000 ____D C:\Users\Admin6
2014-01-08 07:34 - 2014-01-08 07:34 - 00000020 ___SH C:\Users\Admin6\ntuser.ini
2014-01-08 07:34 - 2014-01-08 07:34 - 00000000 ____D C:\Users\Admin6\AppData\Roaming\Intel
2014-01-08 07:34 - 2012-04-27 02:01 - 00000000 ____D C:\Users\Admin6\AppData\Local\Microsoft Help
2014-01-08 07:34 - 2009-07-13 22:54 - 00000000 ___RD C:\Users\Admin6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-08 07:34 - 2009-07-13 22:49 - 00000000 ___RD C:\Users\Admin6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-07 22:36 - 2013-11-26 04:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-07 22:36 - 2013-11-26 03:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-01-07 22:36 - 2013-05-09 23:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-01-07 22:36 - 2013-05-09 23:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-01-07 22:36 - 2013-05-09 22:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-01-07 22:36 - 2013-05-09 22:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-01-07 22:35 - 2013-11-26 05:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-07 22:35 - 2013-11-26 04:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-01-07 22:35 - 2013-11-26 04:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-01-07 22:35 - 2013-11-26 03:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-07 22:35 - 2013-11-26 03:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-01-07 22:35 - 2013-11-26 03:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-07 22:35 - 2013-11-26 03:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-07 22:35 - 2013-11-26 03:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-07 22:35 - 2013-11-26 03:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-07 22:35 - 2013-11-26 03:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-07 22:35 - 2013-11-26 03:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-01-07 22:35 - 2013-11-26 03:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-01-07 22:35 - 2013-11-26 02:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-07 22:35 - 2013-11-26 02:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-01-07 22:35 - 2013-11-26 02:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-01-07 22:35 - 2013-11-26 02:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-07 22:35 - 2013-11-26 02:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-07 22:35 - 2013-11-26 02:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-01-07 22:35 - 2013-11-26 02:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-01-07 22:35 - 2013-11-26 02:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-07 22:35 - 2013-11-26 01:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-07 22:35 - 2013-11-26 01:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-01-07 22:35 - 2013-11-26 01:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-01-07 22:35 - 2013-11-26 01:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-07 22:35 - 2013-11-26 00:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-07 22:35 - 2013-11-26 00:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-07 22:35 - 2013-11-26 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-07 22:35 - 2013-11-26 00:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-01-07 22:35 - 2013-11-26 00:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-01-07 21:53 - 2014-01-08 08:10 - 00000336 _____ C:\Windows\setupact.log
2014-01-07 21:53 - 2014-01-08 07:12 - 00073930 _____ C:\Windows\PFRO.log
2014-01-07 21:53 - 2014-01-07 21:53 - 00000000 _____ C:\Windows\setuperr.log
2014-01-07 21:45 - 2014-01-07 21:45 - 00012866 _____ C:\Users\Ray\Documents\paleo books.xlsx
2014-01-07 21:26 - 2014-01-07 21:31 - 00029829 _____ C:\Users\Ray\Downloads\Result.txt
2014-01-07 21:26 - 2014-01-07 21:26 - 00760063 _____ (Farbar) C:\Users\Ray\Downloads\MiniToolBox.exe
2014-01-07 21:23 - 2014-01-07 21:23 - 00010426 _____ C:\Users\Ray\Documents\Baseball.xlsx
2014-01-07 20:17 - 2014-01-07 20:17 - 00012326 _____ C:\Users\Ray\AppData\Local\aiohvofn
2014-01-07 20:16 - 2014-01-07 20:16 - 00067992 _____ C:\Users\Ray\AppData\Local\nqwhjcga
2014-01-07 20:15 - 2014-01-07 20:15 - 00000000 _____ C:\Users\Ray\AppData\Roaming\SharedSettings.ccs
2013-12-24 22:42 - 2013-12-24 22:42 - 00000000 ____D C:\ProgramData\HP
2013-12-24 22:42 - 2013-12-24 22:42 - 00000000 ____D C:\Program Files\HP
2013-12-20 00:33 - 2013-12-20 00:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-11 22:31 - 2013-11-23 12:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 22:31 - 2013-11-23 11:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 22:31 - 2013-11-11 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 22:31 - 2013-11-11 20:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 22:31 - 2013-10-29 20:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 22:31 - 2013-10-29 20:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 22:31 - 2013-10-29 19:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 22:31 - 2013-10-18 20:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 22:31 - 2013-10-18 19:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 22:31 - 2013-10-11 20:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 22:31 - 2013-10-11 20:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 22:31 - 2013-10-11 20:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 22:31 - 2013-10-11 20:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 22:31 - 2013-10-11 19:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 22:31 - 2013-10-11 19:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 22:31 - 2013-10-11 19:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 22:31 - 2013-10-11 19:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 22:31 - 2013-10-03 20:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 22:31 - 2013-10-03 19:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

==================== One Month Modified Files and Folders =======

2014-01-08 23:04 - 2014-01-08 23:04 - 00010693 _____ C:\Users\Admin6\Desktop\FRST.txt
2014-01-08 23:03 - 2014-01-08 23:03 - 00000000 ____D C:\FRST
2014-01-08 23:02 - 2014-01-08 23:02 - 01931770 _____ (Farbar) C:\Users\Admin6\Desktop\FRST64.exe
2014-01-08 22:59 - 2013-01-12 13:07 - 01520788 _____ C:\Windows\WindowsUpdate.log
2014-01-08 09:10 - 2014-01-08 09:10 - 00000591 _____ C:\Users\Admin6\Desktop\ESET_scan.txt
2014-01-08 09:02 - 2014-01-08 09:02 - 00000000 ____D C:\Users\Admin6\AppData\Roaming\Macromedia
2014-01-08 08:43 - 2014-01-08 08:43 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\laovnwst.sys
2014-01-08 08:20 - 2014-01-08 08:20 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-08 08:19 - 2014-01-08 08:19 - 02347384 _____ (ESET) C:\Users\Admin6\Desktop\esetsmartinstaller_enu.exe
2014-01-08 08:18 - 2009-07-13 22:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-08 08:18 - 2009-07-13 22:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-08 08:14 - 2009-07-13 23:13 - 00786598 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-08 08:10 - 2014-01-07 21:53 - 00000336 _____ C:\Windows\setupact.log
2014-01-08 08:10 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-08 08:09 - 2014-01-08 08:07 - 00000000 ____D C:\AdwCleaner
2014-01-08 08:07 - 2014-01-08 08:07 - 01233962 _____ C:\Users\Admin6\Desktop\AdwCleaner.exe
2014-01-08 08:04 - 2014-01-08 08:04 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Admin6\Desktop\tdsskiller.exe
2014-01-08 07:46 - 2014-01-08 07:42 - 00029178 _____ C:\Users\Admin6\Desktop\Result.txt
2014-01-08 07:35 - 2014-01-08 07:35 - 00086552 _____ C:\Users\Admin6\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-08 07:35 - 2014-01-08 07:35 - 00001424 _____ C:\Users\Admin6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ___RD C:\Users\Admin6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ___RD C:\Users\Admin6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ____D C:\Users\Admin6\AppData\Roaming\KeepSafe
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ____D C:\Users\Admin6\AppData\Roaming\Intel Corporation
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ____D C:\Users\Admin6\AppData\Roaming\Adobe
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ____D C:\Users\Admin6\AppData\Local\VirtualStore
2014-01-08 07:35 - 2014-01-08 07:34 - 00000000 ____D C:\Users\Admin6
2014-01-08 07:34 - 2014-01-08 07:34 - 00000020 ___SH C:\Users\Admin6\ntuser.ini
2014-01-08 07:34 - 2014-01-08 07:34 - 00000000 ____D C:\Users\Admin6\AppData\Roaming\Intel
2014-01-08 07:12 - 2014-01-07 21:53 - 00073930 _____ C:\Windows\PFRO.log
2014-01-08 07:12 - 2012-04-26 08:14 - 00000000 ____D C:\Users\Ray\Documents\Outlook Files
2014-01-08 05:36 - 2013-11-12 23:27 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1B69D445-7B83-4E75-9BE1-79DA96551611}
2014-01-07 23:35 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2014-01-07 22:46 - 2009-07-13 23:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-07 22:38 - 2009-07-13 22:45 - 00343352 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-07 22:36 - 2012-04-26 07:26 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-07 22:35 - 2013-09-04 02:42 - 00000000 ____D C:\Windows\system32\MRT
2014-01-07 22:34 - 2012-05-07 17:36 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-07 21:53 - 2014-01-07 21:53 - 00000000 _____ C:\Windows\setuperr.log
2014-01-07 21:53 - 2012-05-05 22:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-07 21:45 - 2014-01-07 21:45 - 00012866 _____ C:\Users\Ray\Documents\paleo books.xlsx
2014-01-07 21:44 - 2013-11-09 11:25 - 00000000 ____D C:\Users\Ray\Documents\Paleo
2014-01-07 21:31 - 2014-01-07 21:26 - 00029829 _____ C:\Users\Ray\Downloads\Result.txt
2014-01-07 21:26 - 2014-01-07 21:26 - 00760063 _____ (Farbar) C:\Users\Ray\Downloads\MiniToolBox.exe
2014-01-07 21:23 - 2014-01-07 21:23 - 00010426 _____ C:\Users\Ray\Documents\Baseball.xlsx
2014-01-07 21:22 - 2013-10-05 16:06 - 00072966 _____ C:\Users\Ray\Documents\2013 NFL.xlsx
2014-01-07 20:17 - 2014-01-07 20:17 - 00012326 _____ C:\Users\Ray\AppData\Local\aiohvofn
2014-01-07 20:16 - 2014-01-07 20:16 - 00067992 _____ C:\Users\Ray\AppData\Local\nqwhjcga
2014-01-07 20:15 - 2014-01-07 20:15 - 00000000 _____ C:\Users\Ray\AppData\Roaming\SharedSettings.ccs
2013-12-31 23:04 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-24 22:42 - 2013-12-24 22:42 - 00000000 ____D C:\ProgramData\HP
2013-12-24 22:42 - 2013-12-24 22:42 - 00000000 ____D C:\Program Files\HP
2013-12-20 22:29 - 2012-09-14 04:09 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-20 00:34 - 2013-12-20 00:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

Files to move or delete:
====================
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\Ray\g2ax_customer_downloadhelper_win32_x86.exe

Some content of TEMP:
====================
C:\Users\Admin6\AppData\Local\Temp\Quarantine.exe
C:\Users\Ray\AppData\Local\Temp\Java_Update_802b77e6.exe
C:\Users\Ray\AppData\Local\Temp\Java_Update_babc607c.exe
C:\Users\Ray\AppData\Local\Temp\Java_Update_ee3536b7.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-12-30 00:37

==================== End Of Log ============================

 

** Addition log **
(attached)

 

** aswMBR log **
(pasted)

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-01-08 23:13:02
-----------------------------
23:13:02.528    OS Version: Windows x64 6.1.7601 Service Pack 1
23:13:02.528    Number of processors: 8 586 0x2A07
23:13:02.528    ComputerName: RAY-PC  UserName: Admin6
23:13:03.370    Initialize success
23:19:02.286    AVAST engine defs: 14010701
23:23:28.113    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:23:28.128    Disk 0 Vendor: INTEL_SS 400i Size: 228936MB BusType: 3
23:23:28.144    Disk 0 MBR read successfully
23:23:28.159    Disk 0 MBR scan
23:23:28.175    Disk 0 Windows 7 default MBR code
23:23:28.175    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          200 MB offset 2048
23:23:28.222    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       228734 MB offset 411648
23:23:28.284    Disk 0 scanning C:\Windows\system32\drivers
23:23:32.995    Service scanning
23:23:45.085    Modules scanning
23:23:45.101    Disk 0 trace - called modules:
23:23:45.101    ntoskrnl.exe fltsrv.sys tdrpman.sys CLASSPNP.SYS disk.sys vsflt61.sys ACPI.sys iaStor.sys hal.dll
23:23:45.101    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d2f2790]
23:23:45.117    3 CLASSPNP.SYS[fffff880011cd43f] -> nt!IofCallDriver -> [0xfffffa800d22cab0]
23:23:45.117    5 vsflt61.sys[fffff88000e5b0fd] -> nt!IofCallDriver -> [0xfffffa800d0eee40]
23:23:45.117    7 ACPI.sys[fffff88000f9c7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800d0f2050]
23:23:45.881    AVAST engine scan C:\Windows
23:23:46.770    AVAST engine scan C:\Windows\system32
23:25:35.721    AVAST engine scan C:\Windows\system32\drivers
23:25:45.081    AVAST engine scan C:\Users\Admin6
23:25:53.302    AVAST engine scan C:\ProgramData
23:27:26.309    Scan finished successfully
23:56:13.608    Disk 0 MBR has been saved successfully to "C:\Users\Admin6\Desktop\MBR.dat"
23:56:13.608    The log file has been saved successfully to "C:\Users\Admin6\Desktop\aswMBR.txt"

** MBR.dat **
(attached)

Attached Files



#5 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 09 January 2014 - 03:46 AM

Hi,

Thanks for the feedback. Please follow the instructions below.

Follow these steps to display hidden files and folders.

  • Open Folder Options by clicking the Start button 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33.png, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
  • Click the View tab.
  • Under Advanced settings, click Show hidden files and folders
  • Click OK. (Remember to Hide files and folders once done)

Please go to one of the below sites to scan the following files:
Virus Total (Recommended)
jotti.org
VirScan


click on Browse, and upload the following file for analysis:
C:\Windows\system32\Drivers\laovnwst.sys

Then click Submit. Allow the file to be scanned, and then please copy and paste the results link here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.

===================================================

Download attached fixlist.txt file and save it to the Desktop.

 

Attached File  fixlist.txt   447bytes   2 downloads

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

===================================================

 

Please run FRST again for a fresh log.

 

===================================================

 

On your next reply please post :
File scanner submission result

FRST Fix log

Fresh FRST log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.


Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#6 SamsDad55

SamsDad55
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 09 January 2014 - 09:52 PM

That file will not come up on any of the websites you gave me browse tool.  They only shows 2 directories and 3 files (whereas Explorer shows 3 sub-directories and 328 files, including the one you're asking about).  There just doesn't seem to be a way to get its name into the browse tool.  I'll hold off on the fixlist step until I hear back from you.  Thanks!

 

UPDATE: I copied it using Explorer to Desktop and analyzed it from there and got this...

File already analysed

This file was last analysed by VirusTotal on 2013-12-15 10:39:45 UTC, it was first analysed by VirusTotal on 2013-11-21 21:37:26 UTC.

Detection ratio: 0/49

You can take a look at the last analysis or analyse it again now.

 

So I reanalyzed it and here's what I got...

 

 

SHA256: deca4221a283beb00e3066c9e3a1fbdbb3f5c3010206f076a29335a9aa029af9 File name: laovnwst.sys Detection ratio: 0 / 46 Analysis date: 2014-01-10 02:06:48 UTC ( 1 minute ago )
Probably harmless! There are strong indicators suggesting that this file is safe to use. 
    (it don't show in this paste, but all results are green checkmarks except a few that timed out)

 

 

Antivirus Result Update AVG   20140110 Ad-Aware   20140110 Agnitum   20140109 AhnLab-V3   20140109 AntiVir   20140110 Antiy-AVL   20140109 Avast   20140110 Baidu-International   20131213 BitDefender   20140110 Bkav   20140109 ByteHero   20131226 CAT-QuickHeal   20140109 ClamAV   20140110 Commtouch   20140110 Comodo   20140109 DrWeb   20140110 ESET-NOD32   20140110 Emsisoft   20140110 F-Prot   20140110 F-Secure   20140109 Fortinet   20140110 GData   20140110 Ikarus   20140110 Jiangmin   20140109 K7AntiVirus   20140109 K7GW   20140109 Kaspersky   20140110 Kingsoft   20130829 Malwarebytes   20140110 McAfee   20140110 McAfee-GW-Edition   20140109 MicroWorld-eScan   20140110 Microsoft   20140110 NANO-Antivirus   20140109 Norman   20140109 Panda   20140109 Rising   20140110 SUPERAntiSpyware   20140109 Sophos   20140110 Symantec   20140109 TheHacker   20140108 TotalDefense   20140109 TrendMicro   20140110 TrendMicro-HouseCall   20140110 VBA32   20140109 VIPRE   20140110 ViRobot   20140109 nProtect   20140109

 

Looks safe now to proceed with next step (fixlist)...

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-01-2014
Ran by Admin6 at 2014-01-09 20:16:43 Run:1
Running from C:\Users\Admin6\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\Ray\g2ax_customer_downloadhelper_win32_x86.exe
Folder: C:\Users\Ray\AppData\Local\aiohvofn
Folder: C:\Users\Ray\AppData\Local\nqwhjcga
C:\Users\Ray\AppData\Local\Temp\Java_Update_802b77e6.exe
C:\Users\Ray\AppData\Local\Temp\Java_Update_babc607c.exe
C:\Users\Ray\AppData\Local\Temp\Java_Update_ee3536b7.exe
end
*****************

C:\ProgramData\PKP_DLeo.DAT => Moved successfully.
C:\ProgramData\PKP_DLes.DAT => Moved successfully.
C:\ProgramData\PKP_DLet.DAT => Moved successfully.
C:\ProgramData\PKP_DLev.DAT => Moved successfully.
C:\Users\Ray\g2ax_customer_downloadhelper_win32_x86.exe => Moved successfully.

========================= Folder: C:\Users\Ray\AppData\Local\aiohvofn ========================

2014-01-07 20:17 - 2014-01-07 20:17 - 0012326 _____ () C:\Users\Ray\AppData\Local\aiohvofn

====== End of Folder: ======

========================= Folder: C:\Users\Ray\AppData\Local\nqwhjcga ========================

2014-01-07 20:16 - 2014-01-07 20:16 - 0067992 _____ () C:\Users\Ray\AppData\Local\nqwhjcga

====== End of Folder: ======

C:\Users\Ray\AppData\Local\Temp\Java_Update_802b77e6.exe => Moved successfully.
C:\Users\Ray\AppData\Local\Temp\Java_Update_babc607c.exe => Moved successfully.
C:\Users\Ray\AppData\Local\Temp\Java_Update_ee3536b7.exe => Moved successfully.

==== End of Fixlog ====

 

Fresh FRST log...

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-01-2014
Ran by Admin6 (administrator) on RAY-PC on 09-01-2014 20:18:29
Running from C:\Users\Admin6\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_service.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_comm_customer.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_system_customer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Authentec) C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe
(Bison Inc.) C:\Program Files (x86)\BisonCam\PID_0361\DeLay.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_user_customer.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
(AVAST Software) C:\Users\Admin6\Desktop\aswMBR.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [KeepSafe] - C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe [38728 2011-10-21] (Authentec)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [THXCfg64] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [DeLay] - C:\Program Files (x86)\BisonCam\PID_0361\DeLay.exe [53248 2008-12-05] (Bison Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403096 2011-11-10] (Acronis)
HKLM\...\Run: [LogMeIn GUI] - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1374720 2010-11-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5954016 2011-11-10] (Acronis)
HKLM-x32\...\Run: [HttpWatch_RegIEPlugin] - C:\Program Files (x86)\HttpWatch\regieplugin.exe [2269408 2012-09-03] (Simtec Limited)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Ray\...\Run: [GoToAssist Remote Support Expert] - C:\Users\Ray\AppData\Local\Citrix\GoToAssist Remote Support Expert\594\g2ax_start.exe [610376 2013-12-06] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\Ray\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [6563096 2013-12-20] (SUPERAntiSpyware)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [260928 2012-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [215360 2012-03-04] (NVIDIA Corporation)
Startup: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD72CF9DDA50DCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\IEBHO.dll (AuthenTec Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HttpWatch Basic - {F1F69322-008F-4895-B2BF-AD194219825A} - C:\Program Files (x86)\HttpWatch\httpwatchsc.dll (Simtec Limited)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com)
R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [299848 2011-11-03] (AuthenTec, Inc)
R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_service.exe [610376 2013-11-27] (Citrix Online, a division of Citrix Systems, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 PowerBiosServer; c:\Program Files (x86)\Hotkey\PowerBiosServer.exe [35328 2011-02-18] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S1 laovnwst; C:\Windows\system32\drivers\laovnwst.sys [56616 2014-01-08] (Microsoft Corporation)
S4 LMIRfsClientNP; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 vidsflt61; C:\Windows\System32\DRIVERS\vsflt61.sys [142944 2012-05-07] (Acronis)
R3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
U3 aswMBR; \??\C:\Users\Admin6\AppData\Local\Temp\aswMBR.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-09 20:16 - 2014-01-09 20:16 - 00002304 _____ C:\Users\Admin6\Desktop\Thur.txt
2014-01-09 20:16 - 2014-01-09 20:16 - 00000000 ____D C:\Users\Admin6\Desktop\FRST-OlderVersion
2014-01-09 20:04 - 2014-01-08 08:43 - 00056616 _____ (Microsoft Corporation) C:\Users\Admin6\Desktop\laovnwst.sys
2014-01-08 23:59 - 2014-01-08 23:59 - 00000000 ____D C:\Users\Admin6\AppData\Local\Apps\2.0
2014-01-08 23:58 - 2014-01-08 23:58 - 00000560 _____ C:\Users\Admin6\Desktop\MBR.zip
2014-01-08 23:56 - 2014-01-08 23:56 - 00002035 _____ C:\Users\Admin6\Desktop\aswMBR.txt
2014-01-08 23:56 - 2014-01-08 23:56 - 00000512 _____ C:\Users\Admin6\Desktop\MBR.dat
2014-01-08 23:09 - 2014-01-08 23:09 - 04745728 _____ (AVAST Software) C:\Users\Admin6\Desktop\aswMBR.exe
2014-01-08 23:04 - 2014-01-09 20:18 - 00011187 _____ C:\Users\Admin6\Desktop\FRST.txt
2014-01-08 23:04 - 2014-01-08 23:04 - 00025910 _____ C:\Users\Admin6\Desktop\Addition.txt
2014-01-08 23:03 - 2014-01-09 20:16 - 00000000 ____D C:\FRST
2014-01-08 23:02 - 2014-01-09 20:16 - 01931772 _____ (Farbar) C:\Users\Admin6\Desktop\FRST64.exe
2014-01-08 09:10 - 2014-01-08 09:10 - 00000591 _____ C:\Users\Admin6\Desktop\ESET_scan.txt
2014-01-08 09:02 - 2014-01-08 09:02 - 00000000 ____D C:\Users\Admin6\AppData\Roaming\Macromedia
2014-01-08 08:43 - 2014-01-08 08:43 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\laovnwst.sys
2014-01-08 08:20 - 2014-01-08 08:20 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-08 08:19 - 2014-01-08 08:19 - 02347384 _____ (ESET) C:\Users\Admin6\Desktop\esetsmartinstaller_enu.exe
2014-01-08 08:07 - 2014-01-08 08:09 - 00000000 ____D C:\AdwCleaner
2014-01-08 08:07 - 2014-01-08 08:07 - 01233962 _____ C:\Users\Admin6\Desktop\AdwCleaner.exe
2014-01-08 08:04 - 2014-01-08 08:04 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Admin6\Desktop\tdsskiller.exe
2014-01-08 07:42 - 2014-01-08 07:46 - 00029178 _____ C:\Users\Admin6\Desktop\Result.txt
2014-01-08 07:35 - 2014-01-08 07:35 - 00086552 _____ C:\Users\Admin6\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-08 07:35 - 2014-01-08 07:35 - 00001424 _____ C:\Users\Admin6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ___RD C:\Users\Admin6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ___RD C:\Users\Admin6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ____D C:\Users\Admin6\AppData\Roaming\KeepSafe
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ____D C:\Users\Admin6\AppData\Roaming\Intel Corporation
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ____D C:\Users\Admin6\AppData\Roaming\Adobe
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ____D C:\Users\Admin6\AppData\Local\VirtualStore
2014-01-08 07:34 - 2014-01-08 07:35 - 00000000 ____D C:\Users\Admin6
2014-01-08 07:34 - 2014-01-08 07:34 - 00000020 ___SH C:\Users\Admin6\ntuser.ini
2014-01-08 07:34 - 2014-01-08 07:34 - 00000000 ____D C:\Users\Admin6\AppData\Roaming\Intel
2014-01-08 07:34 - 2012-04-27 02:01 - 00000000 ____D C:\Users\Admin6\AppData\Local\Microsoft Help
2014-01-08 07:34 - 2009-07-13 22:54 - 00000000 ___RD C:\Users\Admin6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-08 07:34 - 2009-07-13 22:49 - 00000000 ___RD C:\Users\Admin6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-07 22:36 - 2013-11-26 04:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-07 22:36 - 2013-11-26 03:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-01-07 22:36 - 2013-05-09 23:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-01-07 22:36 - 2013-05-09 23:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-01-07 22:36 - 2013-05-09 22:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-01-07 22:36 - 2013-05-09 22:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-01-07 22:35 - 2013-11-26 05:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-07 22:35 - 2013-11-26 04:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-01-07 22:35 - 2013-11-26 04:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-01-07 22:35 - 2013-11-26 03:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-07 22:35 - 2013-11-26 03:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-01-07 22:35 - 2013-11-26 03:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-07 22:35 - 2013-11-26 03:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-07 22:35 - 2013-11-26 03:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-07 22:35 - 2013-11-26 03:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-07 22:35 - 2013-11-26 03:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-07 22:35 - 2013-11-26 03:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-01-07 22:35 - 2013-11-26 03:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-01-07 22:35 - 2013-11-26 02:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-07 22:35 - 2013-11-26 02:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-01-07 22:35 - 2013-11-26 02:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-01-07 22:35 - 2013-11-26 02:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-07 22:35 - 2013-11-26 02:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-07 22:35 - 2013-11-26 02:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-01-07 22:35 - 2013-11-26 02:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-01-07 22:35 - 2013-11-26 02:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-07 22:35 - 2013-11-26 01:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-07 22:35 - 2013-11-26 01:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-01-07 22:35 - 2013-11-26 01:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-01-07 22:35 - 2013-11-26 01:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-07 22:35 - 2013-11-26 00:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-07 22:35 - 2013-11-26 00:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-07 22:35 - 2013-11-26 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-07 22:35 - 2013-11-26 00:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-01-07 22:35 - 2013-11-26 00:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-01-07 21:53 - 2014-01-08 08:10 - 00000336 _____ C:\Windows\setupact.log
2014-01-07 21:53 - 2014-01-08 07:12 - 00073930 _____ C:\Windows\PFRO.log
2014-01-07 21:53 - 2014-01-07 21:53 - 00000000 _____ C:\Windows\setuperr.log
2014-01-07 21:45 - 2014-01-07 21:45 - 00012866 _____ C:\Users\Ray\Documents\paleo books.xlsx
2014-01-07 21:26 - 2014-01-07 21:31 - 00029829 _____ C:\Users\Ray\Downloads\Result.txt
2014-01-07 21:26 - 2014-01-07 21:26 - 00760063 _____ (Farbar) C:\Users\Ray\Downloads\MiniToolBox.exe
2014-01-07 21:23 - 2014-01-07 21:23 - 00010426 _____ C:\Users\Ray\Documents\Baseball.xlsx
2014-01-07 20:17 - 2014-01-07 20:17 - 00012326 _____ C:\Users\Ray\AppData\Local\aiohvofn
2014-01-07 20:16 - 2014-01-07 20:16 - 00067992 _____ C:\Users\Ray\AppData\Local\nqwhjcga
2014-01-07 20:15 - 2014-01-07 20:15 - 00000000 _____ C:\Users\Ray\AppData\Roaming\SharedSettings.ccs
2013-12-24 22:42 - 2013-12-24 22:42 - 00000000 ____D C:\ProgramData\HP
2013-12-24 22:42 - 2013-12-24 22:42 - 00000000 ____D C:\Program Files\HP
2013-12-20 00:33 - 2013-12-20 00:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-11 22:31 - 2013-11-23 12:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 22:31 - 2013-11-23 11:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 22:31 - 2013-11-11 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 22:31 - 2013-11-11 20:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 22:31 - 2013-10-29 20:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 22:31 - 2013-10-29 20:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 22:31 - 2013-10-29 19:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 22:31 - 2013-10-18 20:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 22:31 - 2013-10-18 19:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 22:31 - 2013-10-11 20:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 22:31 - 2013-10-11 20:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 22:31 - 2013-10-11 20:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 22:31 - 2013-10-11 20:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 22:31 - 2013-10-11 19:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 22:31 - 2013-10-11 19:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 22:31 - 2013-10-11 19:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 22:31 - 2013-10-11 19:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 22:31 - 2013-10-03 20:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 22:31 - 2013-10-03 19:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

==================== One Month Modified Files and Folders =======

2014-01-09 20:18 - 2014-01-08 23:04 - 00011187 _____ C:\Users\Admin6\Desktop\FRST.txt
2014-01-09 20:16 - 2014-01-09 20:16 - 00002304 _____ C:\Users\Admin6\Desktop\Thur.txt
2014-01-09 20:16 - 2014-01-09 20:16 - 00000000 ____D C:\Users\Admin6\Desktop\FRST-OlderVersion
2014-01-09 20:16 - 2014-01-08 23:03 - 00000000 ____D C:\FRST
2014-01-09 20:16 - 2014-01-08 23:02 - 01931772 _____ (Farbar) C:\Users\Admin6\Desktop\FRST64.exe
2014-01-09 20:16 - 2012-04-25 20:36 - 00000000 ____D C:\Users\Ray
2014-01-09 15:18 - 2013-01-12 13:07 - 01577409 _____ C:\Windows\WindowsUpdate.log
2014-01-09 08:25 - 2009-07-13 22:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-09 08:25 - 2009-07-13 22:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-08 23:59 - 2014-01-08 23:59 - 00000000 ____D C:\Users\Admin6\AppData\Local\Apps\2.0
2014-01-08 23:58 - 2014-01-08 23:58 - 00000560 _____ C:\Users\Admin6\Desktop\MBR.zip
2014-01-08 23:56 - 2014-01-08 23:56 - 00002035 _____ C:\Users\Admin6\Desktop\aswMBR.txt
2014-01-08 23:56 - 2014-01-08 23:56 - 00000512 _____ C:\Users\Admin6\Desktop\MBR.dat
2014-01-08 23:09 - 2014-01-08 23:09 - 04745728 _____ (AVAST Software) C:\Users\Admin6\Desktop\aswMBR.exe
2014-01-08 23:04 - 2014-01-08 23:04 - 00025910 _____ C:\Users\Admin6\Desktop\Addition.txt
2014-01-08 09:10 - 2014-01-08 09:10 - 00000591 _____ C:\Users\Admin6\Desktop\ESET_scan.txt
2014-01-08 09:02 - 2014-01-08 09:02 - 00000000 ____D C:\Users\Admin6\AppData\Roaming\Macromedia
2014-01-08 08:43 - 2014-01-09 20:04 - 00056616 _____ (Microsoft Corporation) C:\Users\Admin6\Desktop\laovnwst.sys
2014-01-08 08:43 - 2014-01-08 08:43 - 00056616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\laovnwst.sys
2014-01-08 08:20 - 2014-01-08 08:20 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-08 08:19 - 2014-01-08 08:19 - 02347384 _____ (ESET) C:\Users\Admin6\Desktop\esetsmartinstaller_enu.exe
2014-01-08 08:14 - 2009-07-13 23:13 - 00786598 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-08 08:10 - 2014-01-07 21:53 - 00000336 _____ C:\Windows\setupact.log
2014-01-08 08:10 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-08 08:09 - 2014-01-08 08:07 - 00000000 ____D C:\AdwCleaner
2014-01-08 08:07 - 2014-01-08 08:07 - 01233962 _____ C:\Users\Admin6\Desktop\AdwCleaner.exe
2014-01-08 08:04 - 2014-01-08 08:04 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Admin6\Desktop\tdsskiller.exe
2014-01-08 07:46 - 2014-01-08 07:42 - 00029178 _____ C:\Users\Admin6\Desktop\Result.txt
2014-01-08 07:35 - 2014-01-08 07:35 - 00086552 _____ C:\Users\Admin6\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-08 07:35 - 2014-01-08 07:35 - 00001424 _____ C:\Users\Admin6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ___RD C:\Users\Admin6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ___RD C:\Users\Admin6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ____D C:\Users\Admin6\AppData\Roaming\KeepSafe
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ____D C:\Users\Admin6\AppData\Roaming\Intel Corporation
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ____D C:\Users\Admin6\AppData\Roaming\Adobe
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ____D C:\Users\Admin6\AppData\Local\VirtualStore
2014-01-08 07:35 - 2014-01-08 07:34 - 00000000 ____D C:\Users\Admin6
2014-01-08 07:34 - 2014-01-08 07:34 - 00000020 ___SH C:\Users\Admin6\ntuser.ini
2014-01-08 07:34 - 2014-01-08 07:34 - 00000000 ____D C:\Users\Admin6\AppData\Roaming\Intel
2014-01-08 07:12 - 2014-01-07 21:53 - 00073930 _____ C:\Windows\PFRO.log
2014-01-08 07:12 - 2012-04-26 08:14 - 00000000 ____D C:\Users\Ray\Documents\Outlook Files
2014-01-08 05:36 - 2013-11-12 23:27 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1B69D445-7B83-4E75-9BE1-79DA96551611}
2014-01-07 23:35 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2014-01-07 22:46 - 2009-07-13 23:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-07 22:38 - 2009-07-13 22:45 - 00343352 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-07 22:36 - 2012-04-26 07:26 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-07 22:35 - 2013-09-04 02:42 - 00000000 ____D C:\Windows\system32\MRT
2014-01-07 22:34 - 2012-05-07 17:36 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-07 21:53 - 2014-01-07 21:53 - 00000000 _____ C:\Windows\setuperr.log
2014-01-07 21:53 - 2012-05-05 22:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-07 21:45 - 2014-01-07 21:45 - 00012866 _____ C:\Users\Ray\Documents\paleo books.xlsx
2014-01-07 21:44 - 2013-11-09 11:25 - 00000000 ____D C:\Users\Ray\Documents\Paleo
2014-01-07 21:31 - 2014-01-07 21:26 - 00029829 _____ C:\Users\Ray\Downloads\Result.txt
2014-01-07 21:26 - 2014-01-07 21:26 - 00760063 _____ (Farbar) C:\Users\Ray\Downloads\MiniToolBox.exe
2014-01-07 21:23 - 2014-01-07 21:23 - 00010426 _____ C:\Users\Ray\Documents\Baseball.xlsx
2014-01-07 21:22 - 2013-10-05 16:06 - 00072966 _____ C:\Users\Ray\Documents\2013 NFL.xlsx
2014-01-07 20:17 - 2014-01-07 20:17 - 00012326 _____ C:\Users\Ray\AppData\Local\aiohvofn
2014-01-07 20:16 - 2014-01-07 20:16 - 00067992 _____ C:\Users\Ray\AppData\Local\nqwhjcga
2014-01-07 20:15 - 2014-01-07 20:15 - 00000000 _____ C:\Users\Ray\AppData\Roaming\SharedSettings.ccs
2013-12-31 23:04 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-24 22:42 - 2013-12-24 22:42 - 00000000 ____D C:\ProgramData\HP
2013-12-24 22:42 - 2013-12-24 22:42 - 00000000 ____D C:\Program Files\HP
2013-12-20 22:29 - 2012-09-14 04:09 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-20 00:34 - 2013-12-20 00:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\Admin6\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-09 00:37

==================== End Of Log ============================

 

Lastly, I have still never restarted.  I am staying logged in as Admin6, but switching users back to my original user (and logging out).  Each time I go to that user, I still get the:

"Restart required
"To complete the cleanup, you'll need to restart your PC.
"Important: Before restarting, close any open programs to prevent data loss."

(it gas a monitor with a yellow background and a big white exclamation point in the center).

Could that be Microsoft Security Essentials?  I'm sure I need to restart again eventually anyway, but I'll wait for your advice first.  Thanks!



#7 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 09 January 2014 - 10:18 PM

It is advisable to restart after each fix. Some tools we use will automatically do it for you.

 

At this moment, I can't tell if the pop up comes from MSE or somewhere else. I will have to weed out some of these bad guys and note the progress.

 

Can you login to your main account and run FRST again for me? Most of the problem started from there, right?


Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#8 SamsDad55

SamsDad55
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 09 January 2014 - 10:50 PM

Okay, back as original user after restart.  That MSE-like restart popup window is gone!!  Fresh FRST log to follow...

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-01-2014
Ran by Ray (administrator) on RAY-PC on 09-01-2014 21:47:53
Running from C:\Users\Ray\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_service.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_comm_customer.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_system_customer.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_user_customer.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Authentec) C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe
(Bison Inc.) C:\Program Files (x86)\BisonCam\PID_0361\DeLay.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Ray\AppData\Local\Citrix\GoToAssist Remote Support Expert\594\g2ax_start.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Ray\AppData\Local\Citrix\GoToAssist Remote Support Expert\594\g2ax_comm_expert.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Ray\AppData\Local\Citrix\GoToAssist Remote Support Expert\594\g2ax_user_expert.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(WinZip Computing, S.L.) C:\Program Files\WinZip\ZipSendService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [KeepSafe] - C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe [38728 2011-10-21] (Authentec)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [THXCfg64] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [DeLay] - C:\Program Files (x86)\BisonCam\PID_0361\DeLay.exe [53248 2008-12-05] (Bison Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403096 2011-11-10] (Acronis)
HKLM\...\Run: [LogMeIn GUI] - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1374720 2010-11-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5954016 2011-11-10] (Acronis)
HKLM-x32\...\Run: [HttpWatch_RegIEPlugin] - C:\Program Files (x86)\HttpWatch\regieplugin.exe [2269408 2012-09-03] (Simtec Limited)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [GoToAssist Remote Support Expert] - C:\Users\Ray\AppData\Local\Citrix\GoToAssist Remote Support Expert\594\g2ax_start.exe [610376 2013-12-06] (Citrix Online, a division of Citrix Systems, Inc.)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [6563096 2013-12-20] (SUPERAntiSpyware)
MountPoints2: {acd45acc-89a6-11e1-86f5-806e6f6e6963} - D:\Welcome.exe
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [260928 2012-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [215360 2012-03-04] (NVIDIA Corporation)
Startup: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nfl.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE&PC=UP09
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\IEBHO.dll (AuthenTec Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HttpWatch Basic - {F1F69322-008F-4895-B2BF-AD194219825A} - C:\Program Files (x86)\HttpWatch\httpwatchsc.dll (Simtec Limited)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\xls7t35r.default
FF DefaultSearchEngine: Google
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin-x32: @httpwatch.com/hw_addon - C:\Program Files (x86)\HttpWatch\Firefox\components ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Ray\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Ghostery - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\xls7t35r.default\Extensions\firefox@ghostery.com.xpi
FF Extension: Lightbeam - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\xls7t35r.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
FF Extension: Text to Voice - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\xls7t35r.default\Extensions\text2voice@vik.josh.xpi
FF Extension: NoScript - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\xls7t35r.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\xls7t35r.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{1E2593B2-E106-4697-BCE7-A9D30DE05D73}] - C:\Program Files (x86)\HttpWatch\Firefox\
FF Extension: HttpWatch Basic Edition - C:\Program Files (x86)\HttpWatch\Firefox\

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com)
R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [299848 2011-11-03] (AuthenTec, Inc)
R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_service.exe [610376 2013-11-27] (Citrix Online, a division of Citrix Systems, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 PowerBiosServer; c:\Program Files (x86)\Hotkey\PowerBiosServer.exe [35328 2011-02-18] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S4 LMIRfsClientNP; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 vidsflt61; C:\Windows\System32\DRIVERS\vsflt61.sys [142944 2012-05-07] (Acronis)
R3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-09 21:47 - 2014-01-09 21:47 - 01931772 _____ (Farbar) C:\Users\Ray\Downloads\FRST64.exe
2014-01-09 21:47 - 2014-01-09 21:47 - 00015402 _____ C:\Users\Ray\Downloads\FRST.txt
2014-01-09 20:16 - 2014-01-09 20:16 - 00002304 _____ C:\Users\Admin6\Desktop\Thur.txt
2014-01-09 20:16 - 2014-01-09 20:16 - 00000000 ____D C:\Users\Admin6\Desktop\FRST-OlderVersion
2014-01-09 20:04 - 2014-01-08 08:43 - 00056616 _____ (Microsoft Corporation) C:\Users\Admin6\Desktop\laovnwst.sys
2014-01-08 23:59 - 2014-01-08 23:59 - 00000000 ____D C:\Users\Admin6\AppData\Local\Apps\2.0
2014-01-08 23:58 - 2014-01-08 23:58 - 00000560 _____ C:\Users\Admin6\Desktop\MBR.zip
2014-01-08 23:56 - 2014-01-08 23:56 - 00002035 _____ C:\Users\Admin6\Desktop\aswMBR.txt
2014-01-08 23:56 - 2014-01-08 23:56 - 00000512 _____ C:\Users\Admin6\Desktop\MBR.dat
2014-01-08 23:09 - 2014-01-08 23:09 - 04745728 _____ (AVAST Software) C:\Users\Admin6\Desktop\aswMBR.exe
2014-01-08 23:04 - 2014-01-09 20:31 - 00028929 _____ C:\Users\Admin6\Desktop\FRST.txt
2014-01-08 23:04 - 2014-01-08 23:04 - 00025910 _____ C:\Users\Admin6\Desktop\Addition.txt
2014-01-08 23:03 - 2014-01-09 20:16 - 00000000 ____D C:\FRST
2014-01-08 23:02 - 2014-01-09 20:16 - 01931772 _____ (Farbar) C:\Users\Admin6\Desktop\FRST64.exe
2014-01-08 09:10 - 2014-01-08 09:10 - 00000591 _____ C:\Users\Admin6\Desktop\ESET_scan.txt
2014-01-08 09:02 - 2014-01-08 09:02 - 00000000 ____D C:\Users\Admin6\AppData\Roaming\Macromedia
2014-01-08 08:20 - 2014-01-08 08:20 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-08 08:19 - 2014-01-08 08:19 - 02347384 _____ (ESET) C:\Users\Admin6\Desktop\esetsmartinstaller_enu.exe
2014-01-08 08:07 - 2014-01-08 08:09 - 00000000 ____D C:\AdwCleaner
2014-01-08 08:07 - 2014-01-08 08:07 - 01233962 _____ C:\Users\Admin6\Desktop\AdwCleaner.exe
2014-01-08 08:04 - 2014-01-08 08:04 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Admin6\Desktop\tdsskiller.exe
2014-01-08 07:42 - 2014-01-08 07:46 - 00029178 _____ C:\Users\Admin6\Desktop\Result.txt
2014-01-08 07:35 - 2014-01-08 07:35 - 00086552 _____ C:\Users\Admin6\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-08 07:35 - 2014-01-08 07:35 - 00001424 _____ C:\Users\Admin6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ___RD C:\Users\Admin6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ___RD C:\Users\Admin6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ____D C:\Users\Admin6\AppData\Roaming\KeepSafe
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ____D C:\Users\Admin6\AppData\Roaming\Intel Corporation
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ____D C:\Users\Admin6\AppData\Roaming\Adobe
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ____D C:\Users\Admin6\AppData\Local\VirtualStore
2014-01-08 07:34 - 2014-01-08 07:35 - 00000000 ____D C:\Users\Admin6
2014-01-08 07:34 - 2014-01-08 07:34 - 00000020 ___SH C:\Users\Admin6\ntuser.ini
2014-01-08 07:34 - 2014-01-08 07:34 - 00000000 ____D C:\Users\Admin6\AppData\Roaming\Intel
2014-01-08 07:34 - 2012-04-27 02:01 - 00000000 ____D C:\Users\Admin6\AppData\Local\Microsoft Help
2014-01-08 07:34 - 2009-07-13 22:54 - 00000000 ___RD C:\Users\Admin6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-08 07:34 - 2009-07-13 22:49 - 00000000 ___RD C:\Users\Admin6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-07 22:36 - 2013-11-26 04:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-07 22:36 - 2013-11-26 03:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-01-07 22:36 - 2013-05-09 23:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-01-07 22:36 - 2013-05-09 23:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-01-07 22:36 - 2013-05-09 22:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-01-07 22:36 - 2013-05-09 22:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-01-07 22:35 - 2013-11-26 05:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-07 22:35 - 2013-11-26 04:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-01-07 22:35 - 2013-11-26 04:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-01-07 22:35 - 2013-11-26 03:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-07 22:35 - 2013-11-26 03:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-01-07 22:35 - 2013-11-26 03:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-07 22:35 - 2013-11-26 03:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-07 22:35 - 2013-11-26 03:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-07 22:35 - 2013-11-26 03:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-07 22:35 - 2013-11-26 03:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-07 22:35 - 2013-11-26 03:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-01-07 22:35 - 2013-11-26 03:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-01-07 22:35 - 2013-11-26 02:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-07 22:35 - 2013-11-26 02:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-01-07 22:35 - 2013-11-26 02:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-01-07 22:35 - 2013-11-26 02:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-07 22:35 - 2013-11-26 02:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-07 22:35 - 2013-11-26 02:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-01-07 22:35 - 2013-11-26 02:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-01-07 22:35 - 2013-11-26 02:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-07 22:35 - 2013-11-26 01:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-07 22:35 - 2013-11-26 01:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-01-07 22:35 - 2013-11-26 01:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-01-07 22:35 - 2013-11-26 01:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-07 22:35 - 2013-11-26 00:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-07 22:35 - 2013-11-26 00:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-07 22:35 - 2013-11-26 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-07 22:35 - 2013-11-26 00:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-01-07 22:35 - 2013-11-26 00:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-01-07 21:53 - 2014-01-09 21:40 - 00000392 _____ C:\Windows\setupact.log
2014-01-07 21:53 - 2014-01-08 07:12 - 00073930 _____ C:\Windows\PFRO.log
2014-01-07 21:53 - 2014-01-07 21:53 - 00000000 _____ C:\Windows\setuperr.log
2014-01-07 21:45 - 2014-01-07 21:45 - 00012866 _____ C:\Users\Ray\Documents\paleo books.xlsx
2014-01-07 21:26 - 2014-01-07 21:31 - 00029829 _____ C:\Users\Ray\Downloads\Result.txt
2014-01-07 21:26 - 2014-01-07 21:26 - 00760063 _____ (Farbar) C:\Users\Ray\Downloads\MiniToolBox.exe
2014-01-07 21:23 - 2014-01-07 21:23 - 00010426 _____ C:\Users\Ray\Documents\Baseball.xlsx
2014-01-07 20:17 - 2014-01-07 20:17 - 00012326 _____ C:\Users\Ray\AppData\Local\aiohvofn
2014-01-07 20:16 - 2014-01-07 20:16 - 00067992 _____ C:\Users\Ray\AppData\Local\nqwhjcga
2014-01-07 20:15 - 2014-01-07 20:15 - 00000000 _____ C:\Users\Ray\AppData\Roaming\SharedSettings.ccs
2013-12-24 22:42 - 2013-12-24 22:42 - 00000000 ____D C:\ProgramData\HP
2013-12-24 22:42 - 2013-12-24 22:42 - 00000000 ____D C:\Program Files\HP
2013-12-20 00:33 - 2013-12-20 00:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-11 22:31 - 2013-11-23 12:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 22:31 - 2013-11-23 11:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 22:31 - 2013-11-11 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 22:31 - 2013-11-11 20:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 22:31 - 2013-10-29 20:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 22:31 - 2013-10-29 20:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 22:31 - 2013-10-29 19:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 22:31 - 2013-10-18 20:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 22:31 - 2013-10-18 19:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 22:31 - 2013-10-11 20:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 22:31 - 2013-10-11 20:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 22:31 - 2013-10-11 20:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 22:31 - 2013-10-11 20:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 22:31 - 2013-10-11 19:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 22:31 - 2013-10-11 19:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 22:31 - 2013-10-11 19:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 22:31 - 2013-10-11 19:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 22:31 - 2013-10-03 20:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 22:31 - 2013-10-03 19:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

==================== One Month Modified Files and Folders =======

2014-01-09 21:48 - 2014-01-09 21:47 - 00015402 _____ C:\Users\Ray\Downloads\FRST.txt
2014-01-09 21:47 - 2014-01-09 21:47 - 01931772 _____ (Farbar) C:\Users\Ray\Downloads\FRST64.exe
2014-01-09 21:47 - 2009-07-13 22:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-09 21:47 - 2009-07-13 22:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-09 21:46 - 2009-07-13 23:13 - 00786598 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-09 21:43 - 2013-11-12 23:27 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1B69D445-7B83-4E75-9BE1-79DA96551611}
2014-01-09 21:43 - 2013-01-12 13:07 - 01592173 _____ C:\Windows\WindowsUpdate.log
2014-01-09 21:42 - 2012-04-26 08:14 - 00000000 ____D C:\Users\Ray\Documents\Outlook Files
2014-01-09 21:40 - 2014-01-07 21:53 - 00000392 _____ C:\Windows\setupact.log
2014-01-09 21:40 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-09 20:31 - 2014-01-08 23:04 - 00028929 _____ C:\Users\Admin6\Desktop\FRST.txt
2014-01-09 20:16 - 2014-01-09 20:16 - 00002304 _____ C:\Users\Admin6\Desktop\Thur.txt
2014-01-09 20:16 - 2014-01-09 20:16 - 00000000 ____D C:\Users\Admin6\Desktop\FRST-OlderVersion
2014-01-09 20:16 - 2014-01-08 23:03 - 00000000 ____D C:\FRST
2014-01-09 20:16 - 2014-01-08 23:02 - 01931772 _____ (Farbar) C:\Users\Admin6\Desktop\FRST64.exe
2014-01-09 20:16 - 2012-04-25 20:36 - 00000000 ____D C:\Users\Ray
2014-01-08 23:59 - 2014-01-08 23:59 - 00000000 ____D C:\Users\Admin6\AppData\Local\Apps\2.0
2014-01-08 23:58 - 2014-01-08 23:58 - 00000560 _____ C:\Users\Admin6\Desktop\MBR.zip
2014-01-08 23:56 - 2014-01-08 23:56 - 00002035 _____ C:\Users\Admin6\Desktop\aswMBR.txt
2014-01-08 23:56 - 2014-01-08 23:56 - 00000512 _____ C:\Users\Admin6\Desktop\MBR.dat
2014-01-08 23:09 - 2014-01-08 23:09 - 04745728 _____ (AVAST Software) C:\Users\Admin6\Desktop\aswMBR.exe
2014-01-08 23:04 - 2014-01-08 23:04 - 00025910 _____ C:\Users\Admin6\Desktop\Addition.txt
2014-01-08 09:10 - 2014-01-08 09:10 - 00000591 _____ C:\Users\Admin6\Desktop\ESET_scan.txt
2014-01-08 09:02 - 2014-01-08 09:02 - 00000000 ____D C:\Users\Admin6\AppData\Roaming\Macromedia
2014-01-08 08:43 - 2014-01-09 20:04 - 00056616 _____ (Microsoft Corporation) C:\Users\Admin6\Desktop\laovnwst.sys
2014-01-08 08:20 - 2014-01-08 08:20 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-08 08:19 - 2014-01-08 08:19 - 02347384 _____ (ESET) C:\Users\Admin6\Desktop\esetsmartinstaller_enu.exe
2014-01-08 08:09 - 2014-01-08 08:07 - 00000000 ____D C:\AdwCleaner
2014-01-08 08:07 - 2014-01-08 08:07 - 01233962 _____ C:\Users\Admin6\Desktop\AdwCleaner.exe
2014-01-08 08:04 - 2014-01-08 08:04 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Admin6\Desktop\tdsskiller.exe
2014-01-08 07:46 - 2014-01-08 07:42 - 00029178 _____ C:\Users\Admin6\Desktop\Result.txt
2014-01-08 07:35 - 2014-01-08 07:35 - 00086552 _____ C:\Users\Admin6\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-08 07:35 - 2014-01-08 07:35 - 00001424 _____ C:\Users\Admin6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ___RD C:\Users\Admin6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ___RD C:\Users\Admin6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ____D C:\Users\Admin6\AppData\Roaming\KeepSafe
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ____D C:\Users\Admin6\AppData\Roaming\Intel Corporation
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ____D C:\Users\Admin6\AppData\Roaming\Adobe
2014-01-08 07:35 - 2014-01-08 07:35 - 00000000 ____D C:\Users\Admin6\AppData\Local\VirtualStore
2014-01-08 07:35 - 2014-01-08 07:34 - 00000000 ____D C:\Users\Admin6
2014-01-08 07:34 - 2014-01-08 07:34 - 00000020 ___SH C:\Users\Admin6\ntuser.ini
2014-01-08 07:34 - 2014-01-08 07:34 - 00000000 ____D C:\Users\Admin6\AppData\Roaming\Intel
2014-01-08 07:12 - 2014-01-07 21:53 - 00073930 _____ C:\Windows\PFRO.log
2014-01-07 23:35 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2014-01-07 22:46 - 2009-07-13 23:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-07 22:38 - 2009-07-13 22:45 - 00343352 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-07 22:36 - 2012-04-26 07:26 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-07 22:35 - 2013-09-04 02:42 - 00000000 ____D C:\Windows\system32\MRT
2014-01-07 22:34 - 2012-05-07 17:36 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-07 21:53 - 2014-01-07 21:53 - 00000000 _____ C:\Windows\setuperr.log
2014-01-07 21:53 - 2012-05-05 22:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-07 21:45 - 2014-01-07 21:45 - 00012866 _____ C:\Users\Ray\Documents\paleo books.xlsx
2014-01-07 21:44 - 2013-11-09 11:25 - 00000000 ____D C:\Users\Ray\Documents\Paleo
2014-01-07 21:31 - 2014-01-07 21:26 - 00029829 _____ C:\Users\Ray\Downloads\Result.txt
2014-01-07 21:26 - 2014-01-07 21:26 - 00760063 _____ (Farbar) C:\Users\Ray\Downloads\MiniToolBox.exe
2014-01-07 21:23 - 2014-01-07 21:23 - 00010426 _____ C:\Users\Ray\Documents\Baseball.xlsx
2014-01-07 21:22 - 2013-10-05 16:06 - 00072966 _____ C:\Users\Ray\Documents\2013 NFL.xlsx
2014-01-07 20:17 - 2014-01-07 20:17 - 00012326 _____ C:\Users\Ray\AppData\Local\aiohvofn
2014-01-07 20:16 - 2014-01-07 20:16 - 00067992 _____ C:\Users\Ray\AppData\Local\nqwhjcga
2014-01-07 20:15 - 2014-01-07 20:15 - 00000000 _____ C:\Users\Ray\AppData\Roaming\SharedSettings.ccs
2013-12-31 23:04 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-24 22:42 - 2013-12-24 22:42 - 00000000 ____D C:\ProgramData\HP
2013-12-24 22:42 - 2013-12-24 22:42 - 00000000 ____D C:\Program Files\HP
2013-12-20 22:29 - 2012-09-14 04:09 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-20 00:34 - 2013-12-20 00:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\Admin6\AppData\Local\Temp\Quarantine.exe
C:\Users\Ray\AppData\Local\Temp\IntResource.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-09 00:37

==================== End Of Log ============================



#9 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 10 January 2014 - 12:00 AM

Do you recognize this file?

D:\Welcome.exe
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#10 SamsDad55

SamsDad55
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 10 January 2014 - 05:57 AM

It's on a CD-ROM that came with a camera I purchased.  Part of a software package called Nikon ViewNX2.



#11 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 10 January 2014 - 06:06 AM

Hi,

Please download SystemLook from one of the links below and save it to your Desktop.
Download
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :dir
    C:\Users\Ray\AppData\Local\aiohvofn /s /md5
    C:\Users\Ray\AppData\Local\nqwhjcga /s /md5
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#12 SamsDad55

SamsDad55
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 10 January 2014 - 06:48 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 05:27 on 10/01/2014 by Ray
Administrator - Elevation successful

========== dir ==========

C:\Users\Ray\AppData\Local\aiohvofn - Unable to find folder.

C:\Users\Ray\AppData\Local\nqwhjcga - Unable to find folder.

-= EOF =-

 

Although it says "unable to find folder," those two files (not folders) are there.  I can see them in Explorer.  So I edited your codebox and ran it this way:

:dir
C:\Users\Ray\AppData\Local\ /s /md5

 

(and edited the output to the files you were looking for)

BTW: both of those files (time/date stamp) came in the time I had the problem.  There were also over 100 randomly-named folders, one level up from Local (most of them empty) that came in within one minute (during the problem), which I deleted (at least one contained that BitMefender.exe file, randomly named something else).  This I did as a result of advice listed from another user before your first reply asking me not to try deleting anything (after the scans you had me do), i.e., I've not deleted any more since we started working together.  Here are the results of the two files.  SHould I delete them?  Thanks again.

 

SystemLook 30.07.11 by jpshortstuff
Log created at 05:35 on 10/01/2014 by Ray
Administrator - Elevation successful

========== dir ==========

C:\Users\Ray\AppData\Local - Parameters: "/s /md5"

---Files---
aiohvofn    --a---- 12326 bytes    [02:17 08/01/2014]    [02:17 08/01/2014] DB9D25F7FE20E7DE7B85A409ECCAC7C6
nqwhjcga    --a---- 67992 bytes    [02:16 08/01/2014]    [02:16 08/01/2014] BBE3C21A06D488DB3416BC8F25E280EC

 

-= EOF =-



#13 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 10 January 2014 - 07:03 AM

I think those should go.

Go ahead and delete them. Then do the following.

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply. Please do not attach it.
===================================================

Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program. (Note to Vista users, please right-click and select Run as Administrator.)
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.


===================================================

On your next reply please post :
ESET log
MBAM log



Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#14 SamsDad55

SamsDad55
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 10 January 2014 - 10:36 AM

ESET was clean, so there is no log.  Malwarebytes Quick Scan was also clean (log pasted below).  Should I run their Full Scan, or anything else, or are we done?  And if we're done, can I be assured that there are no back doors left?  Thank you!  PS: In an earlier scan I pasted, I also noticed something about my index file being corrupt.  While not part of the BitMefender problem, I wonder if I should be doing anything about that as well?  Thanks again!

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.10.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Ray :: RAY-PC [administrator]

1/10/2014 9:06:00 AM
mbam-log-2014-01-10 (09-06-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 260218
Time elapsed: 1 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 



#15 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 10 January 2014 - 12:49 PM

I think you have to rebuild the index again. Not sure about that. Try rebuild them.

http://windows.microsoft.com/en-us/windows7/change-advanced-indexing-options

Let me know how it goes and we will do some house keeping before we consider this resolved.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users