Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Was clean. Reinfected 4 days later. Same stuff.


  • This topic is locked This topic is locked
16 replies to this topic

#1 lemmiwinks

lemmiwinks

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 PM

Posted 09 February 2014 - 10:59 PM

Here is a link to the old thread http://www.bleepingcomputer.com/forums/t/520647/renamed-processesservices-redirects-in-chromefirefoxexplorer/

 

Gringo helped me and nailed what I had.  Unfortunately it's back.  Unfortunately I don't have its name.

 

I think I'm getting reinfected when I open certain folders and/or files.  I noticed the reinfection after viewing some family photos and videos, files which shouldn't be infected.  Or, it could be from VLC which opened when I viewed a video of my kids.  Or something else entirely.  I've visited no questionable sites, I've downloaded nothing out of the ordinary, no torrents, nada.  

 

On a side note, after cleaning this up again, is there software that will strip your hard drives down to the bone, leaving only a sterilized Windows, sterilized photos, sterilized video, settings, and a few games?  Maybe I'm asking too much. 



BC AdBot (Login to Remove)

 


m

#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:29 PM

Posted 10 February 2014 - 12:42 AM





Hello lemmiwinks

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 lemmiwinks

lemmiwinks
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 PM

Posted 10 February 2014 - 10:10 PM

Hello again Gringo.  My computer is running slow, the internet, keyboard, and mouse are choppy, and my hard drives are thrashing.  Pretty much the same as last time.  Here are the logs you requested.
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014 01
Ran by luke (administrator) on LUKE-PC on 10-02-2014 21:54:12
Running from C:\Users\luke\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Synergy\synergyd.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncservice.exe
(RealVNC Ltd.) C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserverui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
() C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
(wj32) C:\Program Files\Process Hacker 2\ProcessHacker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [XMouseButtonControl] - C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1171088 2013-10-06] (Highresolution Enterprises)
HKLM-x32\...\Run: [HOSTS Anti-Adware_PUPs] - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2014-01-05] ()
HKLM-x32\...\Run: [InstaLAN] - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1770400 2011-04-29] (Affinegy, Inc.)
HKU\S-1-5-21-3685884611-65057680-3883802071-1000\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [429120 2014-01-23] (BillP Studios)
HKU\S-1-5-21-3685884611-65057680-3883802071-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3685884611-65057680-3883802071-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x71596A0BD267CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {8AFDD421-B262-45AA-8C19-D576F4FBE70F} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E008A543-CEFB-4559-912F-C27C2B89F13B} http://vcuhsnm101.mcvh-vcu.edu/dwa7W.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
 
Chrome: 
=======
CHR Extension: (Adblock Plus) - C:\Users\luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-07]
CHR Extension: (Google Wallet) - C:\Users\luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16]
 
==================== Services (Whitelisted) =================
 
R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [566688 2011-04-29] (Affinegy, Inc.)
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2014-01-05] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-01-11] ()
R2 Synergy; C:\Program Files (x86)\Synergy\synergyd.exe [271360 2013-10-22] ()
R2 vncserver; C:\Program Files\RealVNC\VNC Server\vncservice.exe [502592 2013-12-06] (RealVNC Ltd)
R2 WinVNC4; C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe [439632 2008-10-15] (RealVNC Ltd.)
S2 Apple Mobile Device; "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S4 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe /StartService [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.)
S3 ATITool; C:\Windows\System32\DRIVERS\ATITool64.sys [30720 2006-11-10] ()
R1 EIO64; C:\Windows\System32\DRIVERS\EIO64.sys [16384 2010-03-09] (ASUSTeK Computer Inc.)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\MBAE.sys [62168 2013-12-17] ()
R4 KProcessHacker2; C:\Program Files\Process Hacker 2\kprocesshacker.sys [40088 2013-10-30] (wj32)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 NVR0Dev; C:\Windows\nvoclk64.sys [39968 2007-09-04] (NVidia Corp.)
S3 RAMDiskVE; C:\Windows\System32\Drivers\RAMDiskVE.sys [70952 2011-05-05] (Windows ® Win 7 DDK provider)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2009-11-27] ()
S3 SQTECH9052; C:\Windows\System32\Drivers\Capt9052.sys [47680 2008-02-21] (Service & Quality Technology.)
S3 SQTECH905C; C:\Windows\System32\Drivers\Capt905c.sys [44480 2007-05-02] (Service & Quality Technology.)
S3 usbrndis6; C:\Windows\system32\drivers\usb80236.sys [19968 2013-02-11] (Microsoft Corporation)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
U3 a1qv079k; C:\Windows\System32\Drivers\a1qv079k.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\11111111\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-10 21:54 - 2014-02-10 21:54 - 00011146 _____ () C:\Users\luke\Downloads\FRST.txt
2014-02-10 21:52 - 2014-02-10 21:54 - 00000000 ____D () C:\FRST
2014-02-10 21:52 - 2014-02-10 21:52 - 02151424 _____ (Farbar) C:\Users\luke\Downloads\FRST64.exe
2014-02-10 21:51 - 2014-02-10 21:51 - 01139712 _____ (Farbar) C:\Users\luke\Downloads\FRST.exe
2014-02-10 21:10 - 2014-02-10 21:10 - 00001688 _____ () C:\Windows\PFRO.log
2014-02-10 15:15 - 2014-02-10 15:15 - 00000000 ____D () C:\Users\luke\AppData\Local\CrashDumps
2014-02-09 20:14 - 2014-02-10 21:02 - 00000294 _____ () C:\Users\luke\Documents\AutoHotkey.ahk
2014-02-09 20:13 - 2014-02-09 20:13 - 00000000 ____D () C:\Program Files\AutoHotkey
2014-02-09 20:10 - 2014-02-09 20:11 - 02653269 _____ () C:\Users\luke\Downloads\AutoHotkey111402_Install.exe
2014-02-09 20:01 - 2014-02-09 20:01 - 00001218 _____ () C:\Users\luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UnrealTournament - Shortcut.lnk
2014-02-08 04:47 - 2014-02-08 04:47 - 00013939 _____ () C:\HijackPatrol.log
2014-02-04 14:16 - 2014-02-04 14:16 - 00000000 ____D () C:\Users\luke\Desktop\Tor Browser
2014-02-04 14:13 - 2014-02-04 14:15 - 24123598 _____ () C:\Users\luke\Downloads\torbrowser-install-3.5.1_en-US.exe
2014-02-02 18:48 - 2014-02-02 18:48 - 00000000 ____D () C:\Users\luke\AppData\Roaming\WinPatrol
2014-02-02 18:48 - 2014-02-02 18:48 - 00000000 ____D () C:\ProgramData\InstallMate
2014-02-02 18:48 - 2014-02-02 18:48 - 00000000 ____D () C:\Program Files (x86)\BillP Studios
2014-02-02 18:41 - 2014-02-02 18:41 - 01543208 _____ (BillP Studios) C:\Users\luke\Downloads\wpsetup.exe
2014-02-02 09:24 - 2014-02-10 21:11 - 00000112 _____ () C:\Windows\setupact.log
2014-02-02 09:24 - 2014-02-02 09:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-01-28 00:07 - 2014-01-28 00:07 - 00000083 _____ () C:\Users\luke\Desktop\EsetScanResults.txt
2014-01-27 02:44 - 2014-01-27 02:44 - 00000000 ____D () C:\Users\luke\Desktop\backups
2014-01-26 03:05 - 2014-02-10 03:05 - 00053292 _____ () C:\Windows\IE11_main.log
2014-01-26 03:04 - 2014-01-26 03:04 - 00007936 _____ () C:\Users\luke\Desktop\hijackthis.log
2014-01-26 02:52 - 2014-01-26 02:52 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-25 17:35 - 2014-01-25 17:35 - 00026988 _____ () C:\ComboFix.txt
2014-01-24 01:39 - 2014-01-24 01:39 - 00004561 _____ () C:\Users\luke\Desktop\RKreport[0]_SC_01242014_013931.txt
2014-01-24 01:38 - 2014-01-24 01:38 - 00004871 _____ () C:\Users\luke\Desktop\RKreport[0]_H_01242014_013828.txt
2014-01-24 01:38 - 2014-01-24 01:38 - 00003686 _____ () C:\Users\luke\Desktop\RKreport[0]_PR_01242014_013829.txt
2014-01-24 01:38 - 2014-01-24 01:38 - 00003650 _____ () C:\Users\luke\Desktop\RKreport[0]_DN_01242014_013831.txt
2014-01-24 01:37 - 2014-01-24 01:37 - 00006797 _____ () C:\Users\luke\Desktop\RKreport[0]_D_01242014_013711.txt
2014-01-24 01:36 - 2014-01-24 01:36 - 00006688 _____ () C:\Users\luke\Desktop\RKreport[0]_S_01242014_013655.txt
2014-01-24 01:17 - 2014-01-24 01:17 - 00006749 _____ () C:\Users\luke\Desktop\RKreport[0]_S_01242014_011726.txt
2014-01-24 01:13 - 2014-01-24 01:14 - 04406784 _____ () C:\Users\luke\Downloads\RogueKillerX64.exe
2014-01-23 21:05 - 2014-01-24 03:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-23 21:04 - 2014-01-23 21:04 - 12589848 _____ (Malwarebytes Corp.) C:\Users\luke\Downloads\mbar-1.07.0.1009.exe
2014-01-22 19:12 - 2014-01-23 17:55 - 00000000 ____D () C:\Users\luke\Pearson
2014-01-22 13:58 - 2014-01-22 13:58 - 00008441 _____ () C:\Users\luke\Desktop\hjt2
2014-01-22 12:58 - 2014-01-24 18:22 - 00011337 _____ () C:\Users\luke\Desktop\aaableepcomppost.txt
2014-01-22 12:35 - 2014-01-22 12:35 - 00008442 _____ () C:\Users\luke\Desktop\hjt_log1
2014-01-22 12:32 - 2014-01-22 12:32 - 00388608 _____ (Trend Micro Inc.) C:\Users\luke\Desktop\HijackThis.exe
2014-01-21 03:04 - 2014-01-21 03:04 - 05167985 _____ (Swearware) C:\Users\luke\Downloads\ComboFix (3).exe
2014-01-21 02:28 - 2014-01-25 17:06 - 05175240 ____R (Swearware) C:\Users\luke\Desktop\11111111.exe
2014-01-21 02:28 - 2014-01-21 02:28 - 01236282 _____ () C:\Users\luke\Downloads\AdwCleaner (7).exe
2014-01-20 03:35 - 2014-01-20 03:35 - 01236282 _____ () C:\Users\luke\Downloads\AdwCleaner (6).exe
2014-01-20 03:27 - 2014-01-20 03:27 - 00000703 _____ () C:\Users\luke\Desktop\JRT.txt
2014-01-20 03:18 - 2014-01-20 03:18 - 01037068 _____ (Thisisu) C:\Users\luke\Downloads\JRT (2).exe
2014-01-20 03:17 - 2014-01-20 03:17 - 01236282 _____ () C:\Users\luke\Downloads\AdwCleaner (5).exe
2014-01-20 00:57 - 2013-11-26 20:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-20 00:57 - 2013-11-26 20:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-20 00:57 - 2013-11-26 20:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-20 00:57 - 2013-11-26 20:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-20 00:57 - 2013-11-26 20:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-20 00:57 - 2013-11-26 20:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-20 00:57 - 2013-11-26 20:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-20 00:57 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-20 00:57 - 2013-11-26 05:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-19 20:11 - 2014-01-19 20:11 - 01236282 _____ () C:\Users\luke\Downloads\AdwCleaner (2).exe
2014-01-19 20:10 - 2014-01-19 20:10 - 01236282 _____ () C:\Users\luke\Downloads\AdwCleaner (3).exe
2014-01-19 20:08 - 2014-01-19 20:09 - 01236282 _____ () C:\Users\luke\Downloads\AdwCleaner (4).exe
2014-01-15 16:56 - 2014-01-15 16:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-15 16:55 - 2014-01-15 16:55 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-15 16:55 - 2014-01-15 16:55 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-15 16:55 - 2014-01-15 16:55 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-15 16:55 - 2014-01-15 16:55 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-15 16:50 - 2014-01-15 16:51 - 29141928 _____ (Oracle Corporation) C:\Users\luke\Downloads\jre-7u51-windows-i586.exe
2014-01-13 17:32 - 2014-01-13 17:32 - 00000000 ____D () C:\Users\Kim
2014-01-13 17:32 - 2014-01-13 17:32 - 00000000 ____D () C:\Users\Kids
2014-01-13 17:32 - 2014-01-13 17:32 - 00000000 ____D () C:\Users\Guest
2014-01-13 17:29 - 2014-01-13 17:29 - 05166068 _____ (Swearware) C:\Users\luke\Downloads\ComboFix (1).exe
2014-01-13 16:50 - 2014-01-13 16:50 - 00000000 ____D () C:\ProgramData\Affinegy
2014-01-13 03:58 - 2014-01-13 03:58 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Process Hacker 2
2014-01-12 19:52 - 2014-01-18 14:31 - 00021938 _____ () C:\Users\luke\Desktop\dds.txt
2014-01-12 19:52 - 2014-01-18 14:31 - 00017466 _____ () C:\Users\luke\Desktop\attach.txt
2014-01-12 19:51 - 2014-01-12 19:51 - 00688992 ____R (Swearware) C:\Users\luke\Downloads\dds.scr
2014-01-12 18:54 - 2014-01-12 18:54 - 00007177 _____ () C:\Users\luke\Desktop\hijackthis1234
2014-01-12 09:49 - 2014-01-12 09:50 - 00015672 _____ () C:\Users\luke\Desktop\nathans talk.odt
2014-01-11 04:25 - 2014-01-11 12:59 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\DigitalSites
2014-01-11 04:25 - 2014-01-11 04:25 - 00000110 _____ () C:\Users\Administrator\AppData\Roaming\WB.CFG
2014-01-11 04:25 - 2014-01-11 04:25 - 00000005 _____ () C:\Users\Administrator\AppData\Roaming\WBPU-TTL.DAT
2014-01-11 03:34 - 2014-01-11 03:34 - 01678013 _____ () C:\Users\luke\Downloads\pc-decrapifier-2.3.1 (1).exe
2014-01-11 03:33 - 2014-01-11 03:33 - 00233056 _____ (Kaspersky Lab, Yury Parshin) C:\Windows\system32\Drivers\63264326.sys
 
==================== One Month Modified Files and Folders =======
 
2014-02-10 21:54 - 2014-02-10 21:54 - 00011146 _____ () C:\Users\luke\Downloads\FRST.txt
2014-02-10 21:54 - 2014-02-10 21:52 - 00000000 ____D () C:\FRST
2014-02-10 21:52 - 2014-02-10 21:52 - 02151424 _____ (Farbar) C:\Users\luke\Downloads\FRST64.exe
2014-02-10 21:51 - 2014-02-10 21:51 - 01139712 _____ (Farbar) C:\Users\luke\Downloads\FRST.exe
2014-02-10 21:34 - 2010-05-17 13:47 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-10 21:20 - 2009-07-13 23:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-10 21:20 - 2009-07-13 23:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-10 21:16 - 2009-11-17 19:41 - 01329311 _____ () C:\Windows\WindowsUpdate.log
2014-02-10 21:11 - 2014-02-02 09:24 - 00000112 _____ () C:\Windows\setupact.log
2014-02-10 21:11 - 2014-01-10 23:09 - 00002998 _____ () C:\Windows\System32\Tasks\Malwarebytes Anti-Exploit
2014-02-10 21:11 - 2014-01-10 23:09 - 00000508 _____ () C:\Windows\Tasks\Malwarebytes Anti-Exploit.job
2014-02-10 21:11 - 2010-05-17 13:47 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-10 21:11 - 2009-11-30 04:07 - 00000000 ____D () C:\Windows\Minidump
2014-02-10 21:11 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-10 21:10 - 2014-02-10 21:10 - 00001688 _____ () C:\Windows\PFRO.log
2014-02-10 21:10 - 2009-11-17 19:36 - 00288450 ____N () C:\Windows\Minidump\021014-102820-01.dmp
2014-02-10 21:02 - 2014-02-09 20:14 - 00000294 _____ () C:\Users\luke\Documents\AutoHotkey.ahk
2014-02-10 15:15 - 2014-02-10 15:15 - 00000000 ____D () C:\Users\luke\AppData\Local\CrashDumps
2014-02-10 03:05 - 2014-01-26 03:05 - 00053292 _____ () C:\Windows\IE11_main.log
2014-02-09 20:13 - 2014-02-09 20:13 - 00000000 ____D () C:\Program Files\AutoHotkey
2014-02-09 20:13 - 2009-07-14 02:46 - 00000000 ____D () C:\Windows\ShellNew
2014-02-09 20:11 - 2014-02-09 20:10 - 02653269 _____ () C:\Users\luke\Downloads\AutoHotkey111402_Install.exe
2014-02-09 20:01 - 2014-02-09 20:01 - 00001218 _____ () C:\Users\luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UnrealTournament - Shortcut.lnk
2014-02-09 18:41 - 2013-11-21 17:25 - 00000000 ____D () C:\Users\luke\AppData\Roaming\.minecraft
2014-02-08 04:47 - 2014-02-08 04:47 - 00013939 _____ () C:\HijackPatrol.log
2014-02-08 03:19 - 2009-11-28 04:46 - 00000000 ____D () C:\Users\luke\AppData\Roaming\vlc
2014-02-04 14:16 - 2014-02-04 14:16 - 00000000 ____D () C:\Users\luke\Desktop\Tor Browser
2014-02-04 14:15 - 2014-02-04 14:13 - 24123598 _____ () C:\Users\luke\Downloads\torbrowser-install-3.5.1_en-US.exe
2014-02-02 18:48 - 2014-02-02 18:48 - 00000000 ____D () C:\Users\luke\AppData\Roaming\WinPatrol
2014-02-02 18:48 - 2014-02-02 18:48 - 00000000 ____D () C:\ProgramData\InstallMate
2014-02-02 18:48 - 2014-02-02 18:48 - 00000000 ____D () C:\Program Files (x86)\BillP Studios
2014-02-02 18:41 - 2014-02-02 18:41 - 01543208 _____ (BillP Studios) C:\Users\luke\Downloads\wpsetup.exe
2014-02-02 09:24 - 2014-02-02 09:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-01 01:08 - 2009-11-17 19:17 - 00000000 ____D () C:\ProgramData\Apple
2014-01-28 00:07 - 2014-01-28 00:07 - 00000083 _____ () C:\Users\luke\Desktop\EsetScanResults.txt
2014-01-27 02:44 - 2014-01-27 02:44 - 00000000 ____D () C:\Users\luke\Desktop\backups
2014-01-26 03:04 - 2014-01-26 03:04 - 00007936 _____ () C:\Users\luke\Desktop\hijackthis.log
2014-01-26 02:53 - 2009-11-18 11:08 - 00000000 ___DC () C:\Users\luke\AppData\Local\MigWiz
2014-01-26 02:53 - 2009-11-17 19:36 - 00000000 ____D () C:\Windows\Panther
2014-01-26 02:52 - 2014-01-26 02:52 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-26 02:52 - 2011-07-02 19:02 - 00000000 ____D () C:\Program Files\CCleaner
2014-01-25 17:35 - 2014-01-25 17:35 - 00026988 _____ () C:\ComboFix.txt
2014-01-25 17:35 - 2013-10-12 13:47 - 00000000 ____D () C:\Qoobox
2014-01-25 17:25 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-01-25 17:06 - 2014-01-21 02:28 - 05175240 ____R (Swearware) C:\Users\luke\Desktop\11111111.exe
2014-01-24 18:22 - 2014-01-22 12:58 - 00011337 _____ () C:\Users\luke\Desktop\aaableepcomppost.txt
2014-01-24 03:52 - 2014-01-23 21:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-24 03:52 - 2014-01-10 19:48 - 00000000 ____D () C:\Users\luke\Desktop\mbar
2014-01-24 02:00 - 2014-01-10 19:49 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-24 01:39 - 2014-01-24 01:39 - 00004561 _____ () C:\Users\luke\Desktop\RKreport[0]_SC_01242014_013931.txt
2014-01-24 01:38 - 2014-01-24 01:38 - 00004871 _____ () C:\Users\luke\Desktop\RKreport[0]_H_01242014_013828.txt
2014-01-24 01:38 - 2014-01-24 01:38 - 00003686 _____ () C:\Users\luke\Desktop\RKreport[0]_PR_01242014_013829.txt
2014-01-24 01:38 - 2014-01-24 01:38 - 00003650 _____ () C:\Users\luke\Desktop\RKreport[0]_DN_01242014_013831.txt
2014-01-24 01:37 - 2014-01-24 01:37 - 00006797 _____ () C:\Users\luke\Desktop\RKreport[0]_D_01242014_013711.txt
2014-01-24 01:37 - 2014-01-05 12:34 - 00000000 ____D () C:\Users\luke\Desktop\RK_Quarantine
2014-01-24 01:36 - 2014-01-24 01:36 - 00006688 _____ () C:\Users\luke\Desktop\RKreport[0]_S_01242014_013655.txt
2014-01-24 01:17 - 2014-01-24 01:17 - 00006749 _____ () C:\Users\luke\Desktop\RKreport[0]_S_01242014_011726.txt
2014-01-24 01:14 - 2014-01-24 01:13 - 04406784 _____ () C:\Users\luke\Downloads\RogueKillerX64.exe
2014-01-23 21:04 - 2014-01-23 21:04 - 12589848 _____ (Malwarebytes Corp.) C:\Users\luke\Downloads\mbar-1.07.0.1009.exe
2014-01-23 17:55 - 2014-01-22 19:12 - 00000000 ____D () C:\Users\luke\Pearson
2014-01-22 19:14 - 2009-12-19 14:07 - 00000000 ____D () C:\Users\luke\AppData\Local\Adobe
2014-01-22 19:12 - 2009-11-17 16:46 - 00000000 ____D () C:\Users\luke
2014-01-22 13:58 - 2014-01-22 13:58 - 00008441 _____ () C:\Users\luke\Desktop\hjt2
2014-01-22 13:49 - 2010-07-11 23:08 - 00000000 ____D () C:\Program Files\PeerBlock
2014-01-22 12:35 - 2014-01-22 12:35 - 00008442 _____ () C:\Users\luke\Desktop\hjt_log1
2014-01-22 12:32 - 2014-01-22 12:32 - 00388608 _____ (Trend Micro Inc.) C:\Users\luke\Desktop\HijackThis.exe
2014-01-22 12:11 - 2010-04-08 13:21 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-01-22 12:11 - 2009-11-27 20:22 - 00000000 ____D () C:\Users\luke\AppData\Roaming\DAEMON Tools Lite
2014-01-21 03:04 - 2014-01-21 03:04 - 05167985 _____ (Swearware) C:\Users\luke\Downloads\ComboFix (3).exe
2014-01-21 02:28 - 2014-01-21 02:28 - 01236282 _____ () C:\Users\luke\Downloads\AdwCleaner (7).exe
2014-01-21 02:25 - 2014-01-09 18:45 - 05167985 _____ (Swearware) C:\Users\luke\Downloads\ComboFix.exe
2014-01-20 04:00 - 2009-11-17 17:07 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-20 03:35 - 2014-01-20 03:35 - 01236282 _____ () C:\Users\luke\Downloads\AdwCleaner (6).exe
2014-01-20 03:27 - 2014-01-20 03:27 - 00000703 _____ () C:\Users\luke\Desktop\JRT.txt
2014-01-20 03:18 - 2014-01-20 03:18 - 01037068 _____ (Thisisu) C:\Users\luke\Downloads\JRT (2).exe
2014-01-20 03:17 - 2014-01-20 03:17 - 01236282 _____ () C:\Users\luke\Downloads\AdwCleaner (5).exe
2014-01-20 03:13 - 2009-07-13 23:45 - 00447096 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-20 03:06 - 2013-07-13 02:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-20 03:03 - 2009-11-17 17:09 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-19 20:18 - 2014-01-05 12:52 - 00000000 ____D () C:\AdwCleaner
2014-01-19 20:11 - 2014-01-19 20:11 - 01236282 _____ () C:\Users\luke\Downloads\AdwCleaner (2).exe
2014-01-19 20:10 - 2014-01-19 20:10 - 01236282 _____ () C:\Users\luke\Downloads\AdwCleaner (3).exe
2014-01-19 20:09 - 2014-01-19 20:08 - 01236282 _____ () C:\Users\luke\Downloads\AdwCleaner (4).exe
2014-01-18 14:31 - 2014-01-12 19:52 - 00021938 _____ () C:\Users\luke\Desktop\dds.txt
2014-01-18 14:31 - 2014-01-12 19:52 - 00017466 _____ () C:\Users\luke\Desktop\attach.txt
2014-01-15 16:56 - 2014-01-15 16:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-15 16:55 - 2014-01-15 16:55 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-15 16:55 - 2014-01-15 16:55 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-15 16:55 - 2014-01-15 16:55 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-15 16:55 - 2014-01-15 16:55 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-15 16:55 - 2009-12-29 16:58 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-15 16:51 - 2014-01-15 16:50 - 29141928 _____ (Oracle Corporation) C:\Users\luke\Downloads\jre-7u51-windows-i586.exe
2014-01-13 19:56 - 2013-12-13 17:42 - 00000000 ____D () C:\Program Files (x86)\UnrealTournament
2014-01-13 17:32 - 2014-01-13 17:32 - 00000000 ____D () C:\Users\Kim
2014-01-13 17:32 - 2014-01-13 17:32 - 00000000 ____D () C:\Users\Kids
2014-01-13 17:32 - 2014-01-13 17:32 - 00000000 ____D () C:\Users\Guest
2014-01-13 17:29 - 2014-01-13 17:29 - 05166068 _____ (Swearware) C:\Users\luke\Downloads\ComboFix (1).exe
2014-01-13 16:50 - 2014-01-13 16:50 - 00000000 ____D () C:\ProgramData\Affinegy
2014-01-13 16:50 - 2011-10-22 20:08 - 00000000 ____D () C:\Program Files (x86)\Belkin
2014-01-13 16:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-13 03:58 - 2014-01-13 03:58 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Process Hacker 2
2014-01-13 03:50 - 2013-01-07 17:34 - 00124032 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-01-12 19:51 - 2014-01-12 19:51 - 00688992 ____R (Swearware) C:\Users\luke\Downloads\dds.scr
2014-01-12 18:54 - 2014-01-12 18:54 - 00007177 _____ () C:\Users\luke\Desktop\hijackthis1234
2014-01-12 17:11 - 2014-01-05 05:07 - 05164834 ____R (Swearware) C:\Users\luke\Downloads\ComboF.exe
2014-01-12 09:50 - 2014-01-12 09:49 - 00015672 _____ () C:\Users\luke\Desktop\nathans talk.odt
2014-01-11 12:59 - 2014-01-11 04:25 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\DigitalSites
2014-01-11 04:25 - 2014-01-11 04:25 - 00000110 _____ () C:\Users\Administrator\AppData\Roaming\WB.CFG
2014-01-11 04:25 - 2014-01-11 04:25 - 00000005 _____ () C:\Users\Administrator\AppData\Roaming\WBPU-TTL.DAT
2014-01-11 03:34 - 2014-01-11 03:34 - 01678013 _____ () C:\Users\luke\Downloads\pc-decrapifier-2.3.1 (1).exe
2014-01-11 03:33 - 2014-01-11 03:33 - 00233056 _____ (Kaspersky Lab, Yury Parshin) C:\Windows\system32\Drivers\63264326.sys
 
Files to move or delete:
====================
C:\Users\luke\errors.bat
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-08 04:06
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-02-2014 01
Ran by luke at 2014-02-10 21:55:12
Running from C:\Users\luke\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
1AVCapture (x32 Version: 1.7.5.20 - PCWinSoft Systems Ltd)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (x32 Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Arduino (x32 Version: 1.0.5 - Arduino LLC)
AutoHotkey 1.1.14.02 (x32 Version: 1.1.14.02 - Lexikos)
Avidemux 2.5 (x32 Version: 2.5.2.5660 - )
Belkin Setup and Router Monitor (x32 Version:  - )
Bonjour (Version: 3.0.0.10 - Apple Inc.)
BulletStorm (x32 Version: 1.0.0001.130 - EA) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 4.04 - Piriform)
Combined Community Codec Pack 2008-01-24 (x32 Version: 2008-01-24 00:00 - CCCP Project)
Counter-Strike: Global Offensive (x32 Version:  - )
Daphne 1.46 (x32 Version: 1.46 - Leandro H. Fernández)
DesignPro 5 (x32 Version: 5.5.708 - Avery Dennison) Hidden
Electric Sheep 2.7b33 (x32 Version: 2.7b33 - Electricsheep)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
f.lux (HKCU Version:  - )
Fraps (x32 Version:  - )
GameSpy Arcade (x32 Version:  - )
GIMP 2.6.11 (x32 Version: 2.6.11 - The GIMP Team)
GoldenEye: Source (x32 Version: 4.2 - Team GoldenEye: Source)
GoldenEye: Source (x32 Version: 4.2.3 - Team GoldenEye: Source)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Half-Life 2 (x32 Version:  - Valve)
Half-Life 2: Deathmatch (x32 Version:  - Valve)
HiJackThis (x32 Version: 1.0.0 - Trend Micro)
HP Deskjet 3050A J611 series Basic Device Software (Version: 25.0.571.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (x32 Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Product Improvement Study (Version: 25.0.571.0 - Hewlett-Packard Co.)
iCloud (Version: 3.1.0.40 - Apple Inc.)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Exploit version 0.09.5.0250 (Version: 0.09.5.0250 - Malwarebytes)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Max Payne 3 (x32 Version:  - Rockstar)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Windows Media Video 9 VCM (x32 Version:  - )
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 en-US) (x32 Version: 24.2.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA nTune (x32 Version: 1.00.0000 - NVIDIA Corporation)
NVIDIA nTune (x32 Version: 1.00.0000 - NVIDIA Corporation) Hidden
OpenAL (x32 Version:  - )
OpenOffice.org 3.2 (x32 Version: 3.2.9483 - OpenOffice.org)
PeerBlock 1.1+ (r691) (Version: 1.1.0.691 - PeerBlock, LLC)
Picasa 3 (x32 Version: 3.9 - Google, Inc.)
Pinnacle Instant DVD Recorder (x32 Version: 2.5.0.092 - Pinnacle Systems)
Pinnacle Video Driver (Version: 12.1.0.029 - Pinnacle Systems)
Portal (x32 Version:  - Valve)
Portal 2 (x32 Version:  - )
POWERPREP II (x32 Version: 1.00.0000 - ETS)
Process Hacker 2.32 (r5524) (Version: 2.32.0.5524 - wj32)
qBittorrent 3.1.4 (x32 Version: 3.1.4 - The qBittorrent project)
River Past Audio Capture (Version: 7.8 - River Past)
River Past Audio Converter (Version: 7.8 - River Past)
Rockstar Games Social Club (x32 Version: 1.1.0.1 - Rockstar Games)
Safari (x32 Version: 5.34.57.2 - Apple Inc.)
Source SDK Base 2007 (x32 Version:  - Valve)
StarCraft II (x32 Version: 1.0.0.16117 - Blizzard Entertainment)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Synergy (x32 Version: 1.4.15 - The Synergy Project)
Team Fortress 2 (x32 Version:  - Valve)
Ubisoft Game Launcher (x32 Version: 1.0.0.0 - UBISOFT)
Unreal Tournament 3 Demo (HKCU Version: 1.00.0000 - Epic Games)
Unreal Tournament 3 Demo (x32 Version: 1.00.0000 - Epic Games) Hidden
Unreal Tournament Demo (x32 Version:  - )
Uplay (x32 Version: 2.0 - Ubisoft)
Visual C++ 2008 Runtime (x64) (x32 Version: 1.0.1 - Highresolution Enterprises) Hidden
VLC media player 1.0.3 (x32 Version: 1.0.3 - VideoLAN Team)
VNC Free Edition 4.1.3 (x32 Version: 4.1.3 - RealVNC Ltd.)
VNC Server 5.1.0 (Version: 5.1.0 - RealVNC Ltd)
VNC Viewer 5.1.0 (Version: 5.1.0 - RealVNC Ltd)
WBFS Manager 3.0 (x32 Version: 3.0 - AlexDP)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)
Windows XP Mode (Version: 1.3.7600.16423 - Microsoft Corporation)
WinPatrol (Version: 30.0.2014.0 - BillP Studios)
WinRAR archiver (Version:  - )
WinSCP 4.2.9 (x32 Version: 4.2.9 - Martin Prikryl)
X-Mouse Button Control 2.6.2 (x32 Version: 2.6.2 - Highresolution Enterprises)
 
==================== Restore Points  =========================
 
30-01-2014 08:00:51 Windows Update
31-01-2014 08:00:47 Windows Update
01-02-2014 08:00:49 Windows Update
02-02-2014 14:30:52 Windows Update
03-02-2014 08:00:55 Windows Update
04-02-2014 08:00:48 Windows Update
05-02-2014 08:00:52 Windows Update
06-02-2014 08:00:48 Windows Update
07-02-2014 08:00:50 Windows Update
08-02-2014 08:00:50 Windows Update
09-02-2014 08:00:47 Windows Update
10-02-2014 08:00:50 Windows Update
 
==================== Hosts content: ==========================
 
2014-01-13 15:26 - 2014-02-10 21:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0A50E1A3-2615-4730-8CC1-C4B448FCC925} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {19F76F78-A4ED-4294-9B4C-359CD2770338} - System32\Tasks\{5E44F82B-3A92-485A-AE64-C8727084EF52} => E:\GTA4\Grand Theft Auto IV\GTAIV.exe [2008-12-22] (Take-Two Interactive Software, Inc.)
Task: {1F4406F9-76F3-40E9-802B-94EADF7492FB} - System32\Tasks\{B01B75B3-701B-4077-9823-45CF3BAE2566} => E:\GTA4\Grand Theft Auto IV\GTAIV.exe [2008-12-22] (Take-Two Interactive Software, Inc.)
Task: {227BF873-B652-4C9B-9BB1-3E6F19226114} - System32\Tasks\{14D9A8AB-2141-42D9-B6F4-68B32B852E89} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {2402A1D7-5128-48C2-93EC-A9A2EF43CCD7} - System32\Tasks\{A0F7C77C-53D6-4EBB-BC49-060305DB4847} => E:\GTA4\Grand Theft Auto IV\GTAIV.exe [2008-12-22] (Take-Two Interactive Software, Inc.)
Task: {4852AA85-86C1-4339-A52B-D16CB0570615} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {7246E8E2-9974-4331-980A-7627F5EC3201} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {83BB300E-91A4-41CB-A3AB-3AFC20AB0A24} - System32\Tasks\Malwarebytes Anti-Exploit => C:\Program Files\Malwarebytes Anti-Exploit\mbae-loader.exe [2013-12-17] (Malwarebytes Corporation)
Task: {8B9C4294-BC86-44FB-90DB-85ECDFFB576D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3685884611-65057680-3883802071-1000
Task: {8FFFB5EC-5E78-441A-9B9C-0DC49D322702} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-08] (Hewlett-Packard Co.)
Task: {919414F9-999B-4DF2-9D5F-6633EA550C6A} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {A504D4AE-2805-47BD-9061-0FEC420FA91D} - System32\Tasks\{EACCC6EA-7E65-4A53-B2FC-F9136307168C} => E:\GTA4\Grand Theft Auto IV\GTAIV.exe [2008-12-22] (Take-Two Interactive Software, Inc.)
Task: {D1FB2590-3EF6-422E-855D-E8B1563094C7} - System32\Tasks\{6175ACDC-113F-49EA-BD61-DEEBC1D288E4} => E:\GTA4\Grand Theft Auto IV\GTAIV.exe [2008-12-22] (Take-Two Interactive Software, Inc.)
Task: {E578AC66-6C16-456C-B1B1-99AA1B67CB77} - System32\Tasks\{BC2074E2-9FD2-4528-B1B7-9123E7D88017} => E:\GTA4\Grand Theft Auto IV\GTAIV.exe [2008-12-22] (Take-Two Interactive Software, Inc.)
Task: {EA96DAD8-47EF-4047-A2D3-DF2E442490FD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Malwarebytes Anti-Exploit.job => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-10-22 13:28 - 2013-10-22 13:28 - 00024064 _____ () C:\Program Files\Synergy\synwinxt.dll
2014-01-05 12:53 - 2014-01-05 12:53 - 00302961 _____ () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
2014-01-13 16:50 - 2011-04-29 18:30 - 00022944 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
2013-01-11 22:56 - 2013-01-11 22:56 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-22 14:36 - 2013-10-22 14:36 - 00271360 _____ () C:\Program Files (x86)\Synergy\synergyd.exe
2014-02-02 18:48 - 2013-12-24 17:14 - 00642016 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2014-01-13 16:50 - 2011-02-15 14:15 - 00325632 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
2014-01-13 16:50 - 2011-02-15 14:15 - 01954304 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
2014-01-13 16:50 - 2011-02-15 14:16 - 07187456 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
2014-01-13 16:50 - 2011-02-15 14:15 - 00847360 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
2014-01-13 16:50 - 2011-02-15 13:25 - 00119808 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
2014-01-13 16:50 - 2011-04-29 17:55 - 00658432 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
2013-10-22 14:37 - 2013-10-22 14:37 - 00026112 _____ () C:\Program Files (x86)\Synergy\synwinxt.dll
2014-02-03 20:36 - 2014-02-01 18:41 - 00715592 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-03 20:36 - 2014-02-01 18:41 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-03 20:36 - 2014-02-01 18:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-03 20:36 - 2014-02-01 18:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-03 20:36 - 2014-02-01 18:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:76650B61
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller #2
Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonw7
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller #2
Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonw7
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
Description: Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8187
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/10/2014 03:15:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: UnrealTournament.exe, version: 0.0.0.0, time stamp: 0x4052cc17
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x4527aac8
Faulting process id: 0x758
Faulting application start time: 0xUnrealTournament.exe0
Faulting application path: UnrealTournament.exe1
Faulting module path: UnrealTournament.exe2
Report Id: UnrealTournament.exe3
 
Error: (02/10/2014 03:02:03 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsl0d0ea9f6.
 
System Error:
The system cannot find the file specified.
.
 
Error: (02/09/2014 03:03:20 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsl0d0ea9f6.
 
System Error:
The system cannot find the file specified.
.
 
Error: (02/07/2014 03:12:35 PM) (Source: MsiInstaller) (User: luke-PC)
Description: Product: Apple Mobile Device Support -- Error 1920. Service 'Apple Mobile Device' (Apple Mobile Device) failed to start.  Verify that you have sufficient privileges to start system services.
 
Error: (02/07/2014 03:10:53 PM) (Source: MsiInstaller) (User: luke-PC)
Description: Product: Apple Mobile Device Support -- Error 1920. Service 'Apple Mobile Device' (Apple Mobile Device) failed to start.  Verify that you have sufficient privileges to start system services.
 
Error: (02/01/2014 01:09:13 AM) (Source: MsiInstaller) (User: luke-PC)
Description: Product: Apple Mobile Device Support -- Error 1920. Service 'Apple Mobile Device' (Apple Mobile Device) failed to start.  Verify that you have sufficient privileges to start system services.
 
Error: (01/27/2014 08:33:06 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (01/22/2014 09:34:18 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: The volume (C:) was not defragmented because an error was encountered: An attempt was made to load a program with an incorrect format. (0x8007000B)
 
 
System errors:
=============
Error: (02/10/2014 09:15:22 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (02/10/2014 09:12:17 PM) (Source: Service Control Manager) (User: )
Description: The HOSTS Anti-PUPs service failed to start due to the following error: 
%%1053
 
Error: (02/10/2014 09:12:17 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HOSTS Anti-PUPs service to connect.
 
Error: (02/10/2014 09:11:44 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service failed to start due to the following error: 
%%2
 
Error: (02/10/2014 09:11:11 PM) (Source: BugCheck) (User: )
Description: 0x000000f4 (0x0000000000000003, 0xfffffa80089f4900, 0xfffffa80089f4be0, 0xfffff800037d07b0)C:\Windows\Minidump\021014-102820-01.dmp021014-102820-01
 
Error: (02/10/2014 09:11:11 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:08:03 PM on ‎2/‎10/‎2014 was unexpected.
 
Error: (02/10/2014 03:09:35 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.
 
Error: (02/09/2014 03:12:34 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.
 
Error: (02/08/2014 03:09:58 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.
 
Error: (02/08/2014 01:30:24 AM) (Source: DCOM) (User: )
Description: {D9E904CA-8865-42E7-B0F0-B7B8C4D54D70}
 
 
Microsoft Office Sessions:
=========================
Error: (02/10/2014 03:15:35 PM) (Source: Application Error)(User: )
Description: UnrealTournament.exe0.0.0.04052cc17unknown0.0.0.000000000c00000054527aac875801cf261f80194ba7C:\Program Files (x86)\UnrealTournament\System\UnrealTournament.exeunknown192d7206-9290-11e3-b120-e5f2ef525922
 
Error: (02/10/2014 03:02:03 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsl0d0ea9f6.
 
System Error:
The system cannot find the file specified.
 
Error: (02/09/2014 03:03:20 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsl0d0ea9f6.
 
System Error:
The system cannot find the file specified.
 
Error: (02/07/2014 03:12:35 PM) (Source: MsiInstaller)(User: luke-PC)
Description: Product: Apple Mobile Device Support -- Error 1920. Service 'Apple Mobile Device' (Apple Mobile Device) failed to start.  Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (02/07/2014 03:10:53 PM) (Source: MsiInstaller)(User: luke-PC)
Description: Product: Apple Mobile Device Support -- Error 1920. Service 'Apple Mobile Device' (Apple Mobile Device) failed to start.  Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (02/01/2014 01:09:13 AM) (Source: MsiInstaller)(User: luke-PC)
Description: Product: Apple Mobile Device Support -- Error 1920. Service 'Apple Mobile Device' (Apple Mobile Device) failed to start.  Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (01/27/2014 08:33:06 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (01/22/2014 09:34:18 PM) (Source: Microsoft-Windows-Defrag)(User: )
Description: (C:)An attempt was made to load a program with an incorrect format. (0x8007000B)
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-02-10 21:10:47.899
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-10 21:10:44.997
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-03 07:21:15.226
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\New Folder\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-03 07:21:09.381
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\New Folder\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-03 07:21:03.525
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\New Folder\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-03 07:20:48.635
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\New Folder\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-03 07:20:42.784
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\New Folder\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-03 07:20:36.936
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\New Folder\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-03 07:19:52.031
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\New Folder\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-03 07:19:46.180
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\New Folder\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 43%
Total physical RAM: 4095.18 MB
Available physical RAM: 2293.44 MB
Total Pagefile: 8188.54 MB
Available Pagefile: 6310.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:878.91 GB) (Free:338.37 GB) NTFS
Drive d: () (Fixed) (Total:148.93 GB) (Free:0.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (New Volume) (Fixed) (Total:143.56 GB) (Free:38.98 GB) NTFS
Drive f: (NEW VOLUME) (Fixed) (Total:5.59 GB) (Free:4.76 GB) FAT32
Drive h: () (Fixed) (Total:463.87 GB) (Free:300.26 GB) NTFS
Drive i: () (Fixed) (Total:467.64 GB) (Free:268.51 GB) NTFS
Drive j: (Belkin Setup CD) (CDROM) (Total:0.22 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 919F7499)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 881E501B)
Partition 1: (Not Active) - (Size=464 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=468 GB) - (Type=OF Extended)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: E4F9A68A)
Partition 1: (Active) - (Size=879 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=53 GB) - (Type=06)
 
==================== End Of Log ============================


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:29 PM

Posted 10 February 2014 - 10:50 PM



Hello lemmiwinks

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 lemmiwinks

lemmiwinks
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 PM

Posted 11 February 2014 - 12:34 PM

My computer is about the same as the last post.  Here are my logs.
 
 
# AdwCleaner v3.018 - Report created 11/02/2014 at 04:55:36
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : luke - LUKE-PC
# Running from : C:\Users\luke\Downloads\AdwCleaner (8).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16750
 
 
-\\ Mozilla Firefox v26.0 (en-US)
 
[ File : C:\Users\luke\AppData\Roaming\Mozilla\Firefox\Profiles\kmj3skvp.default\prefs.js ]
 
 
[ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\38m487d5.default\prefs.js ]
 
 
-\\ Google Chrome v32.0.1700.107
 
[ File : C:\Users\luke\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [12590 octets] - [05/01/2014 12:57:13]
AdwCleaner[R1].txt - [1731 octets] - [05/01/2014 16:53:53]
AdwCleaner[R2].txt - [1400 octets] - [07/01/2014 23:55:54]
AdwCleaner[R3].txt - [1455 octets] - [08/01/2014 15:33:19]
AdwCleaner[R4].txt - [1575 octets] - [09/01/2014 18:25:31]
AdwCleaner[R5].txt - [1699 octets] - [10/01/2014 22:56:23]
AdwCleaner[R6].txt - [1819 octets] - [19/01/2014 20:11:48]
AdwCleaner[R7].txt - [1879 octets] - [19/01/2014 20:14:57]
AdwCleaner[R8].txt - [2000 octets] - [11/02/2014 04:51:48]
AdwCleaner[S0].txt - [11637 octets] - [05/01/2014 13:12:29]
AdwCleaner[S1].txt - [1798 octets] - [05/01/2014 16:57:13]
AdwCleaner[S2].txt - [1463 octets] - [08/01/2014 00:22:34]
AdwCleaner[S3].txt - [1516 octets] - [08/01/2014 15:37:28]
AdwCleaner[S4].txt - [1636 octets] - [09/01/2014 18:27:16]
AdwCleaner[S5].txt - [1760 octets] - [10/01/2014 23:01:56]
AdwCleaner[S6].txt - [1940 octets] - [19/01/2014 20:17:53]
AdwCleaner[S7].txt - [1921 octets] - [11/02/2014 04:55:36]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [1981 octets] ##########
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Ultimate x64
Ran by luke on Tue 02/11/2014 at  5:01:56.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/11/2014 at  5:07:32.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:29 PM

Posted 11 February 2014 - 08:47 PM


Hello lemmiwinks

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 lemmiwinks

lemmiwinks
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 PM

Posted 13 February 2014 - 02:14 PM

I had no problems running ComboFix.  My computer is running better after ComboFix.
 
Here's my ComboFix log.
 
 
0 ComboFix 14-02-12.01 - luke 02/13/2014   3:51.13.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4095.1701 [GMT -5:00]
Running from: c:\users\luke\Downloads\1234321.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\luke\AppData\Local\temp\1.tmp\F_IN_BOX.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-13 to 2014-02-13  )))))))))))))))))))))))))))))))
.
.
2014-02-13 09:06 . 2014-02-13 09:06 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-02-13 09:06 . 2014-02-13 09:06 -------- d-----w- c:\users\Lemmiwinks\AppData\Local\temp
2014-02-13 09:06 . 2014-02-13 09:06 -------- d-----w- c:\users\Kim\AppData\Local\temp
2014-02-13 09:06 . 2014-02-13 09:06 -------- d-----w- c:\users\Kids\AppData\Local\temp
2014-02-13 09:06 . 2014-02-13 09:06 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-02-13 09:06 . 2014-02-13 09:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-13 09:06 . 2014-02-13 09:06 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-02-13 08:09 . 2013-12-21 09:39 600064 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 08:09 . 2013-12-21 07:56 523776 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-13 04:56 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-02-13 04:56 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-02-13 04:56 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-13 04:56 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-02-12 10:10 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{181AB1FA-512A-46EA-ABB4-2A1C550ABBBF}\mpengine.dll
2014-02-11 02:52 . 2014-02-11 02:55 -------- d-----w- C:\FRST
2014-02-10 20:15 . 2014-02-10 20:15 -------- d-----w- c:\users\luke\AppData\Local\CrashDumps
2014-02-10 14:36 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-10 01:13 . 2014-02-10 01:13 -------- d-----w- c:\program files\AutoHotkey
2014-02-02 23:48 . 2014-02-02 23:48 -------- d-----w- c:\users\luke\AppData\Roaming\WinPatrol
2014-02-02 23:48 . 2014-02-02 23:48 -------- d-----w- c:\programdata\InstallMate
2014-02-02 23:48 . 2014-02-02 23:48 -------- d-----w- c:\program files (x86)\BillP Studios
2014-02-01 06:10 . 2013-10-28 04:41 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F82EE30F-FDCE-4052-8C3F-166D5B579CCE}\gapaengine.dll
2014-01-24 02:05 . 2014-01-24 08:52 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-23 00:12 . 2014-01-23 22:55 -------- d-----w- c:\users\luke\Pearson
2014-01-20 05:57 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-20 05:57 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-20 05:57 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-20 05:57 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-20 05:57 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-20 05:57 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-20 05:57 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-20 05:57 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-20 05:57 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 21:56 . 2014-01-15 21:56 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-01-15 21:56 . 2014-01-15 21:56 -------- d-----w- c:\programdata\Oracle
2014-01-15 21:55 . 2014-01-15 21:55 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-24 07:00 . 2014-01-11 00:49 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-20 09:00 . 2009-11-17 22:07 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-01-20 08:03 . 2009-11-17 22:09 86054176 ----a-w- c:\windows\system32\MRT.exe
2014-01-11 08:33 . 2014-01-11 08:33 233056 ----a-w- c:\windows\system32\drivers\63264326.sys
2014-01-10 03:42 . 2014-01-10 03:42 388096 ----a-r- c:\users\luke\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-01-08 05:30 . 2014-01-08 05:30 208216 ----a-w- c:\windows\system32\drivers\43697085.sys
2014-01-06 19:23 . 2014-01-06 19:23 4558848 ----a-w- c:\windows\SysWow64\GPhotos.scr
2013-12-20 22:32 . 2011-06-29 19:56 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-12-06 22:07 . 2013-12-06 22:07 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-12-06 22:07 . 2013-12-06 22:07 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2013-12-06 22:07 . 2013-12-06 22:07 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-12-06 22:07 . 2013-12-06 22:07 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-12-06 22:04 . 2010-04-07 01:22 143304 ----a-w- c:\windows\system32\atiuxp64.dll
2013-12-06 22:03 . 2013-12-06 22:03 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-12-06 22:03 . 2013-12-06 22:03 115512 ----a-w- c:\windows\system32\atiu9p64.dll
2013-12-06 22:02 . 2013-12-06 22:02 98496 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-12-06 22:01 . 2013-12-06 22:01 1318552 ----a-w- c:\windows\system32\aticfx64.dll
2013-12-06 22:01 . 2010-05-05 02:19 1100216 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-12-06 22:00 . 2013-12-06 22:00 9753752 ----a-w- c:\windows\system32\atidxx64.dll
2013-12-06 21:59 . 2013-12-06 21:59 8406024 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-12-06 21:59 . 2013-12-06 21:59 8287008 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-12-06 21:58 . 2013-12-06 21:58 6630232 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-12-06 21:57 . 2013-12-06 21:57 8927704 ----a-w- c:\windows\system32\atiumd6a.dll
2013-12-06 21:56 . 2013-12-06 21:56 7751920 ----a-w- c:\windows\system32\atiumd64.dll
2013-12-06 21:52 . 2013-12-06 21:52 13207552 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-12-06 21:38 . 2013-12-06 21:38 230912 ----a-w- c:\windows\system32\clinfo.exe
2013-12-06 21:38 . 2013-12-06 21:38 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe
2013-12-06 21:38 . 2013-12-06 21:38 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe
2013-12-06 21:38 . 2013-12-06 21:38 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe
2013-12-06 21:38 . 2013-12-06 21:38 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe
2013-12-06 21:38 . 2013-12-06 21:38 99840 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-12-06 21:38 . 2013-12-06 21:38 83968 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-12-06 21:38 . 2013-12-06 21:38 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2013-12-06 21:38 . 2013-12-06 21:38 73728 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-12-06 21:37 . 2013-12-06 21:37 29382144 ----a-w- c:\windows\system32\amdocl64.dll
2013-12-06 21:35 . 2013-12-06 21:35 24860160 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-12-06 21:26 . 2013-12-06 21:26 129536 ----a-w- c:\windows\system32\coinst_13.251.dll
2013-12-06 21:16 . 2013-12-06 21:16 26352128 ----a-w- c:\windows\system32\atio6axx.dll
2013-12-06 21:13 . 2013-12-06 21:13 368640 ----a-w- c:\windows\system32\atiapfxx.exe
2013-12-06 21:12 . 2013-12-06 21:12 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2013-12-06 21:12 . 2013-12-06 21:12 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-12-06 21:12 . 2013-12-06 21:12 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2013-12-06 21:12 . 2013-12-06 21:12 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-12-06 21:12 . 2013-12-06 21:12 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2013-12-06 21:09 . 2013-12-06 21:09 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-12-06 20:58 . 2013-12-06 20:58 22157824 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-12-06 20:53 . 2013-12-06 20:53 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-12-06 20:53 . 2013-12-06 20:53 31232 ----a-w- c:\windows\system32\atimuixx.dll
2013-12-06 20:53 . 2013-12-06 20:53 588288 ----a-w- c:\windows\system32\atieclxx.exe
2013-12-06 20:52 . 2013-12-06 20:52 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2013-12-06 20:50 . 2013-12-06 20:50 190976 ----a-w- c:\windows\system32\atitmm64.dll
2013-12-06 20:22 . 2010-05-05 01:24 1144320 ----a-w- c:\windows\system32\atiadlxx.dll
2013-12-06 20:22 . 2013-12-06 20:22 825344 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-12-06 20:22 . 2013-12-06 20:22 74752 ----a-w- c:\windows\system32\atig6pxx.dll
2013-12-06 20:22 . 2013-12-06 20:22 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-12-06 20:22 . 2013-12-06 20:22 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2013-12-06 20:22 . 2013-12-06 20:22 100352 ----a-w- c:\windows\system32\atig6txx.dll
2013-12-06 20:21 . 2013-12-06 20:21 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-12-06 20:21 . 2013-12-06 20:21 626176 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-12-06 20:18 . 2013-12-06 20:18 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-12-06 19:48 . 2013-12-11 06:01 37704 ----a-w- c:\windows\system32\VNCpm.dll
2013-12-06 19:48 . 2013-12-06 19:48 4608 ----a-w- c:\windows\system32\drivers\vncmirror.sys
2013-12-06 19:48 . 2013-12-06 19:48 26112 ----a-w- c:\windows\system32\vncmirror.dll
2013-11-23 18:26 . 2013-12-11 07:23 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 07:23 465920 ----a-w- c:\windows\system32\WMPhoto.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2014-01-24 429120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HOSTS Anti-Adware_PUPs"="c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" [2014-01-05 302961]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-04-29 1770400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RAMDiskVE;RAMDiskVE;c:\windows\system32\Drivers\RAMDiskVE.sys;c:\windows\SYSNATIVE\Drivers\RAMDiskVE.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8187.sys [x]
R3 sonydcam;Orange Micro iBot Desktop Camera;c:\windows\system32\DRIVERS\sonydcam.sys;c:\windows\SYSNATIVE\DRIVERS\sonydcam.sys [x]
R3 SQTECH9052;Disney Micro;c:\windows\system32\Drivers\Capt9052.sys;c:\windows\SYSNATIVE\Drivers\Capt9052.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\drivers\usb80236.sys;c:\windows\SYSNATIVE\drivers\usb80236.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys;c:\windows\SYSNATIVE\DRIVERS\EIO64.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files\Malwarebytes Anti-Exploit\MBAE.sys;c:\program files\Malwarebytes Anti-Exploit\MBAE.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Synergy;Synergy;c:\program files (x86)\Synergy\synergyd.exe;c:\program files (x86)\Synergy\synergyd.exe [x]
S2 vncserver;VNC Server;c:\program files\RealVNC\VNC Server\vncservice.exe vncserver;c:\program files\RealVNC\VNC Server\vncservice.exe vncserver [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 01:35 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-13 c:\windows\Tasks\Malwarebytes Anti-Exploit.job
- c:\program files\Malwarebytes Anti-Exploit\mbae-loader.exe [2014-01-11 15:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"XMouseButtonControl"="c:\program files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" [2013-10-06 1171088]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\luke\AppData\Roaming\Mozilla\Firefox\Profiles\kmj3skvp.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Fraps - c:\program files (x86)\uninstall.exe
AddRemove-GoldenEye: Source - c:\program files (x86)\Steam\SteamApps\sourcemods\GoldenEye: Source_Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3685884611-65057680-3883802071-1000_Classes\CLSID]
@Class="{232E8C6B-D35C-4bfe-8D97-D3F92E19271F}"
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\RealVNC\VNC4\WinVNC4.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Completion time: 2014-02-13  04:53:21 - machine was rebooted
ComboFix-quarantined-files.txt  2014-02-13 09:53
ComboFix2.txt  2014-01-25 22:35
ComboFix3.txt  2014-01-21 23:25
ComboFix4.txt  2014-01-21 08:03
ComboFix5.txt  2014-02-13 08:47
.
Pre-Run: 360,329,969,664 bytes free
Post-Run: 359,742,332,928 bytes free
.
- - End Of File - - BEFB98A58F6F3E5774E96985D7C232EA
A36C5E4F47E84449FF07ED3517B43A31


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:29 PM

Posted 14 February 2014 - 10:45 AM


Hello lemmiwinks

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 lemmiwinks

lemmiwinks
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 PM

Posted 14 February 2014 - 03:35 PM

Gringo, here is my log after running the script you gave me.  Haven't noticed much of a change in computer performance.
 
 
ComboFix 14-02-14.01 - luke 02/14/2014  13:39:04.14.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4095.1816 [GMT -5:00]
Running from: c:\users\luke\Downloads\125161.exe
Command switches used :: c:\users\luke\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-14 to 2014-02-14  )))))))))))))))))))))))))))))))
.
.
2014-02-14 18:50 . 2014-02-14 18:50 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-02-14 18:50 . 2014-02-14 18:50 -------- d-----w- c:\users\Lemmiwinks\AppData\Local\temp
2014-02-14 18:50 . 2014-02-14 18:50 -------- d-----w- c:\users\Kim\AppData\Local\temp
2014-02-14 18:50 . 2014-02-14 18:50 -------- d-----w- c:\users\Kids\AppData\Local\temp
2014-02-14 18:50 . 2014-02-14 18:50 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-02-14 18:50 . 2014-02-14 18:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-14 18:50 . 2014-02-14 18:50 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-02-14 09:21 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{938787F8-3570-409F-9BF6-949BE042CD50}\mpengine.dll
2014-02-13 08:09 . 2013-12-21 09:39 600064 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 08:09 . 2013-12-21 07:56 523776 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-13 04:56 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-02-13 04:56 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-02-13 04:56 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-13 04:56 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-02-12 10:10 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-11 02:52 . 2014-02-11 02:55 -------- d-----w- C:\FRST
2014-02-10 20:15 . 2014-02-10 20:15 -------- d-----w- c:\users\luke\AppData\Local\CrashDumps
2014-02-10 01:13 . 2014-02-10 01:13 -------- d-----w- c:\program files\AutoHotkey
2014-02-02 23:48 . 2014-02-02 23:48 -------- d-----w- c:\users\luke\AppData\Roaming\WinPatrol
2014-02-02 23:48 . 2014-02-02 23:48 -------- d-----w- c:\programdata\InstallMate
2014-02-02 23:48 . 2014-02-02 23:48 -------- d-----w- c:\program files (x86)\BillP Studios
2014-02-01 06:10 . 2013-10-28 04:41 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F82EE30F-FDCE-4052-8C3F-166D5B579CCE}\gapaengine.dll
2014-01-24 02:05 . 2014-01-24 08:52 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-23 00:12 . 2014-01-23 22:55 -------- d-----w- c:\users\luke\Pearson
2014-01-20 05:57 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-20 05:57 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-20 05:57 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-20 05:57 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-20 05:57 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-20 05:57 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-20 05:57 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-20 05:57 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-20 05:57 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 21:56 . 2014-01-15 21:56 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-01-15 21:56 . 2014-01-15 21:56 -------- d-----w- c:\programdata\Oracle
2014-01-15 21:55 . 2014-01-15 21:55 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-24 07:00 . 2014-01-11 00:49 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-20 09:00 . 2009-11-17 22:07 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-01-20 08:03 . 2009-11-17 22:09 86054176 ----a-w- c:\windows\system32\MRT.exe
2014-01-11 08:33 . 2014-01-11 08:33 233056 ----a-w- c:\windows\system32\drivers\63264326.sys
2014-01-10 03:42 . 2014-01-10 03:42 388096 ----a-r- c:\users\luke\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-01-08 05:30 . 2014-01-08 05:30 208216 ----a-w- c:\windows\system32\drivers\43697085.sys
2014-01-06 19:23 . 2014-01-06 19:23 4558848 ----a-w- c:\windows\SysWow64\GPhotos.scr
2013-12-20 22:32 . 2011-06-29 19:56 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-12-06 22:07 . 2013-12-06 22:07 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-12-06 22:07 . 2013-12-06 22:07 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2013-12-06 22:07 . 2013-12-06 22:07 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-12-06 22:07 . 2013-12-06 22:07 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-12-06 22:04 . 2010-04-07 01:22 143304 ----a-w- c:\windows\system32\atiuxp64.dll
2013-12-06 22:03 . 2013-12-06 22:03 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-12-06 22:03 . 2013-12-06 22:03 115512 ----a-w- c:\windows\system32\atiu9p64.dll
2013-12-06 22:02 . 2013-12-06 22:02 98496 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-12-06 22:01 . 2013-12-06 22:01 1318552 ----a-w- c:\windows\system32\aticfx64.dll
2013-12-06 22:01 . 2010-05-05 02:19 1100216 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-12-06 22:00 . 2013-12-06 22:00 9753752 ----a-w- c:\windows\system32\atidxx64.dll
2013-12-06 21:59 . 2013-12-06 21:59 8406024 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-12-06 21:59 . 2013-12-06 21:59 8287008 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-12-06 21:58 . 2013-12-06 21:58 6630232 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-12-06 21:57 . 2013-12-06 21:57 8927704 ----a-w- c:\windows\system32\atiumd6a.dll
2013-12-06 21:56 . 2013-12-06 21:56 7751920 ----a-w- c:\windows\system32\atiumd64.dll
2013-12-06 21:52 . 2013-12-06 21:52 13207552 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-12-06 21:38 . 2013-12-06 21:38 230912 ----a-w- c:\windows\system32\clinfo.exe
2013-12-06 21:38 . 2013-12-06 21:38 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe
2013-12-06 21:38 . 2013-12-06 21:38 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe
2013-12-06 21:38 . 2013-12-06 21:38 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe
2013-12-06 21:38 . 2013-12-06 21:38 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe
2013-12-06 21:38 . 2013-12-06 21:38 99840 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-12-06 21:38 . 2013-12-06 21:38 83968 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-12-06 21:38 . 2013-12-06 21:38 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2013-12-06 21:38 . 2013-12-06 21:38 73728 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-12-06 21:37 . 2013-12-06 21:37 29382144 ----a-w- c:\windows\system32\amdocl64.dll
2013-12-06 21:35 . 2013-12-06 21:35 24860160 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-12-06 21:26 . 2013-12-06 21:26 129536 ----a-w- c:\windows\system32\coinst_13.251.dll
2013-12-06 21:16 . 2013-12-06 21:16 26352128 ----a-w- c:\windows\system32\atio6axx.dll
2013-12-06 21:13 . 2013-12-06 21:13 368640 ----a-w- c:\windows\system32\atiapfxx.exe
2013-12-06 21:12 . 2013-12-06 21:12 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2013-12-06 21:12 . 2013-12-06 21:12 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-12-06 21:12 . 2013-12-06 21:12 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2013-12-06 21:12 . 2013-12-06 21:12 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-12-06 21:12 . 2013-12-06 21:12 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2013-12-06 21:09 . 2013-12-06 21:09 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-12-06 20:58 . 2013-12-06 20:58 22157824 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-12-06 20:53 . 2013-12-06 20:53 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-12-06 20:53 . 2013-12-06 20:53 31232 ----a-w- c:\windows\system32\atimuixx.dll
2013-12-06 20:53 . 2013-12-06 20:53 588288 ----a-w- c:\windows\system32\atieclxx.exe
2013-12-06 20:52 . 2013-12-06 20:52 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2013-12-06 20:50 . 2013-12-06 20:50 190976 ----a-w- c:\windows\system32\atitmm64.dll
2013-12-06 20:22 . 2010-05-05 01:24 1144320 ----a-w- c:\windows\system32\atiadlxx.dll
2013-12-06 20:22 . 2013-12-06 20:22 825344 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-12-06 20:22 . 2013-12-06 20:22 74752 ----a-w- c:\windows\system32\atig6pxx.dll
2013-12-06 20:22 . 2013-12-06 20:22 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-12-06 20:22 . 2013-12-06 20:22 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2013-12-06 20:22 . 2013-12-06 20:22 100352 ----a-w- c:\windows\system32\atig6txx.dll
2013-12-06 20:21 . 2013-12-06 20:21 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-12-06 20:21 . 2013-12-06 20:21 626176 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-12-06 20:18 . 2013-12-06 20:18 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-12-06 19:48 . 2013-12-11 06:01 37704 ----a-w- c:\windows\system32\VNCpm.dll
2013-12-06 19:48 . 2013-12-06 19:48 4608 ----a-w- c:\windows\system32\drivers\vncmirror.sys
2013-12-06 19:48 . 2013-12-06 19:48 26112 ----a-w- c:\windows\system32\vncmirror.dll
2013-11-23 18:26 . 2013-12-11 07:23 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 07:23 465920 ----a-w- c:\windows\system32\WMPhoto.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2014-01-24 429120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HOSTS Anti-Adware_PUPs"="c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" [2014-01-05 302961]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-04-29 1770400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [x]
R2 Synergy;Synergy;c:\program files (x86)\Synergy\synergyd.exe;c:\program files (x86)\Synergy\synergyd.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RAMDiskVE;RAMDiskVE;c:\windows\system32\Drivers\RAMDiskVE.sys;c:\windows\SYSNATIVE\Drivers\RAMDiskVE.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8187.sys [x]
R3 sonydcam;Orange Micro iBot Desktop Camera;c:\windows\system32\DRIVERS\sonydcam.sys;c:\windows\SYSNATIVE\DRIVERS\sonydcam.sys [x]
R3 SQTECH9052;Disney Micro;c:\windows\system32\Drivers\Capt9052.sys;c:\windows\SYSNATIVE\Drivers\Capt9052.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\drivers\usb80236.sys;c:\windows\SYSNATIVE\drivers\usb80236.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys;c:\windows\SYSNATIVE\DRIVERS\EIO64.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files\Malwarebytes Anti-Exploit\MBAE.sys;c:\program files\Malwarebytes Anti-Exploit\MBAE.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 vncserver;VNC Server;c:\program files\RealVNC\VNC Server\vncservice.exe vncserver;c:\program files\RealVNC\VNC Server\vncservice.exe vncserver [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 01:35 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-13 c:\windows\Tasks\Malwarebytes Anti-Exploit.job
- c:\program files\Malwarebytes Anti-Exploit\mbae-loader.exe [2014-01-11 15:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"XMouseButtonControl"="c:\program files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" [2013-10-06 1171088]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\luke\AppData\Roaming\Mozilla\Firefox\Profiles\kmj3skvp.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Fraps - c:\program files (x86)\uninstall.exe
AddRemove-GoldenEye: Source - c:\program files (x86)\Steam\SteamApps\sourcemods\GoldenEye: Source_Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3685884611-65057680-3883802071-1000_Classes\CLSID]
@Class="{232E8C6B-D35C-4bfe-8D97-D3F92E19271F}"
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-14  13:54:32
ComboFix-quarantined-files.txt  2014-02-14 18:54
ComboFix2.txt  2014-02-13 09:53
ComboFix3.txt  2014-01-25 22:35
ComboFix4.txt  2014-01-21 23:25
ComboFix5.txt  2014-02-14 18:37
.
Pre-Run: 360,135,544,832 bytes free
Post-Run: 359,805,276,160 bytes free
.
- - End Of File - - A5FB0B9A03FBBC21CA9F3BC02D18865F
A36C5E4F47E84449FF07ED3517B43A31


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:29 PM

Posted 14 February 2014 - 09:23 PM


Hello lemmiwinks

I would like to see a report that combofix makes.

extra combofix report
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 lemmiwinks

lemmiwinks
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 PM

Posted 15 February 2014 - 04:32 AM

1AVCapture
Adobe Reader XI (11.0.05)
Apple Application Support
Apple Software Update
Arduino
AutoHotkey 1.1.14.02
Avidemux 2.5
Belkin Setup and Router Monitor
BulletStorm
Catalyst Control Center InstallProxy
Combined Community Codec Pack 2008-01-24
Counter-Strike: Global Offensive
Daphne 1.46
DesignPro 5
Electric Sheep 2.7b33
eReg
erLT
f.lux
Fraps
GameSpy Arcade
GIMP 2.6.11
GoldenEye: Source
Google Chrome
Google Earth Plug-in
Google Update Helper
Half-Life 2
Half-Life 2: Deathmatch
HiJackThis
HP Deskjet 3050A J611 series Help
Java 7 Update 51
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Max Payne 3
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Windows Media Video 9 VCM
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Thunderbird 24.2.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA nTune
OpenAL
OpenOffice.org 3.2
Picasa 3
Pinnacle Instant DVD Recorder
Portal
Portal 2
POWERPREP II
qBittorrent 3.1.4
Rockstar Games Social Club
Safari
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Source SDK Base 2007
StarCraft II
Steam
Synergy
Team Fortress 2
Ubisoft Game Launcher
Unreal Tournament 3 Demo
Unreal Tournament Demo
Uplay
Visual C++ 2008 Runtime (x64)
VLC media player 1.0.3
VNC Free Edition 4.1.3
WBFS Manager 3.0
Windows Media Player Firefox Plugin
WinSCP 4.2.9
X-Mouse Button Control 2.6.2


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:29 PM

Posted 15 February 2014 - 08:39 AM


Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. default settings are fine
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :

I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a quick scan
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 lemmiwinks

lemmiwinks
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 PM

Posted 17 February 2014 - 02:47 AM

Gringo, when I run CCcleaner I get an error that shows up twice in a row.  
 

 

plutil.exe-System Error

 
 
The program can't start because MSVCR80.dll is missing from your computer.  Try reinstalling the program to fix this problem.
 

 

Once I close the errors, CCcleaner finishes it's job,  I also noticed that if I open Chrome after CCcleaner finishes, the Google home page is broken.  I can't enter text in the search box.  After I opened and closed Chrome a few times Google searches normally,
 
Also, MSE won't update itself.  It says it can't update while another program is waiting for installation and must wait till after a reboot.  ???
 
Other than that, here are my logs.
 
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.17.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16798
luke :: LUKE-PC [administrator]
 
2/17/2014 2:31:52 AM
mbam-log-2014-02-17 (02-31-52).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 286766
Time elapsed: 5 minute(s), 51 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
 
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:39:53 AM, on 2/17/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16798)
Boot mode: Normal
 
Running processes:
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HOSTS Anti-Adware_PUPs] C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
O4 - HKLM\..\Run: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
O4 - HKCU\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://vcuhsnm101.mcvh-vcu.edu/dwa7W.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HOSTS Anti-PUPs - Unknown owner - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Synergy - Unknown owner - C:\Program Files (x86)\Synergy\synergyd.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VNC Server (vncserver) - RealVNC Ltd - C:\Program Files\RealVNC\VNC Server\vncservice.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 6901 bytes
 

Edited by lemmiwinks, 17 February 2014 - 03:11 AM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:29 PM

Posted 17 February 2014 - 10:40 AM




Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

I normally remove any extra startups That I see in the Hijackthis report to speed things up but yours look very good - Great Job!! :)

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete
  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 lemmiwinks

lemmiwinks
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 PM

Posted 20 February 2014 - 08:57 PM

i ran ESET, but unfortunately left clean ticked.  Then my computer rebooted on it's scheduled weekly update.  I went back to ESET and it listed 2 instances of Conduit installer as having been cleaned.  I think they were in Malwarebytes quarantine folder, so probably not a threat.  Unfortunately I don't have the log file as a result.  I ran ESET again and it found nothing.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users