Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojans, BackDoor and Infected Container's Galore


  • This topic is locked This topic is locked
21 replies to this topic

#1 Redirectsux

Redirectsux

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 15 March 2014 - 10:05 AM

Having difficulty with my laptop. Not sure on when it began but antivirus software license expired and I didn't renew and continued to use computer/internet with now bad results. The major symptoms were slow performance and frequent crashing when web browsing. When attempting to watch a video on amazon prime, there would be random audio played that sounded like some kind of healthcare advertisement.

Originally I posted to the Windows 7 thread but was directed to post here after running Dr.Web scan that came back with 4524 threats detected when I finally stopped the scan because it appeared to be running indefinitely. I did use the neutralize option with Dr. Web and right now my computer appears to be performing much better, but I wouldn't be surprised if there is still some Malware on board.

 

I attempted to run DDS, but it seemed to stall and never complete it's scan and produce the files.

I've attached a pic of what Dr. Web found.

Thanks in advance for any assistance!

 

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:43 AM

Posted 15 March 2014 - 02:09 PM

Hello Redirectsux,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Download AdwCleaner

  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    "Run as administrator"
  • Click the Scan button.

  • Once the scan completes click  the Clean button
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[S1].txt.

 

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Redirectsux

Redirectsux
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 15 March 2014 - 03:32 PM

From AdwCleaner.exe (I am running Windows 7 and tried right clicking to run as administrator but it did not present that option)

# AdwCleaner v3.022 - Report created 15/03/2014 at 16:26:28
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : CEBKIX - CEBKIX6
# Running from : C:\Users\CEBKIX\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\AI_RecycleBin
Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin
Folder Deleted : C:\Users\CEBKIX\AppData\Local\strongvault
Folder Deleted : C:\Users\CEBKIX\AppData\Local\Temp\AI_RecycleBin
File Deleted : C:\END
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateSaltarSmart_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateSaltarSmart_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\Update SaltarSmart
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\YahooPartnerToolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Users\CEBKIX\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2950 octets] - [15/03/2014 16:25:02]
AdwCleaner[S0].txt - [2515 octets] - [15/03/2014 16:26:28]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2575 octets] ##########
 
I'll run the Farbar tool now.


#4 Redirectsux

Redirectsux
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 15 March 2014 - 03:36 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by CEBKIX (administrator) on CEBKIX6 on 15-03-2014 16:33:49
Running from C:\Users\CEBKIX\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Stronghold Online Backup) C:\Users\CEBKIX\AppData\Local\Strongvault Online Backup\SMessaging.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-12-22] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-12-15] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SMessaging] - C:\Users\CEBKIX\AppData\Local\Strongvault Online Backup\SMessaging.exe [31664 2012-04-04] (Stronghold Online Backup)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-02-25] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2089805370-2052558246-2333505542-1002\...\Run: [Spotify] - "C:\Users\CEBKIX\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
HKU\S-1-5-21-2089805370-2052558246-2333505542-1002\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2089805370-2052558246-2333505542-1002\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2089805370-2052558246-2333505542-1002\...\MountPoints2: {cdba5e1d-0d62-11e1-9304-2c27d7e45bf6} - F:\LaunchU3.exe -a
Startup: C:\Users\CEBKIX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: No Name - {25DA541F-6ACF-4052-A8AA-1D58284729C7} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-05-14] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR Extension: (Google Docs) - C:\Users\CEBKIX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-28]
CHR Extension: (Google Drive) - C:\Users\CEBKIX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-28]
CHR Extension: (YouTube) - C:\Users\CEBKIX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-28]
CHR Extension: (Google Search) - C:\Users\CEBKIX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-28]
CHR Extension: (Google Wallet) - C:\Users\CEBKIX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-28]
CHR Extension: (Gmail) - C:\Users\CEBKIX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-28]
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2011-02-28] (Advanced Micro Devices, Inc.)
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
 
==================== Drivers (Whitelisted) ====================
 
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
U2 CP_OMDRV; 
S1 rwujvyig; \??\C:\Windows\system32\drivers\rwujvyig.sys [X]
U2 VNASC; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-15 16:33 - 2014-03-15 16:34 - 00011641 _____ () C:\Users\CEBKIX\Desktop\FRST.txt
2014-03-15 16:33 - 2014-03-15 16:33 - 00000000 ____D () C:\FRST
2014-03-15 16:33 - 2014-03-15 16:32 - 02157056 _____ (Farbar) C:\Users\CEBKIX\Desktop\FRST64.exe
2014-03-15 16:32 - 2014-03-15 16:32 - 02157056 _____ (Farbar) C:\Users\CEBKIX\Downloads\FRST64.exe
2014-03-15 16:23 - 2014-03-15 16:26 - 00000000 ____D () C:\AdwCleaner
2014-03-15 16:23 - 2014-03-15 16:23 - 01950720 _____ () C:\Users\CEBKIX\Downloads\adwcleaner.exe
2014-03-15 11:01 - 2014-03-15 11:01 - 02269572 _____ () C:\Users\CEBKIX\Downloads\2014-03-15 00.02.21.zip
2014-03-15 10:17 - 2014-03-15 10:17 - 00688992 ____R (Swearware) C:\Users\CEBKIX\Downloads\dds.com
2014-03-15 09:42 - 2014-03-15 09:42 - 00000000 ____D () C:\Users\CEBKIX\AppData\Local\{5F6B1542-FDC2-48E8-958B-A1A030855921}
2014-03-14 18:44 - 2014-03-14 18:45 - 144752808 _____ () C:\Users\CEBKIX\Downloads\cureit.exe
2014-03-13 23:40 - 2014-03-15 09:25 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-03-13 23:37 - 2014-03-13 23:38 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\CEBKIX\Downloads\cbSetup.exe
2014-03-13 23:28 - 2014-03-13 23:28 - 00274392 _____ () C:\Windows\Minidump\031314-23556-01.dmp
2014-03-13 23:24 - 2014-03-13 23:24 - 00274392 _____ () C:\Windows\Minidump\031314-30825-01.dmp
2014-03-13 22:13 - 2014-03-14 23:59 - 00000000 ____D () C:\Users\CEBKIX\Doctor Web
2014-03-13 22:12 - 2014-03-13 22:13 - 144670008 _____ () C:\Users\CEBKIX\Downloads\2bk9n8qr.exe
2014-03-13 21:51 - 2014-03-01 02:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 21:51 - 2014-03-01 01:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 21:51 - 2014-03-01 01:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 21:51 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 21:51 - 2014-03-01 00:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 21:51 - 2014-03-01 00:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 21:51 - 2014-03-01 00:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 21:51 - 2014-03-01 00:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 21:51 - 2014-03-01 00:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 21:51 - 2014-03-01 00:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 21:51 - 2014-03-01 00:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 21:51 - 2014-03-01 00:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 21:51 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 21:51 - 2014-03-01 00:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 21:51 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 21:51 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 21:51 - 2014-03-01 00:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 21:51 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 21:51 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 21:51 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 21:51 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 21:51 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 21:51 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 21:51 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 21:51 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 21:51 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 21:51 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 21:51 - 2014-02-28 23:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 21:51 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 21:51 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 21:51 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 21:51 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 21:51 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 21:51 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 21:51 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 21:51 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 21:51 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 21:51 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 21:51 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 21:51 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 21:48 - 2014-03-15 11:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-13 21:48 - 2014-03-13 21:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-13 21:48 - 2014-03-13 21:48 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-13 21:48 - 2014-03-13 21:48 - 00000000 ____D () C:\Windows\system32\Macromed
2014-03-13 21:48 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 21:48 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 21:48 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 21:48 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 21:48 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 21:48 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 21:47 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 21:47 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 21:39 - 2014-03-13 21:39 - 00028101 _____ () C:\Users\CEBKIX\Desktop\Result minitoolkit.txt
2014-03-13 21:34 - 2014-03-13 21:34 - 00028101 _____ () C:\Users\CEBKIX\Desktop\Result.txt
2014-03-13 20:45 - 2014-03-13 20:45 - 00274392 _____ () C:\Windows\Minidump\031314-25880-01.dmp
2014-03-13 20:40 - 2014-03-13 20:40 - 00274392 _____ () C:\Windows\Minidump\031314-28485-01.dmp
2014-03-13 19:57 - 2014-03-13 19:57 - 00274392 _____ () C:\Windows\Minidump\031314-23540-01.dmp
2014-03-13 19:52 - 2014-03-13 19:52 - 00274392 _____ () C:\Windows\Minidump\031314-26270-01.dmp
2014-03-07 04:02 - 2013-12-21 05:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-07 04:02 - 2013-12-21 04:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-06 20:52 - 2014-03-06 20:52 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-06 20:51 - 2014-03-06 20:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-06 20:43 - 2014-03-06 20:43 - 00274392 _____ () C:\Windows\Minidump\030614-28111-01.dmp
2014-03-06 20:40 - 2014-03-06 20:52 - 00000000 ____D () C:\Program Files\iTunes
2014-03-06 20:40 - 2014-03-06 20:52 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-06 20:40 - 2014-03-06 20:51 - 00000000 ____D () C:\Program Files\iPod
2014-03-06 20:37 - 2013-12-31 19:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-03-06 20:37 - 2013-12-31 19:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-03-06 20:37 - 2013-12-05 22:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-06 20:37 - 2013-12-05 22:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-03-06 20:37 - 2013-12-05 22:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-03-06 20:37 - 2013-12-05 22:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-03-06 20:36 - 2013-12-24 19:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-03-06 20:36 - 2013-12-24 18:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-06 20:36 - 2013-12-03 22:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-03-06 20:36 - 2013-12-03 22:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-03-06 20:36 - 2013-12-03 22:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-03-06 20:36 - 2013-12-03 22:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-03-06 20:36 - 2013-12-03 22:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-03-06 20:36 - 2013-12-03 22:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-03-06 20:36 - 2013-12-03 22:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-03-06 20:36 - 2013-12-03 22:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-03-06 20:36 - 2013-12-03 22:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-03-06 20:36 - 2013-12-03 22:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-03-06 20:36 - 2013-12-03 22:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-03-06 20:36 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-03-06 20:36 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-03-06 20:36 - 2013-12-03 22:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-03-06 20:36 - 2013-12-03 21:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-03-06 20:36 - 2013-12-03 21:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-03-06 20:36 - 2013-12-03 21:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-03-06 20:36 - 2013-12-03 21:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-03-06 20:36 - 2013-11-26 04:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-03-06 20:36 - 2013-11-22 18:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-03-06 20:29 - 2014-03-06 20:30 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-06 20:29 - 2014-03-06 20:29 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-06 20:15 - 2014-03-06 20:15 - 00274392 _____ () C:\Windows\Minidump\030614-27908-01.dmp
2014-03-06 20:12 - 2014-03-06 20:12 - 49940480 _____ () C:\Program Files (x86)\GUTF354.tmp
2014-03-06 20:12 - 2014-03-06 20:12 - 00000000 ____D () C:\Program Files (x86)\GUMF353.tmp
2014-03-06 20:07 - 2014-03-06 20:07 - 00274392 _____ () C:\Windows\Minidump\030614-28002-01.dmp
 
==================== One Month Modified Files and Folders =======
 
2014-03-15 16:34 - 2014-03-15 16:33 - 00011641 _____ () C:\Users\CEBKIX\Desktop\FRST.txt
2014-03-15 16:33 - 2014-03-15 16:33 - 00000000 ____D () C:\FRST
2014-03-15 16:32 - 2014-03-15 16:33 - 02157056 _____ (Farbar) C:\Users\CEBKIX\Desktop\FRST64.exe
2014-03-15 16:32 - 2014-03-15 16:32 - 02157056 _____ (Farbar) C:\Users\CEBKIX\Downloads\FRST64.exe
2014-03-15 16:31 - 2014-01-28 21:01 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-15 16:31 - 2011-05-01 04:45 - 02088146 _____ () C:\Windows\WindowsUpdate.log
2014-03-15 16:30 - 2013-08-26 20:15 - 00000000 ____D () C:\Users\CEBKIX\AppData\Local\Strongvault Online Backup
2014-03-15 16:29 - 2014-01-28 21:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-15 16:27 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-15 16:27 - 2009-07-14 00:51 - 00061846 _____ () C:\Windows\setupact.log
2014-03-15 16:27 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-15 16:27 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-15 16:26 - 2014-03-15 16:23 - 00000000 ____D () C:\AdwCleaner
2014-03-15 16:23 - 2014-03-15 16:23 - 01950720 _____ () C:\Users\CEBKIX\Downloads\adwcleaner.exe
2014-03-15 16:21 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-03-15 11:16 - 2011-10-18 15:48 - 00000000 ____D () C:\Users\CEBKIX\AppData\Roaming\SoftGrid Client
2014-03-15 11:11 - 2014-03-13 21:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-15 11:01 - 2014-03-15 11:01 - 02269572 _____ () C:\Users\CEBKIX\Downloads\2014-03-15 00.02.21.zip
2014-03-15 10:17 - 2014-03-15 10:17 - 00688992 ____R (Swearware) C:\Users\CEBKIX\Downloads\dds.com
2014-03-15 10:13 - 2012-02-07 16:36 - 00000000 ____D () C:\Users\CEBKIX\Desktop\DIVORCE
2014-03-15 09:42 - 2014-03-15 09:42 - 00000000 ____D () C:\Users\CEBKIX\AppData\Local\{5F6B1542-FDC2-48E8-958B-A1A030855921}
2014-03-15 09:25 - 2014-03-13 23:40 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-03-15 08:32 - 2010-11-20 23:47 - 00332346 _____ () C:\Windows\PFRO.log
2014-03-15 06:37 - 2014-01-28 21:02 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-14 23:59 - 2014-03-13 22:13 - 00000000 ____D () C:\Users\CEBKIX\Doctor Web
2014-03-14 20:23 - 2011-10-18 12:50 - 00000000 ____D () C:\Users\CEBKIX\AppData\Local\CrashDumps
2014-03-14 20:22 - 2009-07-14 01:08 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-14 18:46 - 2011-08-17 21:23 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D7E40AC6-824F-491E-A52B-84E10C75D512}
2014-03-14 18:45 - 2014-03-14 18:44 - 144752808 _____ () C:\Users\CEBKIX\Downloads\cureit.exe
2014-03-13 23:38 - 2014-03-13 23:37 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\CEBKIX\Downloads\cbSetup.exe
2014-03-13 23:36 - 2009-07-14 01:13 - 00727334 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-13 23:28 - 2014-03-13 23:28 - 00274392 _____ () C:\Windows\Minidump\031314-23556-01.dmp
2014-03-13 23:28 - 2011-10-20 18:55 - 440887830 _____ () C:\Windows\MEMORY.DMP
2014-03-13 23:28 - 2011-10-20 18:55 - 00000000 ____D () C:\Windows\Minidump
2014-03-13 23:24 - 2014-03-13 23:24 - 00274392 _____ () C:\Windows\Minidump\031314-30825-01.dmp
2014-03-13 22:13 - 2014-03-13 22:12 - 144670008 _____ () C:\Users\CEBKIX\Downloads\2bk9n8qr.exe
2014-03-13 22:13 - 2011-08-17 21:16 - 00000000 ____D () C:\Users\CEBKIX
2014-03-13 22:05 - 2009-07-14 00:45 - 00277464 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 22:03 - 2013-03-19 07:15 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 22:03 - 2013-03-19 07:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 21:48 - 2014-03-13 21:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-13 21:48 - 2014-03-13 21:48 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-13 21:48 - 2014-03-13 21:48 - 00000000 ____D () C:\Windows\system32\Macromed
2014-03-13 21:48 - 2011-12-11 16:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-13 21:46 - 2011-09-09 19:57 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCEBKIX
2014-03-13 21:46 - 2011-09-09 19:57 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForCEBKIX.job
2014-03-13 21:39 - 2014-03-13 21:39 - 00028101 _____ () C:\Users\CEBKIX\Desktop\Result minitoolkit.txt
2014-03-13 21:34 - 2014-03-13 21:34 - 00028101 _____ () C:\Users\CEBKIX\Desktop\Result.txt
2014-03-13 20:45 - 2014-03-13 20:45 - 00274392 _____ () C:\Windows\Minidump\031314-25880-01.dmp
2014-03-13 20:40 - 2014-03-13 20:40 - 00274392 _____ () C:\Windows\Minidump\031314-28485-01.dmp
2014-03-13 19:57 - 2014-03-13 19:57 - 00274392 _____ () C:\Windows\Minidump\031314-23540-01.dmp
2014-03-13 19:52 - 2014-03-13 19:52 - 00274392 _____ () C:\Windows\Minidump\031314-26270-01.dmp
2014-03-07 05:34 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-03-07 04:19 - 2013-08-05 20:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-06 23:48 - 2011-10-13 12:59 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCEBKIX6$
2014-03-06 23:48 - 2011-10-13 12:59 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForCEBKIX6$.job
2014-03-06 20:52 - 2014-03-06 20:52 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-06 20:52 - 2014-03-06 20:51 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-06 20:52 - 2014-03-06 20:40 - 00000000 ____D () C:\Program Files\iTunes
2014-03-06 20:52 - 2014-03-06 20:40 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-06 20:51 - 2014-03-06 20:40 - 00000000 ____D () C:\Program Files\iPod
2014-03-06 20:48 - 2011-08-17 21:42 - 00000000 ____D () C:\Users\CEBKIX\AppData\Roaming\Apple Computer
2014-03-06 20:47 - 2011-08-17 21:42 - 00000000 ____D () C:\Users\CEBKIX\AppData\Local\Apple Computer
2014-03-06 20:43 - 2014-03-06 20:43 - 00274392 _____ () C:\Windows\Minidump\030614-28111-01.dmp
2014-03-06 20:34 - 2011-08-17 21:39 - 00000000 ____D () C:\ProgramData\Apple
2014-03-06 20:30 - 2014-03-06 20:29 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-06 20:29 - 2014-03-06 20:29 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-06 20:26 - 2014-01-28 21:01 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-06 20:26 - 2014-01-28 21:01 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-06 20:15 - 2014-03-06 20:15 - 00274392 _____ () C:\Windows\Minidump\030614-27908-01.dmp
2014-03-06 20:12 - 2014-03-06 20:12 - 49940480 _____ () C:\Program Files (x86)\GUTF354.tmp
2014-03-06 20:12 - 2014-03-06 20:12 - 00000000 ____D () C:\Program Files (x86)\GUMF353.tmp
2014-03-06 20:07 - 2014-03-06 20:07 - 00274392 _____ () C:\Windows\Minidump\030614-28002-01.dmp
2014-03-02 14:05 - 2011-10-15 12:07 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-01 02:05 - 2014-03-13 21:51 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 01:17 - 2014-03-13 21:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 01:16 - 2014-03-13 21:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 00:58 - 2014-03-13 21:51 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 00:52 - 2014-03-13 21:51 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 00:51 - 2014-03-13 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 00:42 - 2014-03-13 21:51 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 00:40 - 2014-03-13 21:51 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 00:37 - 2014-03-13 21:51 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 00:33 - 2014-03-13 21:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 00:33 - 2014-03-13 21:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 00:32 - 2014-03-13 21:51 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 00:30 - 2014-03-13 21:51 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 00:23 - 2014-03-13 21:51 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 00:17 - 2014-03-13 21:51 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 00:11 - 2014-03-13 21:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 00:02 - 2014-03-13 21:51 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 23:54 - 2014-03-13 21:51 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 23:52 - 2014-03-13 21:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 23:51 - 2014-03-13 21:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 23:47 - 2014-03-13 21:51 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 23:43 - 2014-03-13 21:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 23:43 - 2014-03-13 21:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 23:42 - 2014-03-13 21:51 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 23:40 - 2014-03-13 21:51 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 23:38 - 2014-03-13 21:51 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 23:37 - 2014-03-13 21:51 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 23:35 - 2014-03-13 21:51 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 23:18 - 2014-03-13 21:51 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 23:16 - 2014-03-13 21:51 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 23:14 - 2014-03-13 21:51 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 23:10 - 2014-03-13 21:51 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 23:03 - 2014-03-13 21:51 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 23:00 - 2014-03-13 21:51 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 22:57 - 2014-03-13 21:51 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 22:38 - 2014-03-13 21:51 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 22:32 - 2014-03-13 21:51 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 22:27 - 2014-03-13 21:51 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 22:25 - 2014-03-13 21:51 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 22:25 - 2014-03-13 21:51 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
 
Some content of TEMP:
====================
C:\Users\CEBKIX\AppData\Local\Temp\504uayno.dll
C:\Users\CEBKIX\AppData\Local\Temp\7nva4b27.dll
C:\Users\CEBKIX\AppData\Local\Temp\9mhzbj8f.dll
C:\Users\CEBKIX\AppData\Local\Temp\avgnt.exe
C:\Users\CEBKIX\AppData\Local\Temp\Extract.exe
C:\Users\CEBKIX\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\CEBKIX\AppData\Local\Temp\Quarantine.exe
C:\Users\CEBKIX\AppData\Local\Temp\redsnow.exe
C:\Users\CEBKIX\AppData\Local\Temp\Resource.exe
C:\Users\CEBKIX\AppData\Local\Temp\SkypeSetup.exe
C:\Users\CEBKIX\AppData\Local\Temp\SP55152.exe
C:\Users\CEBKIX\AppData\Local\Temp\sp58915.exe
C:\Users\CEBKIX\AppData\Local\Temp\SP59792.exe
C:\Users\CEBKIX\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\CEBKIX\AppData\Local\Temp\~SpUnin~.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-15 01:10
 
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by CEBKIX at 2014-03-15 16:35:03
Running from C:\Users\CEBKIX\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD Fuel (Version: 2011.0228.1151.21177 - AMD) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{7FBA6627-88F8-0AE0-9326-FB8488DD26E0}) (Version: 3.0.812.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0228.1151.21177 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0228.1151.21177 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0228.1151.21177 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help English (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help French (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help German (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
ccc-core-static (x32 Version: 2011.0228.1151.21177 - ATI) Hidden
ccc-utility64 (Version: 2011.0228.1151.21177 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3922 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.1.3922 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{99CEB89F-50EC-4979-BDF6-148645D7EB35}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MovieStore (x32 Version: 1.0.047 - Hewlett-Packard) Hidden
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java™ 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Misys Homecare Client (x32 Version: 7.0.0 - Allscripts Healthcare Solutions, Inc.) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
Strongvault Online Backup (HKLM-x32\...\{4DC876FD-105A-431A-87B2-C1BE7C1CDD51}) (Version: 2.5.0.5 - Strongvault Online Storage LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
WebEx (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinHTTrack Website Copier 3.46-1 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.46.1 - HTTrack)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Restore Points  =========================
 
07-03-2014 08:00:24 Windows Update
14-03-2014 01:50:10 Windows Update
14-03-2014 03:50:21 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {03290399-5DB0-40A0-B298-DE4136E5DC5B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-22] (CyberLink)
Task: {0A650494-444A-4AF7-96F5-82E4E4975C6F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated)
Task: {23659A2F-C003-4D24-AEC1-810503A8486B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {3B4C8E82-F5DB-4F4F-AB24-DEA9CC84FCC7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-28] (Google Inc.)
Task: {4A74BFA3-2471-4B0A-A230-1F4FA326FE7C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {719A2B1D-2DDD-4AF4-817F-A3FFD245BA88} - System32\Tasks\HPCeeScheduleForCEBKIX6$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {776D549E-BAFD-4708-BCEC-C62ED875D560} - System32\Tasks\HPCeeScheduleForCEBKIX => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {863DB510-9C61-45EB-B2E6-01E38EC60A45} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-28] (Google Inc.)
Task: {9286952A-EC8C-4703-914B-E368DB6C86EB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {977B1355-372E-48BA-9037-E28C939799F5} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {C055E470-8303-4BDD-8050-B3BC7559B6B3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {E72A852C-961C-48D9-A293-A025FD8EBAB5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForCEBKIX.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForCEBKIX6$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-02-28 15:01 - 2011-02-28 15:01 - 00079872 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Services.dll
2011-02-28 15:01 - 2011-02-28 15:01 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2011-02-28 15:02 - 2011-02-28 15:02 - 00102912 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-02-28 14:49 - 2011-02-28 14:49 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-02-02 14:41 - 2011-02-02 14:41 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2011-03-03 17:09 - 2011-03-03 17:09 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2011-03-03 17:09 - 2011-03-03 17:09 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2009-07-13 17:03 - 2009-07-13 21:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-03-15 06:37 - 2014-03-14 20:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 06:37 - 2014-03-14 20:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 06:37 - 2014-03-14 20:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 06:37 - 2014-03-14 20:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 06:37 - 2014-03-14 20:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 06:37 - 2014-03-14 20:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/15/2014 04:29:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/15/2014 04:21:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/15/2014 10:45:13 AM) (Source: Application Hang) (User: )
Description: The program dds.com version 2012.11.20.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: aa4
 
Start Time: 01cf405c631687b9
 
Termination Time: 0
 
Application Path: C:\Users\CEBKIX\Downloads\dds.com
 
Report Id:
 
Error: (03/15/2014 10:30:55 AM) (Source: Application Hang) (User: )
Description: The program dds.com version 2012.11.20.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 11b4
 
Start Time: 01cf40594460d3ce
 
Termination Time: 5
 
Application Path: C:\Users\CEBKIX\Downloads\dds.com
 
Report Id:
 
Error: (03/15/2014 08:34:32 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/15/2014 00:41:57 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/14/2014 08:33:28 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: Flash64_12_0_0_77.ocx, version: 12.0.0.77, time stamp: 0x5314f260
Exception code: 0xc0000005
Fault offset: 0x00000000008ead2e
Faulting process id: 0x12b0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (03/14/2014 08:31:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.3.21.103, time stamp: 0x4f3c6d6c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0003bcc8
Faulting process id: 0x1608
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3
 
Error: (03/14/2014 08:25:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/14/2014 08:24:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.3.21.103, time stamp: 0x4f3c6d6c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0003bcaa
Faulting process id: 0x9bc
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3
 
 
System errors:
=============
Error: (03/15/2014 04:27:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (03/15/2014 04:20:01 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (03/15/2014 08:32:58 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (03/15/2014 00:40:24 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (03/15/2014 00:40:18 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:28:58 AM on ‎3/‎15/‎2014 was unexpected.
 
Error: (03/14/2014 08:35:15 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (03/14/2014 08:25:09 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: 
%%1056
 
Error: (03/14/2014 08:25:09 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: 
%%1056
 
Error: (03/14/2014 08:25:08 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: 
%%1056
 
Error: (03/14/2014 08:24:08 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: 
%%1056
 
 
Microsoft Office Sessions:
=========================
Error: (03/15/2014 04:29:08 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/15/2014 04:21:24 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/15/2014 10:45:13 AM) (Source: Application Hang)(User: )
Description: dds.com2012.11.20.1aa401cf405c631687b90C:\Users\CEBKIX\Downloads\dds.com
 
Error: (03/15/2014 10:30:55 AM) (Source: Application Hang)(User: )
Description: dds.com2012.11.20.111b401cf40594460d3ce5C:\Users\CEBKIX\Downloads\dds.com
 
Error: (03/15/2014 08:34:32 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/15/2014 00:41:57 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/14/2014 08:33:28 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1Flash64_12_0_0_77.ocx12.0.0.775314f260c000000500000000008ead2e12b001cf3fe4c06396a1C:\Windows\system32\svchost.exeC:\Windows\system32\Macromed\Flash\Flash64_12_0_0_77.ocx6cb6ad69-abd9-11e3-9853-2c27d7e45bf6
 
Error: (03/14/2014 08:31:03 PM) (Source: Application Error)(User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c00000050003bcc8160801cf3fe5d79bf6f6C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dll1668f9d8-abd9-11e3-9853-2c27d7e45bf6
 
Error: (03/14/2014 08:25:10 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/14/2014 08:24:40 PM) (Source: Application Error)(User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c00000050003bcaa9bc01cf3fe4ef8da4acC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dll32776b29-abd8-11e3-9853-2c27d7e45bf6
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 39%
Total physical RAM: 3834.9 MB
Available physical RAM: 2315.68 MB
Total Pagefile: 7667.98 MB
Available Pagefile: 5852.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:451.96 GB) (Free:359.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:13.5 GB) (Free:1.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C2B9383B)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#5 Redirectsux

Redirectsux
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 15 March 2014 - 03:53 PM

Figured how to run adwcleaner as an administrator (saved to desktop).

Here is the log:

# AdwCleaner v3.022 - Report created 15/03/2014 at 16:45:50
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : CEBKIX - CEBKIX6
# Running from : C:\Users\CEBKIX\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Users\CEBKIX\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2950 octets] - [15/03/2014 16:25:02]
AdwCleaner[R1].txt - [883 octets] - [15/03/2014 16:45:09]
AdwCleaner[S0].txt - [2671 octets] - [15/03/2014 16:26:28]
AdwCleaner[S1].txt - [805 octets] - [15/03/2014 16:45:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [864 octets] ##########


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:43 AM

Posted 16 March 2014 - 11:56 AM

1.

We need to download Temp File Cleaner (TFC) by OldTimer:

  • Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
  • Save and close all running applications
  • Double-click on TFC.exe to run the program
  • Click on Start to begin the cleaning process
    note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • When the scan is complete, if you were not asked to reboot the computer, please do so now


More Information can be found about the tool here: http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

 

2.

Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

Please download Junkware Removal Tool to your desktop.

 

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.

 

 

3.

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Extract the ZIP archive and double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

[/*]


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Redirectsux

Redirectsux
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 16 March 2014 - 05:16 PM

How long should it take for the Temp File Cleaner to run? I started it about 3+hours ago and it is still running. Should I exit and run it again, let it keep going or move on to the Junkware removal tool?



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:43 AM

Posted 16 March 2014 - 05:27 PM

Let it run for a bit longer.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 Redirectsux

Redirectsux
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 16 March 2014 - 09:13 PM

TFC still running. Green status bar will go partially to right, but never turns completely green. Just keeps going back to left.

No new text in log window for sometime now. Should I let it continue to run?



#10 Redirectsux

Redirectsux
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 17 March 2014 - 05:51 AM

I let TFC run overnight and it seems to be hung up. I ended the program and started it again and it seemed to stall in the same place. Attaching a screenshot of where it stalls.

Attached File  2014-03-17 05.28.48 (640x361).jpg   142.63KB   0 downloads

Should I proceed to the Junkware Removal tool?

 



#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:43 AM

Posted 17 March 2014 - 05:47 PM

Can you try TFC in Safemode? If it still doesn't finish in Safemode then proceed with JRT.

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Please see here for additional details.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 Redirectsux

Redirectsux
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 17 March 2014 - 06:25 PM

No luck with TFC, even in safe mode.

Here is the file from JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by CEBKIX on Mon 03/17/2014 at 19:11:12.99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SMessaging [Strongvault]
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\stronghold online backup
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{627C4FEE-4BD3-4C98-B5C4-C5B001BEEEEF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{627C4FEE-4BD3-4C98-B5C4-C5B001BEEEEF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25DA541F-6ACF-4052-A8AA-1D58284729C7}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\Users\CEBKIX\appdata\local\strongvault online backup"
Successfully deleted: [Folder] "C:\Users\CEBKIX\AppData\Roaming\microsoft\windows\start menu\programs\strongvault online backup"
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{01E39FEE-6DDB-483B-B6C0-CB715B4E4AC2}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{01FE35B4-A531-4EF3-B194-F8633331E69A}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{025FAFC2-7C1C-459D-8F04-C52A9E44F21C}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{0E1C9A0A-5C99-4895-B670-1D8393BF9BF7}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{18B48AC0-2137-4B4B-BC29-CC28EABB4DD3}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{1E152C93-FC30-4897-9E88-19807DBABC52}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{223B5B56-EEBC-4A7B-8FA5-6BA2ED3DC890}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{25338DE9-36D2-418E-8C9B-C4085D675528}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{26BA382C-0D1E-4F86-AF55-8FFEB85C6FBA}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{35448B68-57AC-4155-8E70-85860A9E3556}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{35C502C8-3719-4ADE-A66A-DED1872A0358}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{37200D14-02EE-495C-AC9A-F7F54E3347ED}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{37F9A4AA-AE7B-4FA2-9597-9F9F942766ED}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{393407EA-C251-4B56-A6DC-D47B6D243AD0}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{3A34F589-3E4C-4772-A642-2B1B8AF02A5A}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{3A83F2D7-89CF-4139-BBE0-F88F2B2A9ED9}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{3B0E2C1B-9E11-40B5-B2BE-7271848A022D}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{3C2F5FB1-47CC-4C10-A53C-0D2897B5A5D4}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{3ED46730-95FE-4153-9B84-C3D4A46CBCC0}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{469F3F8B-ADFB-4E88-828A-C16711C90444}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{493E9D3C-C5C7-467E-96A7-7DCFD99F3439}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{49C3BEE7-D83A-4D3A-844E-EF4FBDA58074}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{4BE7B0EC-F4A8-4D65-8840-70E16449FC15}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{4E1C1078-02CA-4F17-BAE6-E73BDBD2B969}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{4E1FCF59-31D2-4C4B-986F-81040441B296}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{4F8A936F-8F89-43CE-8CA5-AD9F9537EC0D}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{55E2D4BB-1783-4A95-B85D-E6014709526D}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{5642AC17-1F84-4D4C-8181-6AF5E501FF39}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{5910BDC0-A5A8-46EE-88E5-E0FE74DDCAC4}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{5A63CE9C-410A-429B-8620-5630B60762F5}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{5F6B1542-FDC2-48E8-958B-A1A030855921}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{623FD0F4-1697-4982-A507-354159D1ACDD}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{69BD1937-2B9B-42A6-9950-5CEF55AA7231}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{6FCD6905-6ADC-4074-A4E6-CAD85335E0A8}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{76278CA8-0C9D-436E-B94A-4A48E75601CD}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{78576756-81CB-4944-8A2D-0D2FCF53A796}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{7969CE54-7686-417C-9528-C3BC8F7507F1}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{7D18B831-FD9A-4DBF-B63E-95BF188950F9}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{7FBACC12-D152-464A-9FC4-66CD76C91AC3}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{80696BAD-9814-4F59-B172-608F8808B33E}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{83700A9A-1E7A-4E78-869A-822428B34166}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{88C6254E-AC99-4DC5-BD0C-570FBE164AE6}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{8A5B08F1-107C-4FCE-8487-3DDC53C1358E}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{8B918750-E5BC-427B-BE93-CE5E48E3220A}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{92977CF3-54E6-4628-BD65-7202D63DDBA1}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{96F4E8FC-B547-431A-BFCD-03379416D110}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{998C9738-A626-4B81-AB7C-4F98B96F670F}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{9E70FCC2-EF07-4544-BBBA-E1E93BCA5AD1}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{A59BAB65-F16D-4109-B2D9-B5BA3DE0D047}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{A7429AF5-AA43-462D-92E5-DEE9FB32D0B1}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{A7A7C631-C06A-4821-B372-584609EFCE62}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{A7E412C1-1B0A-44E6-A7ED-136834CCA082}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{ACD4A23A-436E-4CD5-9955-E5A01A4EE887}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{ADD82973-2E35-4D16-A75E-9E4696D1B318}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{B383D777-5A77-481C-B7A2-588A66741C1A}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{B5EF87A1-14B8-4B74-AB53-FB357AF35EC6}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{B8D9148D-7C70-4CD2-B54B-3BE61AE863BD}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{B8FDD0B8-3822-4FD6-B981-19B7433D2453}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{BFFC6C20-F0C4-41EB-89E4-57EF44C8F579}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{C0027037-5C39-44FF-BBE5-7DCC5A9AD351}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{CBCB3FB9-8CA8-4FE0-ABC5-C8DCA47ECC81}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{D00C94BC-D900-4356-9CB7-2780C91953C2}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{D420166A-9E45-41A6-B53C-08842A86557F}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{D5671D1D-94C3-4644-B40D-3625704F3F4A}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{D88AFC0B-7E48-4BE1-8E3E-3C28A40876FD}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{D8CB3EF8-BDB4-468C-90CA-DCA47112D2CF}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{D96F172A-90F1-44CA-884A-3833D18363B9}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{D983F0E0-DB0A-4DB6-91C7-0B90DA2524B1}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{DBB32AB9-590A-4340-BF8C-1C4ACD4BDD5D}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{DDF46662-C07C-4FC2-B7E1-0CBCC1284039}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{DF6617A0-EF5A-4835-A5F3-C6DC4B4DCC7A}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{E0860CDA-C3A9-4912-AE26-7117D23362B7}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{E610BD5F-3813-4FCA-B9FF-9AA6411FFB8B}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{E75CE364-1EAB-4257-B595-0BCCF956B345}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{E83BBAF5-612A-4A66-B025-8C0AE9C54FAB}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{EB32060F-14E7-4386-AC63-9F677CC53427}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{ED14A1F7-9B8F-4432-8DBE-DC67E22899A7}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{F3B3BABB-8B5C-4D31-A6D8-90966AE76B0E}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{F5E20474-1867-4803-A67D-BEA27A68B7B1}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{F7EA71BE-299D-4409-8655-D4F087D8907B}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{F870B3AB-E508-46A5-92E6-BB6B1FBB4899}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{F882D6CD-3507-47FB-8936-8DDC37C6DE41}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{F89297E3-E9BE-4C23-A8DB-29551DFAC78E}
Successfully deleted: [Empty Folder] C:\Users\CEBKIX\appdata\local\{FE91E086-0E71-44B6-B96F-FC1E651950EC}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/17/2014 at 19:24:08.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:43 AM

Posted 17 March 2014 - 06:39 PM

Did you also run MBAR? Can you please post those logs also.

Edited by fireman4it, 17 March 2014 - 06:40 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 Redirectsux

Redirectsux
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 17 March 2014 - 06:58 PM

mbar results:

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
 
Database version: v2014.03.17.09
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
CEBKIX :: CEBKIX6 [administrator]
 
3/17/2014 7:29:04 PM
mbar-log-2014-03-17 (19-29-04).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 240162
Time elapsed: 13 minute(s), 51 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.16521
 
Java version: 1.6.0_33
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 4021186560, free: 2596315136
 
Downloaded database version: v2014.03.17.09
Downloaded database version: v2014.02.20.01
=======================================
Initializing...
------------ Kernel report ------------
     03/17/2014 19:28:57
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie64.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\rtl8192Ce.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\RtsPStor.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\amdiox64.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\wininet.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80043f8060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000005a\
Lower Device Object: 0xfffffa80042c89c0
Lower Device Driver Name: \Driver\amd_sata\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80043f8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80043f8b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80043f8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80042ccac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa80042c89c0, DeviceName: \Device\0000005a\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C2B9383B
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 947834880
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 948244480  Numsec = 28315648
 
    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 976560128  Numsec = 210992
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 


#15 Redirectsux

Redirectsux
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 18 March 2014 - 07:22 PM

Any next steps at this point?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users