Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Parameter Incorrect/Cannot Load startup files due to Virus - nvcpl.dll ???


  • This topic is locked This topic is locked
16 replies to this topic

#1 KKAOSS

KKAOSS

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great Lakes
  • Local time:07:45 AM

Posted 01 March 2014 - 08:56 AM

"There was a problem starting NVCPL.dll" on boot in Windows PART 2

 

I read this topic and it was locked apparently problem solved for Xarchon - but I just came upon this problem.-

I cannot restore that failed have not tried to restore from safe mode yet, but old restore points are gone? UGH!

Below is my DDS.txt log

 

________________________________________________________________________________________________

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16798  BrowserJavaVersion: 10.51.2
Run by CJK at 7:10:06 on 2014-03-01
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3071.977 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Advanced SystemCare Ultimate *Disabled/Outdated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ascavsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\SysWOW64\ENAgent.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\svchost.exe -k LPDService
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\MRT.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Bar = hxxp://www.bing.com
mStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
EB: Web Test Recorder 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} - 
uRun: [765A155F9FF5F429E0317BA1CA086C5FDD822966._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [Advanced SystemCare Ultimate] "C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe" /Auto
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe" -launchedbylogin
mRun: [AdobeCS5ServiceManager] "c:\program files (x86)\common files\adobe\cs5servicemanager\cs5servicemanager.exe" -launchedbylogin
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRunOnce: [GrpConv] grpconv -o
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: LastPass - C:\Users\CJK\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\CJK\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - <orphaned>
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{8A5FEB7A-AFAF-4286-AF83-066FCDE071F8} : DHCPNameServer = 66.174.71.33 66.174.95.44
TCP: Interfaces\{CAB7B980-2577-4661-BB74-28277AFB6E7B} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - P:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB} - C:\Program Files (x86)\Mindjet\MindManager 11\sys\MmInternetExplorerActiveSetup.vbs
x64-mStart Page = hxxp://searchfunmoods.com/?f=1&a=ironpubd&ir=ironpubd&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0EtCzyzy0DyD0CtC0CyEtN0D0Tzu0CyCyEyEtN1L2XzutBtFtBtFtCtFyEtDyB&cr=371472867
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\CJK\AppData\Roaming\Mozilla\Firefox\Profiles\z188c5gr.default\
FF - plugin: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll
FF - plugin: C:\Program Files (x86)\Free Ride Games\npGameTreatWidget.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass64.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files (x86)\Windows Media Player\np_plugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
FF - plugin: P:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\browser\nppdf32.dll
FF - plugin: P:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-3 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-3 207904]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-2-12 55856]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-12-2 17720]
R1 6359282drv;6359282drv;C:\Windows\System32\drivers\6359282drv.sys [2014-2-28 556632]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-3-22 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-4-24 421704]
R1 CBFilterFS;CBFilterFS;C:\Windows\System32\drivers\cbfltfs.sys [2012-11-16 147720]
R1 cbfs3;cbfs3;C:\Windows\System32\drivers\cbfs3.sys [2012-11-16 352520]
R1 MpKsl49bf506a;MpKsl49bf506a;C:\Windows\System32\MpEngineStore\MpKsl49bf506a.sys [2014-2-28 46768]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe [2014-1-16 886592]
R2 ASCAntivirusSrv;AdvancedSystemCareAntivirus;C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCAvSvc.exe [2014-1-16 646976]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-3-22 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-12-13 50344]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-1-3 1363616]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-1-3 1748640]
R2 ENAgent;Epson Redirect Agent;C:\Windows\SysWOW64\ENAgent.exe [2013-11-25 4209856]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2013-11-14 151648]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2014-2-26 335168]
R2 PfFilter;PfFilter;C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys [2011-3-27 36792]
R3 LVHybr64;LVHybrid service;C:\Windows\System32\drivers\LVHybr64.sys [2007-5-28 1057408]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-11 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-1-22 888536]
RUnknown 10333343;10333343; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2012-5-10 608864]
S2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2013-11-14 135824]
S2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-2-21 420184]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-2-12 13336]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-12-2 2151232]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-11 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-11 701512]
S2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2010-9-17 1251840]
S2 SetupARService;SetupARService;C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [2012-10-27 24576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2013-10-24 790880]
S2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2013-10-8 609056]
S2 TorchCrashHandler;Torch Crash Handler;C:\Users\CJK\AppData\Local\Torch\Update\TorchCrashHandler.exe [2014-1-21 1214472]
S3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-2-24 80184]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2011-2-12 138752]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-1-10 36680]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
S3 NovacomD;Palm Novacom;C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [2013-12-2 72192]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-25 19456]
S3 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-2-12 689472]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2012-1-31 35112]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-25 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2013-12-18 113936]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-23 1255736]
S4 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-3-21 245760]
S4 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2010-1-11 155648]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 QuickBooksDB21;QuickBooksDB21;P:\PROGRA~1\Intuit\QUICKB~2\QBDBMgrN.exe -hvQuickBooksDB21 --> P:\PROGRA~1\Intuit\QUICKB~2\QBDBMgrN.exe -hvQuickBooksDB21 [?]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-02-27 01:41:01 556632 ----a-w- C:\Windows\System32\drivers\6359282drv.sys
2014-02-24 17:19:55 80184 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-02-24 17:19:55 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-02-24 17:19:55 43152 ----a-w- C:\Windows\avastSS.scr
2014-02-24 17:19:55 421704 ----a-w- C:\Windows\System32\drivers\aswSP.sys
2014-02-24 17:19:55 334136 ----a-w- C:\Windows\System32\aswBoot.exe
2014-02-24 17:19:55 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-02-24 17:19:55 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-02-24 03:18:28 188808 ----a-w- C:\Windows\System32\javaw.exe
2014-02-24 03:18:28 188808 ----a-w- C:\Windows\System32\java.exe
2014-02-22 01:48:20 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2014-02-22 01:48:20 1515296 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2014-02-22 01:48:19 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2014-02-22 01:45:27 1958616 ----a-w- C:\Windows\System32\RTSnMg64.cpl
2014-02-22 01:45:26 3771352 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2014-02-22 01:45:22 153304 ----a-w- C:\Windows\System32\RCoInstII64.dll
2014-02-22 01:45:19 397592 ----a-w- C:\Windows\System32\MBWrp64.dll
2014-02-22 01:45:19 1998104 ----a-w- C:\Windows\System32\MBAPO264.dll
2014-02-22 01:45:19 1727256 ----a-w- C:\Windows\SysWow64\MBAPO232.dll
2014-02-16 09:06:08 88567024 ----a-w- C:\Windows\System32\MRT.exe
2014-02-01 09:20:10 51712 ----a-w- C:\Windows\System32\ie4uinit.exe
2014-02-01 09:19:49 2241536 ----a-w- C:\Windows\System32\wininet.dll
2014-02-01 09:19:36 1365504 ----a-w- C:\Windows\System32\urlmon.dll
2014-02-01 09:18:47 197120 ----a-w- C:\Windows\System32\msrating.dll
2014-02-01 09:18:44 19274240 ----a-w- C:\Windows\System32\mshtml.dll
2014-02-01 09:18:42 603136 ----a-w- C:\Windows\System32\msfeeds.dll
2014-02-01 09:18:25 855552 ----a-w- C:\Windows\System32\jscript.dll
2014-02-01 09:18:25 53760 ----a-w- C:\Windows\System32\jsproxy.dll
2014-02-01 09:18:25 3960320 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-01 09:18:21 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-01 09:18:21 526336 ----a-w- C:\Windows\System32\ieui.dll
2014-02-01 09:18:21 2648576 ----a-w- C:\Windows\System32\iertutil.dll
2014-02-01 09:18:21 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-02-01 09:18:20 39936 ----a-w- C:\Windows\System32\iernonce.dll
2014-02-01 09:18:20 15403520 ----a-w- C:\Windows\System32\ieframe.dll
2014-02-01 07:58:31 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-01 07:58:24 1140736 ----a-w- C:\Windows\SysWow64\urlmon.dll
2014-02-01 07:57:39 163840 ----a-w- C:\Windows\SysWow64\msrating.dll
2014-02-01 07:57:37 14359040 ----a-w- C:\Windows\SysWow64\mshtml.dll
2014-02-01 07:57:35 493056 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2014-02-01 07:57:20 690688 ----a-w- C:\Windows\SysWow64\jscript.dll
2014-02-01 07:57:20 39936 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2014-02-01 07:57:20 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-01 07:57:16 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-01 07:57:16 391168 ----a-w- C:\Windows\SysWow64\ieui.dll
2014-02-01 07:57:16 33280 ----a-w- C:\Windows\SysWow64\iernonce.dll
2014-02-01 07:57:16 2049024 ----a-w- C:\Windows\SysWow64\iertutil.dll
2014-02-01 07:57:16 13760512 ----a-w- C:\Windows\SysWow64\ieframe.dll
2014-02-01 07:57:16 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-02-01 07:40:43 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-01 07:34:53 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-01 06:45:40 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2014-02-01 06:38:03 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-01-22 16:30:48 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-22 16:30:48 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-22 15:15:18 888536 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2014-01-22 15:15:18 73800 ----a-w- C:\Windows\System32\RtNicProp64.dll
2014-01-22 15:15:18 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2014-01-22 15:11:26 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433182.dll
2014-01-22 15:11:25 1884448 ----a-w- C:\Windows\System32\nvdispco6433182.dll
2014-01-22 15:10:15 2103040 ----a-w- C:\Windows\System32\WavesGUILib64.dll
2014-01-22 15:10:13 2810072 ----a-w- C:\Windows\System32\RtPgEx64.dll
2014-01-22 15:10:11 2588888 ----a-w- C:\Windows\System32\RtkAPO64.dll
2014-01-22 15:10:10 618200 ----a-w- C:\Windows\System32\RtDataProc64.dll
2014-01-22 15:10:09 1286872 ----a-w- C:\Windows\System32\RTCOM64.dll
2014-01-22 15:09:49 2036992 ----a-w- C:\Windows\System32\MaxxAudioEQ64.dll
2014-01-22 15:09:49 1013504 ----a-w- C:\Windows\System32\MaxxAudioAPOShell64.dll
2014-01-10 22:03:15 36680 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-21 09:39:33 600064 ----a-w- C:\Windows\System32\vbscript.dll
2013-12-21 07:56:10 523776 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-12-19 18:53:46 6671648 ----a-w- C:\Windows\System32\nvcpl.dll
2013-12-19 18:53:46 3490080 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-12-19 18:53:44 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-12-19 18:53:44 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-12-19 18:53:44 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2013-12-19 05:01:48 3539040 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-12-19 03:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-19 03:04:13 264616 ----a-w- C:\Windows\SysWow64\javaws.exe
2013-12-19 03:04:09 175016 ----a-w- C:\Windows\SysWow64\javaw.exe
2013-12-19 03:03:46 174504 ----a-w- C:\Windows\SysWow64\java.exe
2013-12-18 23:19:54 252688 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2013-12-18 23:16:44 154896 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2013-12-18 23:16:44 140560 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2013-12-18 23:16:44 126736 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2013-12-18 23:16:44 113936 ----a-w- C:\Windows\System32\drivers\VBoxUSB.sys
2013-12-18 23:13:30 204048 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2013-12-18 14:54:05 1510176 ----a-w- C:\Windows\System32\nvhdagenco64.dll
2013-12-18 14:50:57 209096 ----a-w- C:\Windows\System32\AERTAC64.dll
2013-12-18 14:50:57 108640 ----a-w- C:\Windows\System32\AERTAR64.dll
2013-12-13 18:47:46 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-12-13 18:47:43 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
.
============= FINISH:  7:11:02.49 ===============
 
 
 
 
 

Attached Files


Edited by KKAOSS, 01 March 2014 - 11:54 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 AM

Posted 06 March 2014 - 09:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/526108 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 KKAOSS

KKAOSS
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great Lakes
  • Local time:07:45 AM

Posted 06 March 2014 - 12:25 PM

TrustedInstaller hijacked drives changed permissions etc, unpluggd internet days ago to stop the bleeding LOL help erradicate this vermin thx all  :hysterical:



#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:45 AM

Posted 06 March 2014 - 07:27 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:45 AM

Posted 06 March 2014 - 07:29 PM

Please run a new scan with DDS and post both of the new logs since it has been a few days since last ran.   :)
--------------
 
LlJESjW.jpgMalwarebytes Anti-Rootkit
 
Please download Malwarebytes Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
  • If malware is found, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.

If there is no malware found, please let me know as well.
----------
 

81mYIKe.jpg  AdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#6 KKAOSS

KKAOSS
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great Lakes
  • Local time:07:45 AM

Posted 07 March 2014 - 12:02 AM

Thx Jeff

I am a road warrior so I will have to get back to office to run current diagnostic logs

 

should get to the infcted box friday 3/7

 

KKAOSS



#7 KKAOSS

KKAOSS
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great Lakes
  • Local time:07:45 AM

Posted 07 March 2014 - 12:57 AM

Jeff finally got back to the scene of the crime.

 

mbar found no infections

 

# AdwCleaner v3.020 - Report created 06/03/2014 at 23:43:33
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : NSM - NSM-PC
# Running from : G:\VIRUS SWAT PACKAGE\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7601.17514
 
 
-\\ Google Chrome v33.0.1750.146
 
[ File : C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [879 octets] - [06/03/2014 23:34:13]
AdwCleaner[S0].txt - [805 octets] - [06/03/2014 23:43:33]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [864 octets] ##########


#8 KKAOSS

KKAOSS
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great Lakes
  • Local time:07:45 AM

Posted 07 March 2014 - 01:16 AM

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7601.17514
Run by NSM at 0:04:14 on 2014-03-07
#Option Extended Search is enabled.
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3071.1639 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Advanced SystemCare Ultimate *Disabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\taskeng.exe
G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
G:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\Monitor.exe
G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\WUDFHost.exe
G:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
G:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\RealTimeProtector.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.dell.com
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Advanced SystemCare Ultimate] "G:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe" /Auto
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{CDCCC81D-8E9B-495D-AE44-21479A4AB3D5} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - G:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-3-6 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-3-6 207904]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-3-6 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-3-6 421704]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-3-6 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-3-6 50344]
R2 MBAMScheduler;MBAMScheduler;G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-3-6 418376]
R2 MBAMService;MBAMService;G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-3-6 701512]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-12-6 662232]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-3-6 80184]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-3-6 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;G:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe [2014-3-6 886592]
S2 ASCAntivirusSrv;AdvancedSystemCareAntivirus;G:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCAvSvc.exe [2014-3-6 646976]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-3-6 2151232]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 MEMSWEEP2;MEMSWEEP2;C:\Windows\System32\D76B.tmp [2014-3-6 6144]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-15 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-15 180736]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-12-6 18456]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2014-3-6 19152]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2014-3-6 12504]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-12-6 1229528]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
.
=============== Created Last 60 ================
.
2014-03-07 05:34:01 -------- d-----w- C:\AdwCleaner
2014-03-07 05:26:56 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-07 05:26:53 117464 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-03-07 05:25:58 89304 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-07 05:23:11 -------- d-----w- C:\Users\NSM\AppData\Local\CrashDumps
2014-03-07 05:01:24 -------- d-----w- C:\ProgramData\Sophos
2014-03-07 04:59:31 73728 ----a-r- C:\Users\NSM\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-03-07 04:59:31 73728 ----a-r- C:\Users\NSM\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-03-07 04:59:31 73728 ----a-r- C:\Users\NSM\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-03-07 04:19:28 -------- d-----w- C:\Users\NSM\AppData\Roaming\SUPERAntiSpyware.com
2014-03-07 04:18:40 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-03-07 04:18:40 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-03-07 04:13:14 6144 ------w- C:\Windows\System32\D76B.tmp
2014-03-07 04:12:50 6144 ------w- C:\Windows\System32\7C11.tmp
2014-03-07 04:07:07 -------- d-----w- C:\Users\NSM\AppData\Local\Secunia PSI
2014-03-07 04:06:58 -------- d-----w- C:\Program Files (x86)\Secunia
2014-03-07 04:03:02 -------- d-sh--w- C:\$RECYCLE.BIN
2014-03-07 03:58:01 -------- d-----w- C:\Users\NSM\AppData\Local\NPE
2014-03-07 03:58:01 -------- d-----w- C:\ProgramData\Norton
2014-03-07 03:48:30 -------- d-----w- C:\Program Files\HitmanPro
2014-03-07 03:47:55 -------- d-----w- C:\ProgramData\HitmanPro
2014-03-07 03:46:00 -------- d-s---w- C:\ComboFix
2014-03-06 22:09:48 -------- d-----w- C:\Users\NSM\AppData\Roaming\AVAST Software
2014-03-06 22:07:07 3050808 ----a-w- C:\Windows\System32\pwNative.exe
2014-03-06 22:07:06 19152 ------w- C:\Windows\System32\pwdrvio.sys
2014-03-06 22:07:05 12504 ------w- C:\Windows\System32\pwdspio.sys
2014-03-06 22:06:26 80184 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-03-06 21:57:08 -------- d-----w- C:\Users\NSM\AppData\Local\Google
2014-03-06 21:57:04 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-03-06 21:57:02 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-03-06 21:57:01 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-03-06 21:57:01 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-03-06 21:56:59 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-03-06 21:56:30 -------- d-sh--w- C:\Windows\Installer
2014-03-06 21:56:13 43152 ----a-w- C:\Windows\avastSS.scr
2014-03-06 21:56:00 -------- d-----w- C:\Program Files\AVAST Software
2014-03-06 21:54:54 -------- d-----w- C:\ProgramData\AVAST Software
2014-03-06 21:50:04 -------- d-----w- C:\ProgramData\ProductData
2014-03-06 21:49:51 431176 ----a-w- C:\Windows\System32\drivers\bdfsfltr.sys
2014-03-06 21:49:45 -------- d-----w- C:\Program Files (x86)\IObit
2014-03-06 21:49:33 329800 ----a-w- C:\Windows\System32\drivers\trufos.sys
2014-03-06 21:49:30 -------- d-----w- C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2014-03-06 21:49:23 -------- d-----w- C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424}
2014-03-06 21:49:21 -------- d-----w- C:\ProgramData\IObit
2014-03-06 21:49:20 -------- d-----w- C:\Users\NSM\AppData\Roaming\IObit
2014-03-06 21:48:27 -------- d-----w- C:\Windows\Panther
2014-03-06 21:47:55 -------- d-----w- C:\Windows\System32\OEM
2014-03-06 21:47:55 -------- d-----w- C:\Hotfix
2014-03-06 21:47:55 -------- d-----w- C:\Drivers
2014-03-06 20:23:59 -------- d-----w- C:\Users\NSM\AppData\Roaming\Malwarebytes
2014-03-06 20:23:24 -------- d-----w- C:\ProgramData\Malwarebytes
2014-03-06 20:23:21 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-06 20:22:55 -------- d-----w- C:\Users\NSM\AppData\Local\Programs
2014-03-06 19:55:00 -------- d-----w- C:\Users\NSM\AppData\Local\VirtualStore
.
==================== Find6M  ====================
.
2013-12-06 14:47:12 18456 ----a-w- C:\Windows\System32\drivers\psi_mf_amd64.sys
.
============= FINISH:  0:04:29.84 ===============

Attached Files



#9 KKAOSS

KKAOSS
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great Lakes
  • Local time:07:45 AM

Posted 07 March 2014 - 01:20 AM

TrustedInstaller owns many folders/files permissions have been altered and many files are denied access unless I take ownership globally.
 
2 ext drives have been disconnected by assocs (UGH!) and a previous SATA drive is not showing up on computer
 
one of my assocs made effort to clean it up and be a WHITE HAT - gosh darn it!   ;-(
i fear this is going to take awhile to resolve on my end........



#10 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:45 AM

Posted 07 March 2014 - 07:54 AM

Hi,

 

Malware-wise so far it doesn't look that bad, but I need to ask a couple questions before we continue....

 

Is this a business/work computer?

 

Do you know you have two running antivirus programs which will cause conflicts and system slow down......both Avast and Advanced SystemCare Ultimate?

--------------------

 

On a side note....be sure to put all of the tools we use on your Desktop and not in a separate folder so we know where everything is and they run correctly.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#11 KKAOSS

KKAOSS
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great Lakes
  • Local time:07:45 AM

Posted 07 March 2014 - 09:06 AM

hey jeff,

 

  • home office buddy - assoc is benign - he is my son,& he works w/me - trying to do me a favor!
  • and yes i am aware of the 2 running I will kill ASC product and only run avast
  • and....yes i will put tools on desktop that are being utilized.

TrustedInstaller or some prog/app  has repartitioned my primary drive (500GB) and in computer window I cannot get my 2nd hard drive to show up (small 120GB) this is fun though - I  have modified TakeOwnership.exe so I can reset ownership globally and I am prepared to repartition the drive as well wondering if there is something that will wipe/delete the culprit primary disk.  format does not get rid of the files on the disk and I get access denied pop ups when I try to perform certain clean functions, hmmmm

 

KKAOSS

 

 

thx



#12 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:45 AM

Posted 07 March 2014 - 10:19 AM

Ok lets see what we can get done.   :)  Please don't run anything else unless otherwise asked so I don't get lost while we are working.
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#13 KKAOSS

KKAOSS
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great Lakes
  • Local time:07:45 AM

Posted 07 March 2014 - 10:52 AM

Thx jeff - i have nothing on this comp but anti vermin software - worried that this sucker is/has broadcasting/ed info out over the web as when I first discovered the problem total stranger users had ownership permissions and I ran quota data management to see who was grabbing all this realestate 40+ GB and 14+ GB  attributed to these anon users and so it goes, here you go thanks for your indulgence...crazy but fun to tackle   :bananas: 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2014
Ran by NSM (administrator) on NSM-PC on 07-03-2014 09:35:52
Running from C:\Users\NSM\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - G:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR HomePage: hxxp://www.chromefans.org/
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2014-03-06]
CHR Extension: (Beatlab) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\alnfdikmbdfgkcbdodjcbmedanjinmkk [2014-03-06]
CHR Extension: (Google Docs) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-06]
CHR Extension: (Google Drive) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-06]
CHR Extension: (Desmos Graphing Calculator) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko [2014-03-06]
CHR Extension: (WOT) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-03-06]
CHR Extension: (Vuru) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjkomipldgcookljbkgffaegdaaohllb [2014-03-06]
CHR Extension: (YouTube) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-06]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2014-03-06]
CHR Extension: (QR Code Generator) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\cicimfkkbejhggfjaabggafffgdnjgjp [2014-03-06]
CHR Extension: (Google Search) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-06]
CHR Extension: (Screen Capture (by Google)) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg [2014-03-06]
CHR Extension: (AutoCAD 360) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjeclnkejmbepoibfnamioojinoopln [2014-03-06]
CHR Extension: (Tampermonkey) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-03-06]
CHR Extension: (Free Online Barcode Generator) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhoelniomehlmbhbgbhfhjgekbcbabjb [2014-03-06]
CHR Extension: (CPDD-Droplets) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkiohcapgahhmehnmaeppeedkjaijifi [2014-03-06]
CHR Extension: (SEOrch - OnPage SEO Tool) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\dofplnfijbongplmhcpoobljlfjeaank [2014-03-06]
CHR Extension: (Timer) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\edebbhkhcaafmolanelponjjanocpacd [2014-03-06]
CHR Extension: (Google Calendar) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-03-06]
CHR Extension: (Box - 10GB of FREE storage) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2014-03-06]
CHR Extension: (App store discounts) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekckfmbgohljpbplohgkeoepmieffaef [2014-03-06]
CHR Extension: (Swydo Easy reporting & workflow for PPC & SEO) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekkfiomimjjgcoeamccabemeohfjbghj [2014-03-06]
CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-03-06]
CHR Extension: (Pandora) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-03-06]
CHR Extension: (Grooveshark Remote) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbpifhknilaflibiifjhhofddbbchmhh [2014-03-06]
CHR Extension: (Coder Site Editor) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdhmfejfkepnajomlaflaebolllbaofh [2014-03-06]
CHR Extension: (Google Sheets) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-03-06]
CHR Extension: (Koding) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgbjpbdfegnodokpoejnbhnblcojccal [2014-03-06]
CHR Extension: (CHIP Online) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhjmdobefakhdbfdpnnopoaldabldbgd [2014-03-06]
CHR Extension: (Otixo) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\flfbeiofnanaeajijcaccaadpnkkkkko [2014-03-06]
CHR Extension: (NASA Online TV HD) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggpeehmipebgblgaokenepkkinmbnipa [2014-03-06]
CHR Extension: (Planetarium) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2014-03-06]
CHR Extension: (The Camelizer - Amazon Price Tracker) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2014-03-06]
CHR Extension: (Sellfy) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\glebaajdmoojcccdkikpjcblgimjgehp [2014-03-06]
CHR Extension: (Send to Evernote) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnilckpgiopfcokcijkhpghppekcoafm [2014-03-06]
CHR Extension: (DocuSign) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\goblijolcnempeilmnkmfbhohlpngemd [2014-03-06]
CHR Extension: (avast! Online Security) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-06]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-03-06]
CHR Extension: (SOLE 64) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\henmjlkeiiclnbeomllgmojdeedomape [2014-03-06]
CHR Extension: (NPR Infinite Player) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpcelemhneoooapbbopolpjhmbfmnbf [2014-03-06]
CHR Extension: (Google Keep) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-03-06]
CHR Extension: (Cool Clock) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\icegcmhgphfkgglbljbkdegiaaihifce [2014-03-06]
CHR Extension: (Python Fiddle) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\imldfcloildiapnfjoocfpdmoajnjelf [2014-03-06]
CHR Extension: (3D Function Graphics) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobplelaajiidonodpenmapjhndgohhn [2014-03-06]
CHR Extension: (Dropbox) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-03-06]
CHR Extension: (Command & Conquer Tiberium Alliances) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe [2014-03-06]
CHR Extension: (My Browser Page) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghfknlgajlcihkhkhnlcoffhbohnlbg [2014-03-06]
CHR Extension: (Universo) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\joamekpghmpmbpcjjfpmfjhenhpidmep [2014-03-06]
CHR Extension: (Andrew@ChromeFans) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\jollpecbpialleljionejgkdgjfgamma [2014-03-06]
CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkfgopppd [2014-03-06]
CHR Extension: (Google Play) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2014-03-06]
CHR Extension: (Neutron Drive) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\lanjfnanlbolmgmnchmhfnicfefjgnff [2014-03-06]
CHR Extension: (Evernote Web) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-03-06]
CHR Extension: (zezo.org) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgmhdgebgchmclmiocmphlheepbhmnjm [2014-03-06]
CHR Extension: (AudioSauna) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae [2014-03-06]
CHR Extension: (Google Maps) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-03-06]
CHR Extension: (3D Solar System Web) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaaepplopehigjgkolniddiadbbkphd [2014-03-06]
CHR Extension: (Ghostery) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-03-06]
CHR Extension: (JustBeamIt) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmikgkdknaammcapbklcdaakpphfilgg [2014-03-06]
CHR Extension: (DoliCloud CRM) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnblkoemikbhacnfbfbaehbaclhgpjnf [2014-03-06]
CHR Extension: (Aljazeera and Al-Arabiya (unofficial)) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\moieididcdilfehlfmeelkoknoinlknc [2014-03-06]
CHR Extension: (Anatronica - 3D Interactive Anatomy) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nalpooddpdnhjicpjgnhaihnnfnmbpee [2014-03-06]
CHR Extension: (Cloud9) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdmccoknlfggadpfkmcpnamfnbkmkcp [2014-03-06]
CHR Extension: (Mobincube - FREE smartphone App builder) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfbnofjiempfokaedcfllenpopocpjid [2014-03-06]
CHR Extension: (SkyDrive) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2014-03-06]
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2014-03-06]
CHR Extension: (CnC TA Script Collection) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmhpmdclklpgfcpoiomjofgfagenmgeo [2014-03-06]
CHR Extension: (Google Wallet) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-06]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2014-03-06]
CHR Extension: (Clicker.TV) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaodinjbnakgknmblmhblapgpmfaciba [2014-03-06]
CHR Extension: (Picasa) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-03-06]
CHR Extension: (Command & Conquer TA POIs Analyser) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjfennpifbhgfpaihhahgelpcdapfdp [2014-03-06]
CHR Extension: (TV France - Regarder Télévision) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbchiajonfncphfgplcmdojihhlbffbd [2014-03-06]
CHR Extension: (cronsync) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbngjmgfclegmldmnjbfbgpphbaakjnk [2014-03-06]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2014-03-06]
CHR Extension: (Evernote Web Clipper) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-03-06]
CHR Extension: (Gmail) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-06]
CHR Extension: (GetResponse) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcfmidjdoonindibjjkdkhncmokdjdi [2014-03-06]
CHR Extension: (sourceLair) - C:\Users\NSM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmdllfjnhmnohbhidhdnbaanbnmopfcn [2014-03-06]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePluginFor6.crx [2014-03-06]
 
==================== Services (Whitelisted) =================
 
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151232 2013-12-02] (IObit)
S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S4 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S4 AdvancedSystemCareService7; G:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe [X]
S4 ASCAntivirusSrv; G:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ascavsvc.exe [X]
S4 MBAMScheduler; "G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [X]
S2 MBAMService; "G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
R2 bdfsfltr; C:\Windows\system32\Drivers\bdfsfltr.sys [431176 2011-03-24] (BitDefender)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MEMSWEEP2; C:\Windows\system32\D76B.tmp [6144 2011-08-25] (Sophos Plc)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [329800 2011-11-21] (BitDefender S.R.L.)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys ==> MD5 is legit
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\system32\Drivers\bdfsfltr.sys 66116E0A4DA8407FF7F2AAACE52B8B54
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys 91CE0D3DC57DD377E690A2D324022B08
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\eamonm.sys FE96AA1A36E76588C80DF1040286DDE1
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ehdrv.sys 807BA90D47F8885C09E1D6AFBB706E18
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\epfw.sys 00A81DC02BA17FB4BFCFA026DC47458F
C:\Windows\System32\DRIVERS\EpfwLWF.sys 3B085449438B2BCFD09CC84A0B90D1DB
C:\Windows\System32\DRIVERS\epfwwfp.sys 91D54747A07F56ADCE1B6CFD3387AF60
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\system32\D76B.tmp D831187BA6816A117101FAAF207B9576
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys FAF015B07E3A2874A790A39B7D2C579F
C:\Windows\System32\DRIVERS\mrxsmb10.sys 08E2345DF129082BCDFFDC1440F9C00D
C:\Windows\System32\DRIVERS\mrxsmb20.sys 108D87409C5812EF47D81E22843E8C9D
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nusb3hub.sys 786DB821BFD57C0551DBBE4F75384A7D
C:\Windows\system32\drivers\nusb3xhc.sys DAA8005CAF745042BB427A1ED7433354
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\psi_mf_amd64.sys DD3FD48D69F5FBBB21D46D1514C1C2DB
C:\Windows\system32\pwdrvio.sys C32ECB99AD25E9A04F01C8665DF29EF8
C:\Windows\system32\pwdspio.sys D619356B955EEFA642F5FF72755E8B3C
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys BAEFEE35D27A5440D35092CE10267BEC
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5
C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 2098B8556D1CEC2ACA9A29CD479E3692
C:\Windows\System32\DRIVERS\srv2.sys D0F73A42040F21F92FD314B42AC5C9E7
C:\Windows\System32\DRIVERS\srvnet.sys 2BA8F3250828CCDB4204ECF2C6F40B6A
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tcpip.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TRUFOS.sys D5747C16225B4C7B0D04511DB0407544
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-07 09:35 - 2014-03-07 09:36 - 00033104 _____ () C:\Users\NSM\Desktop\FRST.txt
2014-03-07 09:34 - 2014-03-07 09:34 - 00002005 _____ () C:\Users\NSM\Desktop\ESET Smart Security.lnk
2014-03-07 09:31 - 2014-03-07 09:35 - 00000000 ____D () C:\FRST
2014-03-07 09:27 - 2014-03-07 09:27 - 02156544 _____ (Farbar) C:\Users\NSM\Desktop\FRST64.exe
2014-03-07 08:49 - 2014-03-07 08:49 - 00000000 ____D () C:\Users\NSM\AppData\Roaming\ESET
2014-03-07 08:49 - 2014-03-07 08:49 - 00000000 ____D () C:\Users\NSM\AppData\Local\ESET
2014-03-07 08:47 - 2014-03-07 08:47 - 00000000 ____D () C:\ProgramData\ESET
2014-03-07 08:47 - 2014-03-07 08:47 - 00000000 ____D () C:\Program Files\ESET
2014-03-07 07:45 - 2014-03-07 07:45 - 00000378 _____ () C:\Users\NSM\Desktop\ScanDisk Cruzer 8GB(G).lnk
2014-03-07 01:14 - 2014-03-07 01:15 - 00000000 ____D () C:\Windows\pss
2014-03-06 23:34 - 2014-03-06 23:43 - 00000000 ____D () C:\AdwCleaner
2014-03-06 23:26 - 2014-03-06 23:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-06 23:25 - 2014-03-06 23:25 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-06 23:23 - 2014-03-07 09:28 - 00000000 ____D () C:\Users\NSM\AppData\Local\CrashDumps
2014-03-06 23:01 - 2014-03-06 23:01 - 00000000 ____D () C:\ProgramData\Sophos
2014-03-06 22:59 - 2014-03-06 22:59 - 00000000 ____D () C:\Users\NSM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-03-06 22:19 - 2014-03-06 22:24 - 00000506 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ddac0714-002c-4850-9317-7b831b770d9a.job
2014-03-06 22:19 - 2014-03-06 22:24 - 00000506 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 199ddfcb-003f-42b4-b237-9aca85569728.job
2014-03-06 22:19 - 2014-03-06 22:19 - 00003572 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 199ddfcb-003f-42b4-b237-9aca85569728
2014-03-06 22:19 - 2014-03-06 22:19 - 00003498 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task ddac0714-002c-4850-9317-7b831b770d9a
2014-03-06 22:19 - 2014-03-06 22:19 - 00000000 ____D () C:\Users\NSM\AppData\Roaming\SUPERAntiSpyware.com
2014-03-06 22:18 - 2014-03-06 22:19 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-06 22:18 - 2014-03-06 22:18 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-06 22:13 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\Windows\system32\D76B.tmp
2014-03-06 22:12 - 2011-08-25 09:33 - 00006144 ____N (Sophos Plc) C:\Windows\system32\7C11.tmp
2014-03-06 22:07 - 2014-03-06 22:07 - 00000000 ____D () C:\Users\NSM\AppData\Local\Secunia PSI
2014-03-06 22:06 - 2014-03-06 22:06 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-03-06 22:04 - 2014-03-06 22:04 - 00000000 ____D () C:\Users\NSM\AppData\Roaming\Google
2014-03-06 21:58 - 2014-03-06 22:05 - 00000000 ____D () C:\Users\NSM\AppData\Local\NPE
2014-03-06 21:58 - 2014-03-06 21:58 - 00000000 ____D () C:\ProgramData\Norton
2014-03-06 21:48 - 2014-03-06 21:48 - 00000000 ____D () C:\Program Files\HitmanPro
2014-03-06 21:47 - 2014-03-06 21:57 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-06 21:46 - 2014-03-06 21:46 - 00000000 ___SD () C:\ComboFix
2014-03-06 21:44 - 2014-03-06 21:46 - 00000000 ____D () C:\Qoobox
2014-03-06 21:44 - 2014-03-06 21:44 - 00000000 ____D () C:\Windows\erdnt
2014-03-06 21:31 - 2014-03-06 21:31 - 00000000 ____D () C:\Users\NSM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-03-06 21:30 - 2014-03-06 21:30 - 00000000 ____D () C:\Users\NSM\AppData\Roaming\WinRAR
2014-03-06 20:12 - 2014-03-07 08:43 - 00348336 _____ () C:\Windows\PFRO.log
2014-03-06 17:18 - 2014-03-07 07:07 - 00000728 _____ () C:\Windows\setupact.log
2014-03-06 17:18 - 2014-03-06 17:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-06 16:07 - 2013-09-30 16:26 - 03050808 _____ () C:\Windows\system32\pwNative.exe
2014-03-06 16:07 - 2013-09-30 16:26 - 00019152 ____N () C:\Windows\system32\pwdrvio.sys
2014-03-06 16:07 - 2013-09-30 16:26 - 00012504 ____N () C:\Windows\system32\pwdspio.sys
2014-03-06 15:59 - 2014-03-06 15:59 - 00000000 ____D () C:\ProgramData\Google
2014-03-06 15:59 - 2014-03-06 15:59 - 00000000 ____D () C:\Program Files\Google
2014-03-06 15:58 - 2014-03-06 15:58 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-06 15:57 - 2014-03-07 09:34 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-06 15:57 - 2014-03-07 09:08 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-06 15:57 - 2014-03-06 22:04 - 00000000 ____D () C:\Users\NSM\AppData\Local\Google
2014-03-06 15:57 - 2014-03-06 16:03 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-06 15:57 - 2014-03-06 16:03 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-06 15:57 - 2014-03-06 15:59 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-06 15:56 - 2014-03-06 16:03 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-03-06 15:54 - 2014-03-07 08:43 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-06 15:50 - 2014-03-06 15:50 - 00003108 _____ () C:\Windows\System32\Tasks\ASC7_PerformanceMonitor
2014-03-06 15:50 - 2014-03-06 15:50 - 00000778 _____ () C:\Users\NSM\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-03-06 15:50 - 2014-03-06 15:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-03-06 15:50 - 2014-03-06 15:50 - 00000000 ____D () C:\Users\NSM\AppData\Roaming\Apple Computer
2014-03-06 15:50 - 2014-03-06 15:50 - 00000000 ____D () C:\ProgramData\ProductData
2014-03-06 15:49 - 2014-03-06 16:05 - 00000000 ____D () C:\ProgramData\IObit
2014-03-06 15:49 - 2014-03-06 15:50 - 00000000 ____D () C:\Users\NSM\AppData\Roaming\IObit
2014-03-06 15:49 - 2014-03-06 15:49 - 00002864 _____ () C:\Windows\System32\Tasks\ASC7U_SkipUac_NSM
2014-03-06 15:49 - 2014-03-06 15:49 - 00000000 ____D () C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424}
2014-03-06 15:49 - 2014-03-06 15:49 - 00000000 ____D () C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2014-03-06 15:49 - 2014-03-06 15:49 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-03-06 15:49 - 2011-11-21 18:59 - 00329800 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-03-06 15:49 - 2011-03-24 15:36 - 00431176 _____ (BitDefender) C:\Windows\system32\Drivers\bdfsfltr.sys
2014-03-06 15:48 - 2014-03-06 16:24 - 00000000 ____D () C:\Windows\Panther
2014-03-06 15:47 - 2014-03-06 15:47 - 00000000 ____D () C:\Hotfix
2014-03-06 15:47 - 2011-02-15 20:16 - 00000029 ___RH () C:\Windows\version
2014-03-06 15:47 - 2011-02-15 20:16 - 00000013 ____R () C:\Windows\csup.txt
2014-03-06 14:23 - 2014-03-06 14:23 - 00000000 ____D () C:\Users\NSM\AppData\Roaming\Malwarebytes
2014-03-06 14:23 - 2014-03-06 14:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-06 14:23 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-06 14:09 - 2014-03-06 14:09 - 00057560 _____ () C:\Users\NSM\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-06 13:56 - 2014-03-07 09:35 - 00600255 _____ () C:\Windows\WindowsUpdate.log
2014-03-06 13:55 - 2014-03-06 13:55 - 00001443 _____ () C:\Users\NSM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-06 13:55 - 2014-03-06 13:55 - 00001409 _____ () C:\Users\NSM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-03-06 13:55 - 2014-03-06 13:55 - 00000000 ___RD () C:\Users\NSM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-06 13:55 - 2014-03-06 13:55 - 00000000 ___RD () C:\Users\NSM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-06 13:55 - 2014-03-06 13:55 - 00000000 ____D () C:\Users\NSM\AppData\Local\VirtualStore
2014-03-06 13:54 - 2014-03-06 13:55 - 00000000 ____D () C:\Users\NSM
2014-03-06 13:54 - 2014-03-06 13:54 - 00000020 ___SH () C:\Users\NSM\ntuser.ini
2014-03-06 13:54 - 2014-03-06 13:54 - 00000000 __SHD () C:\Recovery
2014-03-06 13:54 - 2009-07-13 22:54 - 00000000 ___RD () C:\Users\NSM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-06 13:54 - 2009-07-13 22:49 - 00000000 ___RD () C:\Users\NSM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
 
==================== One Month Modified Files and Folders =======
 
2014-03-07 09:36 - 2014-03-07 09:35 - 00033104 _____ () C:\Users\NSM\Desktop\FRST.txt
2014-03-07 09:35 - 2014-03-07 09:31 - 00000000 ____D () C:\FRST
2014-03-07 09:35 - 2014-03-06 13:56 - 00600255 _____ () C:\Windows\WindowsUpdate.log
2014-03-07 09:34 - 2014-03-07 09:34 - 00002005 _____ () C:\Users\NSM\Desktop\ESET Smart Security.lnk
2014-03-07 09:34 - 2014-03-06 15:57 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-07 09:34 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-07 09:28 - 2014-03-06 23:23 - 00000000 ____D () C:\Users\NSM\AppData\Local\CrashDumps
2014-03-07 09:27 - 2014-03-07 09:27 - 02156544 _____ (Farbar) C:\Users\NSM\Desktop\FRST64.exe
2014-03-07 09:16 - 2009-07-13 22:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-07 09:16 - 2009-07-13 22:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-07 09:14 - 2009-07-13 23:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-07 09:08 - 2014-03-06 15:57 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-07 08:49 - 2014-03-07 08:49 - 00000000 ____D () C:\Users\NSM\AppData\Roaming\ESET
2014-03-07 08:49 - 2014-03-07 08:49 - 00000000 ____D () C:\Users\NSM\AppData\Local\ESET
2014-03-07 08:47 - 2014-03-07 08:47 - 00000000 ____D () C:\ProgramData\ESET
2014-03-07 08:47 - 2014-03-07 08:47 - 00000000 ____D () C:\Program Files\ESET
2014-03-07 08:43 - 2014-03-06 20:12 - 00348336 _____ () C:\Windows\PFRO.log
2014-03-07 08:43 - 2014-03-06 15:54 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-07 07:45 - 2014-03-07 07:45 - 00000378 _____ () C:\Users\NSM\Desktop\ScanDisk Cruzer 8GB(G).lnk
2014-03-07 07:07 - 2014-03-06 17:18 - 00000728 _____ () C:\Windows\setupact.log
2014-03-07 01:15 - 2014-03-07 01:14 - 00000000 ____D () C:\Windows\pss
2014-03-06 23:43 - 2014-03-06 23:34 - 00000000 ____D () C:\AdwCleaner
2014-03-06 23:33 - 2014-03-06 23:26 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-06 23:25 - 2014-03-06 23:25 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-06 23:01 - 2014-03-06 23:01 - 00000000 ____D () C:\ProgramData\Sophos
2014-03-06 22:59 - 2014-03-06 22:59 - 00000000 ____D () C:\Users\NSM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-03-06 22:24 - 2014-03-06 22:19 - 00000506 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ddac0714-002c-4850-9317-7b831b770d9a.job
2014-03-06 22:24 - 2014-03-06 22:19 - 00000506 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 199ddfcb-003f-42b4-b237-9aca85569728.job
2014-03-06 22:19 - 2014-03-06 22:19 - 00003572 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 199ddfcb-003f-42b4-b237-9aca85569728
2014-03-06 22:19 - 2014-03-06 22:19 - 00003498 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task ddac0714-002c-4850-9317-7b831b770d9a
2014-03-06 22:19 - 2014-03-06 22:19 - 00000000 ____D () C:\Users\NSM\AppData\Roaming\SUPERAntiSpyware.com
2014-03-06 22:19 - 2014-03-06 22:18 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-06 22:18 - 2014-03-06 22:18 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-06 22:07 - 2014-03-06 22:07 - 00000000 ____D () C:\Users\NSM\AppData\Local\Secunia PSI
2014-03-06 22:06 - 2014-03-06 22:06 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-03-06 22:05 - 2014-03-06 21:58 - 00000000 ____D () C:\Users\NSM\AppData\Local\NPE
2014-03-06 22:04 - 2014-03-06 22:04 - 00000000 ____D () C:\Users\NSM\AppData\Roaming\Google
2014-03-06 22:04 - 2014-03-06 15:57 - 00000000 ____D () C:\Users\NSM\AppData\Local\Google
2014-03-06 21:58 - 2014-03-06 21:58 - 00000000 ____D () C:\ProgramData\Norton
2014-03-06 21:57 - 2014-03-06 21:47 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-06 21:48 - 2014-03-06 21:48 - 00000000 ____D () C:\Program Files\HitmanPro
2014-03-06 21:46 - 2014-03-06 21:46 - 00000000 ___SD () C:\ComboFix
2014-03-06 21:46 - 2014-03-06 21:44 - 00000000 ____D () C:\Qoobox
2014-03-06 21:44 - 2014-03-06 21:44 - 00000000 ____D () C:\Windows\erdnt
2014-03-06 21:31 - 2014-03-06 21:31 - 00000000 ____D () C:\Users\NSM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-03-06 21:30 - 2014-03-06 21:30 - 00000000 ____D () C:\Users\NSM\AppData\Roaming\WinRAR
2014-03-06 17:18 - 2014-03-06 17:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-06 16:24 - 2014-03-06 15:48 - 00000000 ____D () C:\Windows\Panther
2014-03-06 16:05 - 2014-03-06 15:49 - 00000000 ____D () C:\ProgramData\IObit
2014-03-06 16:03 - 2014-03-06 15:57 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-06 16:03 - 2014-03-06 15:57 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-06 16:03 - 2014-03-06 15:56 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-03-06 15:59 - 2014-03-06 15:59 - 00000000 ____D () C:\ProgramData\Google
2014-03-06 15:59 - 2014-03-06 15:59 - 00000000 ____D () C:\Program Files\Google
2014-03-06 15:59 - 2014-03-06 15:57 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-06 15:58 - 2014-03-06 15:58 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-06 15:54 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-03-06 15:53 - 2009-07-13 22:45 - 00274320 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-06 15:51 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-03-06 15:50 - 2014-03-06 15:50 - 00003108 _____ () C:\Windows\System32\Tasks\ASC7_PerformanceMonitor
2014-03-06 15:50 - 2014-03-06 15:50 - 00000778 _____ () C:\Users\NSM\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-03-06 15:50 - 2014-03-06 15:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-03-06 15:50 - 2014-03-06 15:50 - 00000000 ____D () C:\Users\NSM\AppData\Roaming\Apple Computer
2014-03-06 15:50 - 2014-03-06 15:50 - 00000000 ____D () C:\ProgramData\ProductData
2014-03-06 15:50 - 2014-03-06 15:49 - 00000000 ____D () C:\Users\NSM\AppData\Roaming\IObit
2014-03-06 15:49 - 2014-03-06 15:49 - 00002864 _____ () C:\Windows\System32\Tasks\ASC7U_SkipUac_NSM
2014-03-06 15:49 - 2014-03-06 15:49 - 00000000 ____D () C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424}
2014-03-06 15:49 - 2014-03-06 15:49 - 00000000 ____D () C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2014-03-06 15:49 - 2014-03-06 15:49 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-03-06 15:49 - 2010-11-21 01:17 - 00000000 ____D () C:\Windows\CSC
2014-03-06 15:48 - 2009-07-13 23:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-03-06 15:48 - 2009-07-13 23:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-03-06 15:47 - 2014-03-06 15:47 - 00000000 ____D () C:\Hotfix
2014-03-06 15:47 - 2009-07-13 22:45 - 00000000 ____D () C:\Windows\Setup
2014-03-06 15:47 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\Recovery
2014-03-06 15:47 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\oobe
2014-03-06 15:02 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\system32\restore
2014-03-06 14:23 - 2014-03-06 14:23 - 00000000 ____D () C:\Users\NSM\AppData\Roaming\Malwarebytes
2014-03-06 14:23 - 2014-03-06 14:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-06 14:09 - 2014-03-06 14:09 - 00057560 _____ () C:\Users\NSM\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-06 13:55 - 2014-03-06 13:55 - 00001443 _____ () C:\Users\NSM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-06 13:55 - 2014-03-06 13:55 - 00001409 _____ () C:\Users\NSM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-03-06 13:55 - 2014-03-06 13:55 - 00000000 ___RD () C:\Users\NSM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-06 13:55 - 2014-03-06 13:55 - 00000000 ___RD () C:\Users\NSM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-06 13:55 - 2014-03-06 13:55 - 00000000 ____D () C:\Users\NSM\AppData\Local\VirtualStore
2014-03-06 13:55 - 2014-03-06 13:54 - 00000000 ____D () C:\Users\NSM
2014-03-06 13:54 - 2014-03-06 13:54 - 00000020 ___SH () C:\Users\NSM\ntuser.ini
2014-03-06 13:54 - 2014-03-06 13:54 - 00000000 __SHD () C:\Recovery
 
Some content of TEMP:
====================
C:\Users\NSM\AppData\Local\Temp\InstHelper.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {298864d5-a4e9-11e3-b7cc-a34063f2633f}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {298864d3-a4e9-11e3-b7cc-a34063f2633f}
device                  ramdisk=[C:]\Recovery\298864d3-a4e9-11e3-b7cc-a34063f2633f\Winre.wim,{298864d4-a4e9-11e3-b7cc-a34063f2633f}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\298864d3-a4e9-11e3-b7cc-a34063f2633f\Winre.wim,{298864d4-a4e9-11e3-b7cc-a34063f2633f}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {298864d7-a4e9-11e3-b7cc-a34063f2633f}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {298864d5-a4e9-11e3-b7cc-a34063f2633f}
nx                      OptIn
numproc                 2
usefirmwarepcisettings  No
 
Windows Boot Loader
-------------------
identifier              {298864d7-a4e9-11e3-b7cc-a34063f2633f}
device                  ramdisk=[C:]\Recovery\298864d7-a4e9-11e3-b7cc-a34063f2633f\Winre.wim,{298864d8-a4e9-11e3-b7cc-a34063f2633f}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\298864d7-a4e9-11e3-b7cc-a34063f2633f\Winre.wim,{298864d8-a4e9-11e3-b7cc-a34063f2633f}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {298864d5-a4e9-11e3-b7cc-a34063f2633f}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {298864d4-a4e9-11e3-b7cc-a34063f2633f}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\298864d3-a4e9-11e3-b7cc-a34063f2633f\boot.sdi
 
Device options
--------------
identifier              {298864d8-a4e9-11e3-b7cc-a34063f2633f}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\298864d7-a4e9-11e3-b7cc-a34063f2633f\boot.sdi
 
 
 
LastRegBack: 2014-03-06 14:55
 
==================== End Of Log ============================
 
*******************************************************************************************************************
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-03-2014
Ran by NSM at 2014-03-07 09:36:35
Running from C:\Users\NSM\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: ESET Smart Security 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
 
==================== Installed Programs ======================
 
Advanced SystemCare Ultimate 7 (HKLM-x32\...\Advanced SystemCare Ultimate_is1) (Version: 
 
7.0.1 - IObit)
ESET Smart Security (HKLM\...\{F7C525E7-659A-47F6-A25A-7A63FA10E767}) (Version: 7.0.302.26 
 
- ESET, spol s r. o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) 
 
(Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.0.4.1099 - IObit)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) 
 
(Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-
 
ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-
 
A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 
 
2.4 - Sophos Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - 
 
SUPERAntiSpyware.com)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
 
==================== Restore Points  =========================
 
06-03-2014 21:55:48 avast! Free Antivirus Setup
06-03-2014 22:03:27 avast! antivirus system restore point
07-03-2014 04:01:23 Norton_Power_Eraser_20140306220122526
07-03-2014 04:58:40 Installed Sophos Virus Removal Tool.
07-03-2014 14:41:44 avast! antivirus system restore point
 
==================== Hosts content: ==========================
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {19A72D98-75CD-49AA-97CE-C7ADF0B64BDB} - System32\Tasks\SUPERAntiSpyware Scheduled 
 
Task 199ddfcb-003f-42b4-b237-9aca85569728 => C:\Program Files\SUPERAntiSpyware\SASTask.exe 
 
[2013-11-07] (SUPERAdBlocker.com)
Task: {22238A4C-86CD-41BB-9CBC-17904F078DCF} - System32\Tasks\ASC7_PerformanceMonitor => 
 
G:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\Monitor.exe
Task: {82C5416E-D9DF-4580-ADAC-71B3617E587D} - System32\Tasks\GoogleUpdateTaskMachineUA => 
 
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-06] (Google Inc.)
Task: {B08AEED3-F5C9-4DBF-9F79-FEEC3C35EC79} - System32\Tasks\ASC7U_SkipUac_NSM => G:
 
\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASC.exe
Task: {E7A1039C-DF9A-4CBE-90FB-549ED8575CBD} - System32\Tasks\GoogleUpdateTaskMachineCore 
 
=> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-06] (Google Inc.)
Task: {EE4DBE0B-72C6-4730-95B9-307FF1442822} - System32\Tasks\SUPERAntiSpyware Scheduled 
 
Task ddac0714-002c-4850-9317-7b831b770d9a => C:\Program Files\SUPERAntiSpyware\SASTask.exe 
 
[2013-11-07] (SUPERAdBlocker.com)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google
 
\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google
 
\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 199ddfcb-003f-42b4-b237-
 
9aca85569728.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ddac0714-002c-4850-9317-
 
7b831b770d9a.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-06 15:58 - 2014-03-01 20:35 - 00051016 _____ () C:\Program Files (x86)\Google
 
\Chrome\Application\33.0.1750.146\chrome_elf.dll
2014-03-06 15:58 - 2014-03-01 20:35 - 04061000 _____ () C:\Program Files (x86)\Google
 
\Chrome\Application\33.0.1750.146\pdf.dll
2014-03-06 15:58 - 2014-03-01 20:35 - 00394568 _____ () C:\Program Files (x86)\Google
 
\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
2014-03-06 15:58 - 2014-03-01 20:35 - 01647432 _____ () C:\Program Files (x86)\Google
 
\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
2014-01-03 00:59 - 2014-02-10 11:04 - 00430080 _____ () C:\Windows\mod_frst.exe
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\53475347.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\53475347.sys => ""="Driver"
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdvancedSystemCareService7 => 2
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: AppMgmt => 3
MSCONFIG\Services: ASCAntivirusSrv => 2
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: Secunia PSI Agent => 3
MSCONFIG\Services: Secunia Update Agent => 2
MSCONFIG\startupreg: Advanced SystemCare Ultimate => "G:\Program Files (x86)\IObit\Advanced 
 
SystemCare Ultimate 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier
 
\GoogleToolbarNotifier.exe"
 
==================== Faulty Device Manager Devices =============
 
Name: Multimedia Controller
Description: Multimedia Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the 
 
Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/07/2014 09:35:53 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE 
 
TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/07/2014 09:28:53 AM) (Source: Application Error) (User: )
Description: Faulting application name: Monitor.exe, version: 0.0.0.0, time stamp: 
 
0x52972c41
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00000fd
Fault offset: 0x740fe2d4
Faulting process id: 0x7a0
Faulting application start time: 0xMonitor.exe0
Faulting application path: Monitor.exe1
Faulting module path: Monitor.exe2
Report Id: Monitor.exe3
 
Error: (03/07/2014 09:11:00 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE 
 
TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/07/2014 09:02:07 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE 
 
TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/07/2014 08:56:16 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE 
 
TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/07/2014 08:45:15 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE 
 
TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/07/2014 08:34:33 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE 
 
TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/07/2014 07:08:57 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE 
 
TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/07/2014 07:06:21 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE 
 
TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/07/2014 06:36:03 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE 
 
TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (03/07/2014 09:34:07 AM) (Source: Service Control Manager) (User: )
Description: The MBAMService service failed to start due to the following error: 
%%2
 
Error: (03/07/2014 09:34:03 AM) (Source: Service Control Manager) (User: )
Description: The Windows Audio service depends on the Windows Audio Endpoint Builder 
 
service which failed to start because of the following error: 
%%1058
 
Error: (03/07/2014 09:09:10 AM) (Source: Service Control Manager) (User: )
Description: The Windows Audio service depends on the Windows Audio Endpoint Builder 
 
service which failed to start because of the following error: 
%%1058
 
Error: (03/07/2014 09:00:19 AM) (Source: Service Control Manager) (User: )
Description: The Windows Audio service depends on the Windows Audio Endpoint Builder 
 
service which failed to start because of the following error: 
%%1058
 
Error: (03/07/2014 08:54:34 AM) (Source: Service Control Manager) (User: )
Description: The Windows Audio service depends on the Windows Audio Endpoint Builder 
 
service which failed to start because of the following error: 
%%1058
 
Error: (03/07/2014 08:48:00 AM) (Source: Service Control Manager) (User: )
Description: The ESET Service service is marked as an interactive service.  However, the 
 
system is configured to not allow interactive services.  This service may not function 
 
properly.
 
Error: (03/07/2014 08:43:28 AM) (Source: Service Control Manager) (User: )
Description: The Windows Audio service depends on the Windows Audio Endpoint Builder 
 
service which failed to start because of the following error: 
%%1058
 
Error: (03/07/2014 08:32:43 AM) (Source: Service Control Manager) (User: )
Description: The Windows Audio service depends on the Windows Audio Endpoint Builder 
 
service which failed to start because of the following error: 
%%1058
 
Error: (03/07/2014 07:07:09 AM) (Source: Service Control Manager) (User: )
Description: The MBAMService service failed to start due to the following error: 
%%2
 
Error: (03/07/2014 07:07:09 AM) (Source: Service Control Manager) (User: )
Description: The MBAMScheduler service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (03/07/2014 09:35:53 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE 
 
TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/07/2014 09:28:53 AM) (Source: Application Error)(User: )
Description: 
 
Monitor.exe0.0.0.052972c41unknown0.0.0.000000000c00000fd740fe2d47a001cf3a1735a93d6cG:
 
\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\Monitor.exeunknown306c0909-a60d-
 
11e3-a9ab-b8ac6fe199d5
 
Error: (03/07/2014 09:11:00 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE 
 
TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/07/2014 09:02:07 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE 
 
TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/07/2014 08:56:16 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE 
 
TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/07/2014 08:45:15 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE 
 
TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/07/2014 08:34:33 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE 
 
TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/07/2014 07:08:57 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE 
 
TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/07/2014 07:06:21 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE 
 
TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/07/2014 06:36:03 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE 
 
TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-03-06 22:16:34.387
  Description: Windows is unable to verify the image integrity of the file \Device
 
\HarddiskVolume5\Windows\System32\D76B.tmp because file hash could not be found on the 
 
system. A recent hardware or software change might have installed a file that is signed 
 
incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-06 22:16:34.387
  Description: Windows is unable to verify the image integrity of the file \Device
 
\HarddiskVolume5\Windows\System32\D76B.tmp because file hash could not be found on the 
 
system. A recent hardware or software change might have installed a file that is signed 
 
incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-06 22:16:34.371
  Description: Windows is unable to verify the image integrity of the file \Device
 
\HarddiskVolume5\Windows\System32\D76B.tmp because file hash could not be found on the 
 
system. A recent hardware or software change might have installed a file that is signed 
 
incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-06 22:16:34.356
  Description: Windows is unable to verify the image integrity of the file \Device
 
\HarddiskVolume5\Windows\System32\D76B.tmp because file hash could not be found on the 
 
system. A recent hardware or software change might have installed a file that is signed 
 
incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-06 22:16:34.324
  Description: Windows is unable to verify the image integrity of the file \Device
 
\HarddiskVolume5\Windows\System32\D76B.tmp because file hash could not be found on the 
 
system. A recent hardware or software change might have installed a file that is signed 
 
incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-06 22:16:34.324
  Description: Windows is unable to verify the image integrity of the file \Device
 
\HarddiskVolume5\Windows\System32\D76B.tmp because file hash could not be found on the 
 
system. A recent hardware or software change might have installed a file that is signed 
 
incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-06 22:16:34.293
  Description: Windows is unable to verify the image integrity of the file \Device
 
\HarddiskVolume5\Windows\System32\D76B.tmp because file hash could not be found on the 
 
system. A recent hardware or software change might have installed a file that is signed 
 
incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-06 22:16:34.293
  Description: Windows is unable to verify the image integrity of the file \Device
 
\HarddiskVolume5\Windows\System32\D76B.tmp because file hash could not be found on the 
 
system. A recent hardware or software change might have installed a file that is signed 
 
incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-06 22:16:09.832
  Description: Windows is unable to verify the image integrity of the file \Device
 
\HarddiskVolume5\Windows\System32\D76B.tmp because file hash could not be found on the 
 
system. A recent hardware or software change might have installed a file that is signed 
 
incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-06 22:16:09.817
  Description: Windows is unable to verify the image integrity of the file \Device
 
\HarddiskVolume5\Windows\System32\D76B.tmp because file hash could not be found on the 
 
system. A recent hardware or software change might have installed a file that is signed 
 
incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 51%
Total physical RAM: 3070.98 MB
Available physical RAM: 1494.4 MB
Total Pagefile: 6140.17 MB
Available Pagefile: 4446.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:48.83 GB) (Free:32.39 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:10.88 GB) (Free:10.77 GB) NTFS
Drive e: () (Fixed) (Total:406.01 GB) (Free:405.88 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 77E3ED41)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=11 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=406 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=49 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=128 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
and there you go - I have NOT updated win 7 at all - windows update is disabled at this time lots of updates are waiting on the tarmac.
BTW est is drug of choice for antivirus presently.

Edited by KKAOSS, 07 March 2014 - 10:54 AM.


#14 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:45 AM

Posted 07 March 2014 - 11:53 PM

Have not forgotten.....just a busy day today.  Thanks for your patience.   :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#15 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:45 AM

Posted 09 March 2014 - 06:23 PM

Sorry for any delay...a bit of a family emergency.  
 
weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users