Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP! I can't get them OUT of my system!!!


  • This topic is locked This topic is locked
11 replies to this topic

#1 messedwith

messedwith

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 16 March 2014 - 09:16 AM

I found an old post of the very SAME problems I've been experiencing with hackers getting into my system and NOTHING seems to be able to keep them out!  It seems that "they" have found a way around EVERYTHING I've tried so far!  PLEASE help me!  This is the "notification" that comes up when changes are being made to my system:  C:\Windows\System32\services.exe Modify startup settings HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS\Start allowed Automatic mode  "They" have managed to be able to disable my Windows Defender, ESET Nod 32 Anti-Virus and MalwareBytes softwares!!!  I don't know who is behind this...but, I just want my computer and my privacy BACK!!!  I want "them" to LEAVE ME ALONE!!!

 

 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 PM

Posted 17 March 2014 - 07:39 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

Don´t panic! Let´s have a closer look to your system:

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 messedwith

messedwith
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 17 March 2014 - 01:59 PM

Here's the FRST.txt file...no "Addition.txt" file was generated as you had said NOT to click any of the boxes and that box was left unchecked when I did the scan:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Owner (administrator) on BECKY on 17-03-2014 14:48:44
Running from C:\Users\Owner\Downloads
Microsoft Windows 8.1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(Primax Electronics Ltd.) C:\Windows\System32\ico.exe
() C:\Windows\System32\FSRremoS.EXE
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
(magicJack L.P.) C:\Users\Owner\AppData\Roaming\mjusbsp\magicJack.exe
() C:\Program Files\pia_manager\pia_manager.exe
(http://www.ruby-lang.org/) C:\Users\Owner\AppData\Local\Temp\ocrF6D9.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(http://www.ruby-lang.org/) C:\Users\Owner\AppData\Local\Temp\ocr77A2.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
() C:\Program Files\pia_manager\openvpn.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Farbar) C:\Users\Owner\Downloads\FRST(5).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMan] - C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Mouse Suite 98 Daemon] - C:\Windows\system32\ICO.EXE [57344 2004-07-14] (Primax Electronics Ltd.)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5110672 2013-09-12] (ESET)
HKU\S-1-5-21-2269055906-3062951255-3002691902-1001\...\Run: [cdloader] - C:\Users\Owner\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2013-05-06] (magicJack L.P.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2F1C6AC8722ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM - DefaultScope value is missing.
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hdz47zgr.default
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://www.yahoo.com/?fr=fp-yff27
FF Keyword.URL: hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-yff27&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hdz47zgr.default\searchplugins\duckduckgo.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-02-18]

========================== Services (Whitelisted) =================

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1337752 2013-09-12] (ESET)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-21] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280296 2013-10-30] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2013-10-30] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1210368 2013-10-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 ALCXWDM; C:\Windows\system32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2013-08-22] (Microsoft Corporation)
R3 CompFilter; C:\Windows\System32\drivers\lvbusflt.sys [21096 2012-10-26] (Logitech Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [188808 2013-09-17] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [187808 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [122376 2013-09-17] (ESET)
R3 FETNDIS; C:\Windows\system32\DRIVERS\fetn63.sys [47616 2013-06-18] (VIA Technologies, Inc.              )
S3 GPIO; C:\Windows\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-03-17] (Malwarebytes Corporation)
S3 pelmouse; C:\Windows\system32\DRIVERS\pelmouse.sys [16384 2003-01-10] (Primax Electronics Ltd.)
S3 pelusblf; C:\Windows\system32\DRIVERS\pelusblf.sys [9216 2003-02-11] (Primax Electronics Ltd.)
S3 SrvHsfPCI; C:\Windows\system32\DRIVERS\VSTBS23.SYS [266752 2013-06-18] (Conexant Systems, Inc.)
R3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [26624 2014-02-19] (The OpenVPN Project)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [93016 2013-10-30] (Microsoft Corporation)
S3 WUDFSensorLP; C:\Windows\System32\drivers\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-17 14:47 - 2014-03-17 14:47 - 01145856 _____ (Farbar) C:\Users\Owner\Downloads\FRST(5).exe
2014-03-17 10:25 - 2014-03-17 12:56 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-03-17 10:13 - 2014-03-17 10:13 - 01145856 _____ (Farbar) C:\Users\Owner\Downloads\FRST(4).exe
2014-03-17 10:04 - 2014-03-17 10:04 - 01037734 _____ (Thisisu) C:\Users\Owner\Downloads\JRT(4).exe
2014-03-17 10:00 - 2014-03-17 10:00 - 00000386 _____ () C:\Windows\PFRO.log
2014-03-17 09:56 - 2014-03-17 09:57 - 01950720 _____ () C:\Users\Owner\Downloads\adwcleaner(8).exe
2014-03-16 18:10 - 2014-03-16 18:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-16 11:20 - 2014-03-16 11:22 - 00000000 ____D () C:\Program Files\Hosts_Anti_Adwares_PUPs
2014-03-16 11:20 - 2014-03-16 11:20 - 01950720 _____ () C:\Users\Owner\Downloads\adwcleaner(7).exe
2014-03-16 11:18 - 2014-03-16 11:18 - 01950720 _____ () C:\Users\Owner\Downloads\adwcleaner(6).exe
2014-03-16 11:13 - 2014-03-16 11:13 - 01145856 _____ (Farbar) C:\Users\Owner\Downloads\FRST(3).exe
2014-03-16 11:05 - 2014-03-16 11:05 - 01037734 _____ (Thisisu) C:\Users\Owner\Downloads\JRT(3).exe
2014-03-16 10:52 - 2014-03-16 10:52 - 01950720 _____ () C:\Users\Owner\Downloads\adwcleaner(5).exe
2014-03-16 09:50 - 2014-03-16 09:50 - 01145856 _____ (Farbar) C:\Users\Owner\Downloads\FRST(2).exe
2014-03-16 09:39 - 2014-03-16 09:39 - 01037734 _____ (Thisisu) C:\Users\Owner\Downloads\JRT(2).exe
2014-03-16 09:32 - 2014-03-16 09:32 - 01950720 _____ () C:\Users\Owner\Downloads\adwcleaner(4).exe
2014-03-15 18:12 - 2014-03-15 18:12 - 00002495 _____ () C:\Users\Public\Desktop\Safari.lnk
2014-03-15 18:11 - 2014-03-15 18:12 - 00000000 ____D () C:\Program Files\Safari
2014-03-15 18:11 - 2014-03-15 18:11 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-03-15 18:08 - 2014-03-15 18:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apple
2014-03-15 18:08 - 2014-03-15 18:08 - 00000000 ____D () C:\ProgramData\Apple
2014-03-15 18:08 - 2014-03-15 18:08 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-03-15 18:04 - 2014-03-15 18:05 - 38494576 _____ (Apple Inc.) C:\Users\Owner\Downloads\SafariSetup.exe
2014-03-12 21:17 - 2014-03-12 21:17 - 01145856 _____ (Farbar) C:\Users\Owner\Downloads\FRST(1).exe
2014-03-12 21:04 - 2014-03-12 21:04 - 01037734 _____ (Thisisu) C:\Users\Owner\Downloads\JRT(1).exe
2014-03-12 20:58 - 2014-03-12 20:58 - 01949184 _____ () C:\Users\Owner\Downloads\adwcleaner(3).exe
2014-03-12 16:07 - 2014-03-17 10:15 - 00021566 _____ () C:\Users\Owner\Downloads\Shortcut.txt
2014-03-12 16:06 - 2014-03-17 10:15 - 00027148 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-03-12 16:05 - 2014-03-17 14:48 - 00006896 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-03-12 16:05 - 2014-03-17 14:48 - 00000000 ____D () C:\FRST
2014-03-12 16:04 - 2014-03-12 16:04 - 01145856 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
2014-03-12 15:55 - 2014-03-12 15:55 - 00000000 ____D () C:\Windows\ERUNT
2014-03-12 15:53 - 2014-03-12 15:53 - 01037734 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2014-03-12 15:35 - 2014-03-12 15:35 - 01949184 _____ () C:\Users\Owner\Downloads\adwcleaner(2).exe
2014-03-12 15:30 - 2014-03-12 15:30 - 01949184 _____ () C:\Users\Owner\Downloads\adwcleaner(1).exe
2014-03-12 15:18 - 2014-03-17 10:02 - 00000000 ____D () C:\AdwCleaner
2014-03-12 15:17 - 2014-03-12 15:17 - 01949184 _____ () C:\Users\Owner\Downloads\adwcleaner.exe
2014-03-11 14:07 - 2014-02-22 07:24 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-03-11 14:07 - 2014-02-10 23:32 - 03486208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-11 14:07 - 2013-12-20 04:26 - 01382208 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-03-11 14:07 - 2013-12-20 04:26 - 01271664 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-03-11 14:07 - 2013-10-30 19:38 - 00202584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-03-11 14:07 - 2013-10-30 19:38 - 00093016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-03-11 14:07 - 2013-10-30 19:36 - 00030224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-03-11 14:06 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-11 14:06 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-11 14:06 - 2014-02-28 23:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-11 14:06 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-11 14:06 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-11 14:06 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-11 14:06 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-11 14:06 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-11 14:06 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-11 14:06 - 2014-02-10 22:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-11 14:06 - 2014-01-31 10:04 - 00265560 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-03-11 14:06 - 2014-01-31 09:47 - 02143960 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-03-11 14:06 - 2014-01-31 05:02 - 00352256 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll
2014-03-11 14:06 - 2014-01-29 03:58 - 01033368 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-03-11 14:06 - 2014-01-29 03:44 - 01371824 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2014-03-11 14:06 - 2014-01-29 03:44 - 00408480 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2014-03-11 14:06 - 2014-01-29 03:44 - 00369280 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2014-03-11 14:06 - 2014-01-29 03:43 - 01883480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-03-11 14:06 - 2014-01-29 02:41 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2014-03-11 14:06 - 2014-01-27 14:23 - 02873344 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2014-03-11 14:06 - 2014-01-27 14:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-03-11 14:06 - 2014-01-27 14:20 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2014-03-11 14:06 - 2014-01-27 13:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-03-11 14:06 - 2014-01-27 13:00 - 01238016 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2014-03-11 14:06 - 2014-01-27 11:58 - 05770752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-11 14:06 - 2014-01-27 07:52 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-03-11 14:06 - 2014-01-17 17:54 - 00669352 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2014-03-11 14:06 - 2013-12-21 08:06 - 05251224 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2014-03-11 14:06 - 2013-12-21 04:08 - 00438272 _____ (Microsoft Corporation) C:\Windows\system32\sppcomapi.dll
2014-03-03 19:45 - 2014-03-03 19:45 - 00000000 ____D () C:\Users\Owner\AppData\Local\Macromedia
2014-03-02 12:33 - 2014-03-11 18:41 - 00360240 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-02 12:07 - 2014-03-17 14:23 - 01454493 _____ () C:\Windows\WindowsUpdate.log
2014-02-27 17:12 - 2014-02-27 17:13 - 00000000 ___SD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2014-02-27 17:12 - 2014-02-27 17:12 - 00001162 _____ () C:\Users\Owner\Desktop\OpenOffice 4.0.1.lnk
2014-02-27 15:51 - 2014-02-27 16:06 - 143485940 _____ () C:\Users\Owner\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_en-US(1).exe
2014-02-22 21:34 - 2014-03-12 21:24 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-22 21:33 - 2014-02-22 21:33 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Owner\Downloads\mbar-1.07.0.1009.exe
2014-02-22 19:15 - 2014-03-17 10:22 - 00000000 __RDO () C:\Users\Owner\SkyDrive
2014-02-21 22:44 - 2014-02-22 19:50 - 00000000 ____D () C:\Users\Owner\Downloads\mbam-chameleon-1.62.1.1000
2014-02-21 19:31 - 2014-02-21 19:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\ESET
2014-02-21 19:08 - 2014-03-12 21:25 - 00010892 _____ () C:\Users\Owner\.pia_manager_crash.log
2014-02-21 16:11 - 2014-03-02 12:04 - 00000038 _____ () C:\Users\Owner\AppData\Roaming\mbam.context.scan
2014-02-20 23:02 - 2014-02-20 23:02 - 00000000 ____D () C:\Users\Owner\AppData\Local\tjnet
2014-02-20 18:37 - 2014-03-17 11:14 - 00000999 _____ () C:\Users\Owner\Desktop\magicJack.lnk
2014-02-20 18:37 - 2014-03-17 11:14 - 00000985 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2014-02-20 18:37 - 2014-03-17 11:14 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\mjusbsp
2014-02-20 18:36 - 2014-02-20 23:02 - 00000000 ____D () C:\Users\Owner\AppData\Local\magicJack
2014-02-20 03:02 - 2014-02-20 03:02 - 00001887 _____ () C:\Users\Owner\Desktop\Canon MG2100 series - Shortcut.lnk
2014-02-20 00:43 - 2014-02-20 00:43 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\OpenOffice
2014-02-20 00:42 - 2014-02-20 00:42 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-02-20 00:19 - 2014-02-20 00:19 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-02-20 00:07 - 2014-02-20 00:07 - 00000000 ____D () C:\Users\Owner\Desktop\Tor Browser
2014-02-20 00:03 - 2014-02-20 00:03 - 00000000 ____D () C:\Users\Owner\Desktop\OpenOffice 4.0.1 (en-US) Installation Files
2014-02-19 23:29 - 2014-02-19 23:29 - 00000000 ____D () C:\Program Files\CONEXANT
2014-02-19 23:27 - 2012-03-14 09:00 - 00311296 _____ (CANON INC.) C:\Windows\system32\CNMLMAQ.DLL
2014-02-19 23:27 - 2011-04-27 15:00 - 00323584 _____ (CANON INC.) C:\Windows\system32\CNC_AQL.dll
2014-02-19 23:27 - 2011-03-31 14:07 - 00114688 _____ (CANON INC.) C:\Windows\system32\CNC_AQU.dll
2014-02-19 23:27 - 2011-03-31 14:05 - 00286720 _____ (CANON INC.) C:\Windows\system32\CNC_AQC.dll
2014-02-19 23:27 - 2011-03-31 14:05 - 00114688 _____ (CANON INC.) C:\Windows\system32\CNC_AQI.dll
2014-02-19 23:27 - 2008-08-25 22:02 - 00015872 _____ (CANON INC.) C:\Windows\system32\CNHMCA.dll
2014-02-19 23:26 - 2014-01-07 20:55 - 00261464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2014-02-19 23:26 - 2014-01-07 20:35 - 01307992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-02-19 23:26 - 2014-01-07 20:35 - 00320856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-02-19 23:26 - 2014-01-04 11:08 - 00103936 _____ () C:\Windows\system32\OEMLicense.dll
2014-02-19 23:26 - 2014-01-04 09:53 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2014-02-19 23:26 - 2014-01-02 19:48 - 00336896 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-02-19 23:26 - 2013-12-31 20:56 - 01445720 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-02-19 23:26 - 2013-12-31 20:55 - 00381168 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2014-02-19 23:26 - 2013-12-31 20:00 - 00980480 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-02-19 23:26 - 2013-12-31 19:59 - 00802816 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-02-19 23:26 - 2013-12-30 19:34 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\sti.dll
2014-02-19 23:26 - 2013-12-30 19:33 - 00811008 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2014-02-19 23:26 - 2013-12-30 19:33 - 00770560 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2014-02-19 23:26 - 2013-12-27 08:05 - 00337752 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2014-02-19 23:26 - 2013-12-27 08:05 - 00337752 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2014-02-19 23:26 - 2013-12-27 04:21 - 00517120 _____ (Microsoft Corporation) C:\Windows\system32\wiaservc.dll
2014-02-19 23:26 - 2013-12-27 03:03 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.dll
2014-02-19 23:26 - 2013-12-27 03:03 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2014-02-19 23:26 - 2013-12-27 02:37 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2014-02-19 23:26 - 2013-12-21 03:04 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2014-02-19 23:26 - 2013-12-17 02:13 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2014-02-19 23:26 - 2013-12-14 02:31 - 13949440 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-02-19 23:26 - 2013-12-13 05:14 - 00077992 _____ (Microsoft Corporation) C:\Windows\system32\easinvoker.exe
2014-02-19 23:26 - 2013-12-13 02:12 - 00088192 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2014-02-19 23:26 - 2013-12-13 01:32 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll
2014-02-19 23:26 - 2013-12-09 00:51 - 18643560 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-02-19 20:41 - 2013-10-22 02:03 - 02065448 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-02-19 20:41 - 2013-10-21 21:40 - 01210368 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2014-02-19 20:41 - 2013-10-12 20:29 - 00706536 _____ (Microsoft Corporation) C:\Windows\system32\iuilp.dll
2014-02-19 20:41 - 2013-10-06 22:03 - 02833408 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-02-19 20:41 - 2013-09-17 02:31 - 00883184 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2014-02-19 20:41 - 2013-09-14 08:39 - 01799944 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2014-02-19 20:40 - 2013-10-23 05:44 - 00104280 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-02-19 20:40 - 2013-10-23 05:24 - 00142680 _____ (Microsoft Corporation) C:\Windows\system32\kd_02_8086.dll
2014-02-19 20:40 - 2013-10-23 05:21 - 00044904 _____ (Microsoft Corporation) C:\Windows\system32\wldp.dll
2014-02-19 20:40 - 2013-10-22 00:04 - 00618496 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2014-02-19 20:40 - 2013-10-21 23:02 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersShell.dll
2014-02-19 20:40 - 2013-10-21 22:52 - 00667136 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2014-02-19 20:40 - 2013-10-21 21:59 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-02-19 20:40 - 2013-10-21 21:51 - 01634304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-02-19 20:40 - 2013-10-19 00:03 - 00531968 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2014-02-19 20:40 - 2013-10-18 23:14 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2014-02-19 20:40 - 2013-10-16 05:34 - 00518656 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2014-02-19 20:40 - 2013-10-12 20:49 - 00207192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2014-02-19 20:40 - 2013-10-10 10:53 - 00235960 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-02-19 20:40 - 2013-10-10 10:53 - 00088272 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-02-19 20:40 - 2013-10-10 07:21 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2014-02-19 20:40 - 2013-10-10 07:12 - 00184832 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-02-19 20:40 - 2013-10-08 04:49 - 00415576 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2014-02-19 20:40 - 2013-10-08 01:58 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll
2014-02-19 20:40 - 2013-10-08 01:15 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-02-19 20:40 - 2013-10-08 01:14 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-02-19 20:40 - 2013-10-08 00:50 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.Http.dll
2014-02-19 20:40 - 2013-10-08 00:40 - 00795648 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-02-19 20:40 - 2013-10-07 02:07 - 00049544 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-02-19 20:40 - 2013-10-05 08:30 - 00321368 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2014-02-19 20:40 - 2013-10-05 08:30 - 00047960 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2014-02-19 20:40 - 2013-10-05 08:05 - 00578952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-02-19 20:40 - 2013-10-05 05:59 - 00336896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-02-19 20:40 - 2013-10-05 04:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-02-19 20:40 - 2013-10-05 04:40 - 00795648 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-02-19 20:40 - 2013-10-05 04:29 - 00595456 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2014-02-19 20:40 - 2013-10-05 04:24 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\miutils.dll
2014-02-19 20:40 - 2013-10-05 04:21 - 00920064 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2014-02-19 20:40 - 2013-10-05 04:00 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll
2014-02-19 20:40 - 2013-10-05 03:35 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2014-02-19 20:40 - 2013-10-04 04:00 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll
2014-02-19 20:40 - 2013-09-17 01:28 - 00204288 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-02-19 20:40 - 2013-09-16 23:47 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\dafBth.dll
2014-02-19 20:40 - 2013-09-14 08:33 - 00345552 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2014-02-19 20:40 - 2013-09-14 05:29 - 00284160 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2014-02-19 20:40 - 2013-09-13 03:47 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\ftp.exe
2014-02-19 20:40 - 2013-09-12 04:02 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2014-02-19 20:40 - 2013-09-12 03:37 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2014-02-19 20:40 - 2013-09-12 03:37 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2014-02-19 20:40 - 2013-09-12 03:21 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2014-02-19 20:40 - 2013-09-12 03:17 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\dafWfdProvider.dll
2014-02-19 20:40 - 2013-09-12 03:01 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2014-02-19 20:40 - 2013-09-10 00:28 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\msched.dll
2014-02-19 20:37 - 2013-10-10 06:27 - 00869888 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-02-19 20:36 - 2013-11-07 23:30 - 01128448 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2014-02-19 20:35 - 2013-11-10 20:50 - 00036696 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-02-19 20:35 - 2013-11-09 01:56 - 01391104 _____ (Microsoft Corporation) C:\Windows\system32\WMPDMC.exe
2014-02-19 20:35 - 2013-11-08 04:40 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dcomp.dll
2014-02-19 20:35 - 2013-11-08 00:15 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2014-02-19 20:35 - 2013-11-07 23:05 - 00734208 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2014-02-19 20:35 - 2013-11-05 10:08 - 00478720 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2014-02-19 20:35 - 2013-11-03 22:28 - 01816576 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2014-02-19 20:35 - 2013-11-03 21:30 - 01765376 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-02-19 20:35 - 2013-11-03 20:45 - 02038784 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-02-19 20:35 - 2013-11-01 06:17 - 00077144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-02-19 20:35 - 2013-11-01 01:57 - 00544768 _____ (Microsoft Corporation) C:\Windows\system32\wlidcli.dll
2014-02-19 20:35 - 2013-10-30 19:50 - 05753688 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-02-19 20:35 - 2013-10-30 19:39 - 01261320 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-02-19 20:35 - 2013-10-30 19:39 - 01159080 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-02-19 20:35 - 2013-10-26 16:28 - 00120152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SerCx2.sys
2014-02-19 20:35 - 2013-10-24 05:12 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\CredentialMigrationHandler.dll
2014-02-19 20:35 - 2013-10-17 06:36 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2014-02-19 20:35 - 2013-10-05 08:05 - 01765384 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-02-19 20:35 - 2013-10-05 08:05 - 00406400 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-02-19 20:31 - 2014-02-19 20:31 - 00001017 _____ () C:\Users\Owner\Desktop\Pia_Manager.lnk
2014-02-19 20:28 - 2014-02-19 20:30 - 98509072 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\msert.exe
2014-02-19 20:23 - 2013-09-24 00:26 - 00944128 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2014-02-19 20:23 - 2013-09-21 01:18 - 01198592 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2014-02-19 20:22 - 2013-09-25 04:58 - 00648648 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2014-02-19 20:22 - 2013-09-24 01:10 - 01741824 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2014-02-19 20:22 - 2013-09-23 23:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll
2014-02-19 20:22 - 2013-09-21 05:49 - 00493400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-02-19 20:22 - 2013-09-21 05:49 - 00197976 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-02-19 20:22 - 2013-09-21 05:37 - 00489696 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-02-19 20:22 - 2013-09-21 05:23 - 00427096 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-02-19 20:22 - 2013-09-21 05:23 - 00098104 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2014-02-19 20:22 - 2013-09-21 05:18 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-02-19 20:22 - 2013-09-21 05:12 - 01092896 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2014-02-19 20:22 - 2013-09-21 05:09 - 00796928 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2014-02-19 20:22 - 2013-09-21 05:09 - 00312936 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2014-02-19 20:22 - 2013-09-21 05:09 - 00134784 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-02-19 20:22 - 2013-09-21 03:03 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-02-19 20:22 - 2013-09-21 03:02 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-02-19 20:22 - 2013-09-21 02:55 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2014-02-19 20:22 - 2013-09-21 01:56 - 08712704 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2014-02-19 20:22 - 2013-09-21 01:31 - 00756224 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-02-19 20:22 - 2013-09-21 01:29 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\livessp.dll
2014-02-19 20:22 - 2013-09-21 01:21 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-02-19 20:22 - 2013-09-21 01:19 - 00301056 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2014-02-19 20:22 - 2013-09-21 01:05 - 08875008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2014-02-19 20:22 - 2013-09-21 00:39 - 01455616 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2014-02-19 20:22 - 2013-09-19 00:37 - 00802816 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2014-02-19 20:22 - 2013-09-19 00:32 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\wlidprov.dll
2014-02-19 20:22 - 2013-09-19 00:11 - 01344000 _____ (Microsoft Corporation) C:\Windows\system32\dui70.dll
2014-02-19 20:22 - 2013-09-19 00:10 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2014-02-19 20:22 - 2013-09-19 00:10 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-02-19 20:22 - 2013-09-18 23:55 - 00552448 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.dll
2014-02-19 20:22 - 2013-09-18 23:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2014-02-19 20:22 - 2013-09-17 03:00 - 00376152 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-02-19 20:22 - 2013-09-17 00:00 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
2014-02-19 20:22 - 2013-08-31 08:15 - 00180232 _____ (Microsoft Corporation) C:\Windows\system32\mftranscode.dll
2014-02-19 20:21 - 2013-09-26 04:31 - 00456704 _____ (Microsoft Corporation) C:\Windows\system32\recimg.exe
2014-02-19 20:21 - 2013-09-26 03:25 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\wimserv.exe
2014-02-19 20:21 - 2013-09-26 03:14 - 00528896 _____ (Microsoft Corporation) C:\Windows\system32\wimgapi.dll
2014-02-19 20:21 - 2013-09-25 02:36 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\BthRadioMedia.dll
2014-02-19 20:21 - 2013-09-25 01:17 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\windows.immersiveshell.serviceprovider.dll
2014-02-19 20:21 - 2013-09-24 01:59 - 00253952 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe
2014-02-19 20:21 - 2013-09-21 05:48 - 00130392 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-02-19 20:21 - 2013-09-21 03:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2014-02-19 20:21 - 2013-09-21 00:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll
2014-02-19 20:21 - 2013-09-21 00:38 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll
2014-02-19 20:21 - 2013-09-21 00:38 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\efswrt.dll
2014-02-19 20:21 - 2013-09-19 02:23 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersRes.dll
2014-02-19 20:21 - 2013-09-19 01:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\pcaui.dll
2014-02-19 20:21 - 2013-09-19 01:38 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\WorkFolders.exe
2014-02-19 20:21 - 2013-09-19 01:29 - 00393728 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2014-02-19 20:21 - 2013-09-17 01:26 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-02-19 20:21 - 2013-09-17 00:09 - 01160704 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-02-19 20:21 - 2013-09-16 23:28 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\msctfuimanager.dll
2014-02-19 20:21 - 2013-09-14 08:42 - 00142168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VerifierExt.sys
2014-02-19 20:21 - 2013-09-14 06:43 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-02-19 20:21 - 2013-09-13 04:54 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SensorsClassExtension.dll
2014-02-19 20:21 - 2013-09-13 04:10 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Usb.dll
2014-02-19 20:21 - 2013-09-13 03:30 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll
2014-02-19 20:21 - 2013-09-12 03:17 - 00370176 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2014-02-19 20:21 - 2013-09-11 04:32 - 00373248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2014-02-19 20:21 - 2013-09-11 04:32 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-02-19 20:21 - 2013-09-11 03:09 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2014-02-19 20:21 - 2013-09-07 08:00 - 00256000 _____ (Microsoft Corporation) C:\Windows\system32\fdprint.dll
2014-02-19 20:21 - 2013-09-07 07:50 - 00482816 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCenter.dll
2014-02-19 20:21 - 2013-09-07 07:22 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\CryptoWinRT.dll
2014-02-19 20:21 - 2013-09-07 07:14 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Vpn.dll
2014-02-19 20:21 - 2013-09-07 07:06 - 00217600 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2014-02-19 20:21 - 2013-09-07 07:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\TetheringMgr.dll
2014-02-19 20:21 - 2013-09-05 02:23 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2014-02-19 20:21 - 2013-09-05 01:40 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Utilman.exe
2014-02-19 20:21 - 2013-09-04 01:53 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersGPExt.dll
2014-02-19 20:21 - 2013-09-04 01:22 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\vmrdvcore.dll
2014-02-19 20:21 - 2013-09-04 01:05 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\tpmvsc.dll
2014-02-19 20:21 - 2013-09-04 00:47 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\DscCoreConfProv.dll
2014-02-19 20:21 - 2013-09-04 00:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\DscCore.dll
2014-02-19 20:21 - 2013-09-04 00:35 - 00280576 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2014-02-19 20:21 - 2013-08-31 06:46 - 00513536 _____ (Microsoft Corporation) C:\Windows\system32\riched20.dll
2014-02-19 20:21 - 2013-08-31 05:25 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2014-02-19 20:21 - 2013-08-30 02:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\AxInstSv.dll
2014-02-19 20:21 - 2013-08-28 03:00 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\MDEServer.exe
2014-02-19 20:21 - 2013-08-28 02:55 - 00527872 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2014-02-19 20:21 - 2013-08-28 02:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\rdsdwmdr.dll
2014-02-19 20:21 - 2013-08-27 01:24 - 00813568 _____ (Microsoft Corporation) C:\Windows\system32\WebcamUi.dll
2014-02-19 20:15 - 2013-09-26 02:34 - 00515072 _____ (Microsoft Corporation) C:\Windows\system32\MrmIndexer.dll
2014-02-19 19:57 - 2014-03-16 15:22 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Apple Computer
2014-02-19 19:57 - 2014-03-16 13:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apple Computer
2014-02-19 19:56 - 2014-02-19 19:56 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Titanium
2014-02-19 19:52 - 2014-03-03 14:05 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2014-02-19 19:51 - 2014-02-19 19:51 - 00026624 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2014-02-19 19:49 - 2014-03-03 14:07 - 00000000 ____D () C:\Program Files\pia_manager
2014-02-19 19:45 - 2014-02-19 19:46 - 25625628 _____ () C:\Users\Owner\Downloads\privateinternetaccess.exe
2014-02-19 19:06 - 2004-07-14 19:36 - 00057344 _____ (Primax Electronics Ltd.) C:\Windows\system32\ico.exe
2014-02-19 19:03 - 2014-03-04 18:53 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-19 19:03 - 2014-03-04 18:53 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-19 13:32 - 2014-02-19 13:32 - 00000000 ____D () C:\ProgramData\magicJack
2014-02-18 17:08 - 2014-02-20 17:31 - 00012974 _____ () C:\Windows\system32\lvcoinst.log
2014-02-18 17:08 - 2014-02-19 19:23 - 00000000 ____D () C:\Program Files\Common Files\logishrd
2014-02-18 15:13 - 2014-02-27 17:09 - 00000000 ____D () C:\Program Files\OpenOffice 4
2014-02-18 13:56 - 2014-03-12 22:55 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-18 13:33 - 2014-03-12 22:55 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
2014-02-18 13:29 - 2014-03-11 14:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-18 13:29 - 2014-03-11 14:10 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-18 13:29 - 2014-02-19 15:54 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-18 13:29 - 2014-02-18 13:29 - 00001083 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-18 13:29 - 2014-02-18 13:29 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Malwarebytes
2014-02-18 13:29 - 2014-02-18 13:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-18 13:29 - 2013-04-04 18:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-18 12:45 - 2013-12-08 20:04 - 00980480 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2014-02-18 12:45 - 2013-11-27 10:00 - 00663680 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-02-18 12:45 - 2013-11-27 09:47 - 02804528 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-02-18 12:45 - 2013-11-27 07:03 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys
2014-02-18 12:45 - 2013-11-27 05:46 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-02-18 12:45 - 2013-11-27 05:16 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2014-02-18 12:45 - 2013-11-27 05:01 - 00201216 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2014-02-18 12:45 - 2013-11-27 04:56 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.dll
2014-02-18 12:45 - 2013-11-27 04:47 - 01284096 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2014-02-18 12:45 - 2013-11-26 07:44 - 01204968 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2014-02-18 12:45 - 2013-11-26 07:44 - 01155384 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2014-02-18 12:45 - 2013-11-24 20:47 - 00116568 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-02-18 12:45 - 2013-11-24 20:32 - 00871256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-02-18 12:45 - 2013-11-24 19:30 - 00513536 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-02-18 12:45 - 2013-11-23 04:28 - 00030552 _____ (Microsoft Corporation) C:\Windows\system32\ploptin.dll
2014-02-18 12:45 - 2013-11-23 02:14 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\bi.dll
2014-02-18 12:45 - 2013-11-23 02:14 - 00015360 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BtaMPM.sys
2014-02-18 12:45 - 2013-11-23 02:09 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-02-18 12:45 - 2013-11-23 00:23 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2014-02-18 12:45 - 2013-11-22 23:15 - 02295808 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-02-18 12:45 - 2013-11-21 02:10 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\deviceregistration.dll
2014-02-18 12:45 - 2013-11-21 01:44 - 01088512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-02-18 12:45 - 2013-11-15 10:25 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2014-02-18 12:45 - 2013-11-15 09:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-02-18 12:45 - 2013-11-15 09:20 - 00622080 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-02-18 12:45 - 2013-10-30 19:41 - 00552624 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-02-18 12:45 - 2013-09-21 02:28 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\BulkOperationHost.exe
2014-02-18 12:45 - 2013-09-21 01:09 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2014-02-18 12:45 - 2013-09-17 02:31 - 00326024 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-02-18 12:45 - 2013-09-14 04:54 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ipnathlp.dll
2014-02-18 12:42 - 2014-02-18 12:42 - 01581896 _____ (ESET) C:\Users\Owner\Downloads\eset_smart_security_live_installer.exe
2014-02-18 12:26 - 2014-02-18 12:26 - 00000000 ____D () C:\ProgramData\ESET
2014-02-18 12:26 - 2014-02-18 12:26 - 00000000 ____D () C:\Program Files\ESET
2014-02-18 12:24 - 2014-02-18 12:24 - 01682336 _____ (ESET) C:\Users\Owner\Downloads\eset_nod32_antivirus_live_installer.exe
2014-02-18 12:24 - 2014-01-07 01:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\pcaui.exe
2014-02-18 12:24 - 2013-12-08 21:51 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-18 12:24 - 2013-11-27 10:09 - 02872688 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2014-02-18 12:24 - 2013-11-27 06:46 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\WSCollect.exe
2014-02-18 12:24 - 2013-11-27 04:40 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-02-18 12:24 - 2013-11-27 04:17 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-02-18 12:24 - 2013-11-23 00:13 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-02-18 12:24 - 2013-10-23 04:59 - 00698232 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-02-18 12:24 - 2013-10-16 09:54 - 01581968 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-02-18 12:23 - 2014-01-07 00:30 - 02071552 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-18 12:23 - 2014-01-04 15:22 - 01202888 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-02-18 12:23 - 2014-01-04 10:23 - 11702272 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-02-18 12:23 - 2014-01-04 09:36 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-02-18 12:23 - 2014-01-04 09:28 - 04961792 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-02-18 12:23 - 2013-12-20 22:10 - 00009701 _____ () C:\Windows\system32\connectedsearch-results.searchconnector-ms
2014-02-18 12:23 - 2013-12-20 04:28 - 00861976 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-02-18 12:23 - 2013-12-08 19:55 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-18 12:23 - 2013-11-21 01:44 - 03936256 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-18 12:23 - 2013-10-19 03:14 - 00070680 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-02-18 12:23 - 2013-10-15 04:03 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-02-18 12:23 - 2013-10-05 08:05 - 01090808 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-02-18 12:22 - 2014-01-19 03:37 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-02-18 12:22 - 2014-01-09 03:59 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-02-18 12:22 - 2014-01-09 03:42 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-02-18 12:22 - 2014-01-09 03:30 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-02-18 12:22 - 2014-01-09 03:29 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-02-18 12:22 - 2014-01-09 03:28 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-02-18 12:22 - 2014-01-09 03:18 - 03482112 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-02-18 12:22 - 2014-01-09 02:58 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-02-18 12:19 - 2014-02-06 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-18 12:19 - 2014-02-06 06:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-18 12:19 - 2014-02-06 06:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-18 12:19 - 2014-02-06 06:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-18 12:19 - 2014-02-06 05:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-18 12:19 - 2014-02-06 05:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-18 12:19 - 2014-02-06 05:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-18 12:19 - 2014-02-06 05:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-18 12:19 - 2014-02-06 05:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-18 12:19 - 2014-02-06 05:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-18 12:19 - 2014-02-06 05:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-18 12:19 - 2013-12-08 19:54 - 01317376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-18 12:19 - 2013-12-08 19:43 - 00609792 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2014-02-18 12:19 - 2013-11-09 01:52 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2014-02-18 12:19 - 2013-11-09 01:52 - 00240128 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2014-02-18 12:19 - 2013-10-12 20:45 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2014-02-18 12:19 - 2013-10-12 17:14 - 00549888 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-02-18 12:19 - 2013-10-12 17:02 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-02-18 12:19 - 2013-10-03 05:02 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Sensors.dll
2014-02-18 12:19 - 2013-10-02 05:47 - 01018960 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2014-02-18 12:19 - 2013-09-30 23:36 - 00977408 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2014-02-18 12:16 - 2014-02-18 12:16 - 22892386 _____ () C:\Users\Owner\Downloads\torbrowser-install-3.5.2.1_en-US.exe
2014-02-18 12:14 - 2014-03-17 10:00 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-18 12:14 - 2014-03-16 17:49 - 00001121 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-18 12:14 - 2014-02-19 15:38 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2014-02-18 12:14 - 2014-02-19 15:37 - 00000000 ____D () C:\Users\Owner\AppData\Local\Mozilla
2014-02-18 12:14 - 2014-02-18 12:14 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-18 12:12 - 2014-02-18 12:12 - 00282840 _____ (Mozilla) C:\Users\Owner\Downloads\Firefox Setup Stub 27.0.1.exe
2014-02-18 12:11 - 2006-01-16 18:40 - 00073728 _____ (Primax Electronics Ltd.) C:\Windows\system32\PELHOOKS.DLL
2014-02-18 12:11 - 2005-12-30 17:36 - 00126976 _____ (Primax Electronics Ltd.) C:\Windows\system32\PELSCRLL.DLL
2014-02-18 12:11 - 2005-11-26 00:06 - 00229376 _____ (Primax Electronics Ltd.) C:\Windows\system32\PMUNINST.EXE
2014-02-18 12:11 - 2005-09-13 02:22 - 00135168 _____ (Primax Electronics Ltd.) C:\Windows\system32\PELMICED.EXE
2014-02-18 12:11 - 2005-05-20 20:15 - 00217088 _____ (Primax Electronics Ltd.) C:\Windows\system32\PELPPM.DLL
2014-02-18 12:11 - 2005-01-27 15:29 - 00282624 _____ (Primax Electronics Ltd.) C:\Windows\system32\PELWHEEL.DLL
2014-02-18 12:11 - 2005-01-27 14:31 - 00458126 _____ (Primax Electronics Ltd.) C:\Windows\system32\PELBDO.DLL
2014-02-18 12:11 - 2004-07-14 19:36 - 00057344 _____ (Primax Electronics Ltd.) C:\Windows\system32\ICONSPY.EXE
2014-02-18 12:11 - 2004-03-26 18:17 - 00036864 _____ (Primax Electronics Ltd.) C:\Windows\system32\PMUNINNT.EXE
2014-02-18 12:11 - 2004-02-20 14:43 - 00217088 _____ (Primax Electronics Ltd.) C:\Windows\system32\PELUTIL.DLL
2014-02-18 12:11 - 2004-02-20 14:37 - 00049152 _____ (Primax Electronics Ltd.) C:\Windows\system32\PELCOMM.DLL
2014-02-18 12:11 - 2003-11-06 19:51 - 00020480 _____ () C:\Windows\system32\FSRremoS.EXE
2014-02-18 12:11 - 2003-10-29 01:46 - 00024576 _____ () C:\Windows\system32\FSRremoC.DLL
2014-02-18 12:11 - 2003-05-21 17:11 - 00090112 _____ (Primax Electronics Ltd.) C:\Windows\system32\PELZOOM.DLL
2014-02-18 12:11 - 2003-02-11 17:25 - 00009216 _____ (Primax Electronics Ltd.) C:\Windows\system32\Drivers\pelusblf.sys
2014-02-18 12:11 - 2003-01-10 17:55 - 00016384 _____ (Primax Electronics Ltd.) C:\Windows\system32\Drivers\PELMOUSE.SYS
2014-02-18 12:11 - 2001-11-15 21:03 - 00024576 _____ (Primax Electronics Ltd.) C:\Windows\system32\Pelsetup.dll
2014-02-18 12:11 - 2001-10-04 21:34 - 00019456 _____ (Primax Electronics Ltd.) C:\Windows\system32\PMMO32R.DLL
2014-02-18 12:11 - 2001-08-07 21:23 - 00045056 _____ (Primax Electronics Ltd.) C:\Windows\system32\PELRESS.DLL
2014-02-18 12:11 - 2001-07-04 21:46 - 00439003 _____ (Primax Electronics Ltd.) C:\Windows\system32\PMBDO.DLL
2014-02-18 12:11 - 2000-10-13 14:07 - 00075776 _____ (Primax Electronics Ltd.) C:\Windows\system32\PMMILG.DLL
2014-02-18 12:11 - 1999-11-19 19:20 - 00065536 _____ (Primax Electronics Ltd.) C:\Windows\system32\PMIBM.DLL
2014-02-18 12:11 - 1999-07-12 20:12 - 00061952 _____ (Primax Electronics Ltd.) C:\Windows\system32\PMRESHP.DLL
2014-02-15 15:21 - 2014-02-19 22:16 - 00000000 ____D () C:\Windows\Panther
2014-02-15 13:29 - 2014-02-15 13:29 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Macromedia
2014-02-15 13:17 - 2014-02-15 13:17 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-02-15 12:36 - 2014-03-11 20:01 - 00818732 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-15 12:34 - 2014-02-15 12:34 - 00001446 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-15 12:34 - 2014-02-15 12:34 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Adobe
2014-02-15 12:33 - 2014-03-16 12:16 - 00000000 ____D () C:\Users\Owner\AppData\Local\VirtualStore
2014-02-15 12:32 - 2014-03-12 21:00 - 00000000 ____D () C:\Users\Owner
2014-02-15 12:32 - 2014-02-19 15:54 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-02-15 12:32 - 2014-02-19 15:54 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-15 12:32 - 2014-02-19 15:54 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-02-15 12:32 - 2014-02-19 15:54 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-15 12:32 - 2014-02-15 12:32 - 00000020 ___SH () C:\Users\Owner\ntuser.ini

==================== One Month Modified Files and Folders =======

2014-03-17 14:50 - 2014-03-12 16:05 - 00006896 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-03-17 14:48 - 2014-03-12 16:05 - 00000000 ____D () C:\FRST
2014-03-17 14:47 - 2014-03-17 14:47 - 01145856 _____ (Farbar) C:\Users\Owner\Downloads\FRST(5).exe
2014-03-17 14:23 - 2014-03-02 12:07 - 01454493 _____ () C:\Windows\WindowsUpdate.log
2014-03-17 14:00 - 2013-08-22 04:17 - 00000000 ____D () C:\Windows\system32\sru
2014-03-17 12:56 - 2014-03-17 10:25 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-03-17 11:14 - 2014-02-20 18:37 - 00000999 _____ () C:\Users\Owner\Desktop\magicJack.lnk
2014-03-17 11:14 - 2014-02-20 18:37 - 00000985 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2014-03-17 11:14 - 2014-02-20 18:37 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\mjusbsp
2014-03-17 10:22 - 2014-02-22 19:15 - 00000000 __RDO () C:\Users\Owner\SkyDrive
2014-03-17 10:21 - 2013-08-22 03:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-17 10:20 - 2013-08-22 02:13 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-03-17 10:15 - 2014-03-12 16:07 - 00021566 _____ () C:\Users\Owner\Downloads\Shortcut.txt
2014-03-17 10:15 - 2014-03-12 16:06 - 00027148 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-03-17 10:13 - 2014-03-17 10:13 - 01145856 _____ (Farbar) C:\Users\Owner\Downloads\FRST(4).exe
2014-03-17 10:04 - 2014-03-17 10:04 - 01037734 _____ (Thisisu) C:\Users\Owner\Downloads\JRT(4).exe
2014-03-17 10:02 - 2014-03-12 15:18 - 00000000 ____D () C:\AdwCleaner
2014-03-17 10:00 - 2014-03-17 10:00 - 00000386 _____ () C:\Windows\PFRO.log
2014-03-17 10:00 - 2014-02-18 12:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-17 09:57 - 2014-03-17 09:56 - 01950720 _____ () C:\Users\Owner\Downloads\adwcleaner(8).exe
2014-03-16 18:10 - 2014-03-16 18:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-16 17:49 - 2014-02-18 12:14 - 00001121 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-16 15:22 - 2014-02-19 19:57 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Apple Computer
2014-03-16 13:13 - 2014-02-19 19:57 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apple Computer
2014-03-16 12:16 - 2014-02-15 12:33 - 00000000 ____D () C:\Users\Owner\AppData\Local\VirtualStore
2014-03-16 11:22 - 2014-03-16 11:20 - 00000000 ____D () C:\Program Files\Hosts_Anti_Adwares_PUPs
2014-03-16 11:20 - 2014-03-16 11:20 - 01950720 _____ () C:\Users\Owner\Downloads\adwcleaner(7).exe
2014-03-16 11:18 - 2014-03-16 11:18 - 01950720 _____ () C:\Users\Owner\Downloads\adwcleaner(6).exe
2014-03-16 11:13 - 2014-03-16 11:13 - 01145856 _____ (Farbar) C:\Users\Owner\Downloads\FRST(3).exe
2014-03-16 11:05 - 2014-03-16 11:05 - 01037734 _____ (Thisisu) C:\Users\Owner\Downloads\JRT(3).exe
2014-03-16 10:52 - 2014-03-16 10:52 - 01950720 _____ () C:\Users\Owner\Downloads\adwcleaner(5).exe
2014-03-16 10:28 - 2013-08-22 04:17 - 00000000 ____D () C:\Windows\rescache
2014-03-16 10:26 - 2013-08-22 04:17 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-16 09:50 - 2014-03-16 09:50 - 01145856 _____ (Farbar) C:\Users\Owner\Downloads\FRST(2).exe
2014-03-16 09:39 - 2014-03-16 09:39 - 01037734 _____ (Thisisu) C:\Users\Owner\Downloads\JRT(2).exe
2014-03-16 09:32 - 2014-03-16 09:32 - 01950720 _____ () C:\Users\Owner\Downloads\adwcleaner(4).exe
2014-03-15 18:12 - 2014-03-15 18:12 - 00002495 _____ () C:\Users\Public\Desktop\Safari.lnk
2014-03-15 18:12 - 2014-03-15 18:11 - 00000000 ____D () C:\Program Files\Safari
2014-03-15 18:11 - 2014-03-15 18:11 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-03-15 18:08 - 2014-03-15 18:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apple
2014-03-15 18:08 - 2014-03-15 18:08 - 00000000 ____D () C:\ProgramData\Apple
2014-03-15 18:08 - 2014-03-15 18:08 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-03-15 18:05 - 2014-03-15 18:04 - 38494576 _____ (Apple Inc.) C:\Users\Owner\Downloads\SafariSetup.exe
2014-03-14 14:02 - 2013-08-22 04:17 - 00000000 ____D () C:\Windows\AppReadiness
2014-03-12 22:55 - 2014-02-18 13:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-12 22:55 - 2014-02-18 13:33 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
2014-03-12 21:25 - 2014-02-21 19:08 - 00010892 _____ () C:\Users\Owner\.pia_manager_crash.log
2014-03-12 21:24 - 2014-02-22 21:34 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-12 21:17 - 2014-03-12 21:17 - 01145856 _____ (Farbar) C:\Users\Owner\Downloads\FRST(1).exe
2014-03-12 21:04 - 2014-03-12 21:04 - 01037734 _____ (Thisisu) C:\Users\Owner\Downloads\JRT(1).exe
2014-03-12 21:00 - 2014-02-15 12:32 - 00000000 ____D () C:\Users\Owner
2014-03-12 20:58 - 2014-03-12 20:58 - 01949184 _____ () C:\Users\Owner\Downloads\adwcleaner(3).exe
2014-03-12 16:04 - 2014-03-12 16:04 - 01145856 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
2014-03-12 15:55 - 2014-03-12 15:55 - 00000000 ____D () C:\Windows\ERUNT
2014-03-12 15:53 - 2014-03-12 15:53 - 01037734 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2014-03-12 15:49 - 2013-08-22 04:17 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-12 15:35 - 2014-03-12 15:35 - 01949184 _____ () C:\Users\Owner\Downloads\adwcleaner(2).exe
2014-03-12 15:30 - 2014-03-12 15:30 - 01949184 _____ () C:\Users\Owner\Downloads\adwcleaner(1).exe
2014-03-12 15:17 - 2014-03-12 15:17 - 01949184 _____ () C:\Users\Owner\Downloads\adwcleaner.exe
2014-03-11 20:01 - 2014-02-15 12:36 - 00818732 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-11 18:41 - 2014-03-02 12:33 - 00360240 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-11 18:38 - 2013-08-22 04:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-11 18:38 - 2013-08-22 04:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-11 18:38 - 2013-08-22 04:17 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-11 14:14 - 2014-02-18 13:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-11 14:10 - 2014-02-18 13:29 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-10 13:35 - 2013-08-22 02:13 - 00008192 ___SH () C:\Windows\system32\config\ELAM
2014-03-04 18:53 - 2014-02-19 19:03 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-04 18:53 - 2014-02-19 19:03 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-03 19:45 - 2014-03-03 19:45 - 00000000 ____D () C:\Users\Owner\AppData\Local\Macromedia
2014-03-03 14:07 - 2014-02-19 19:49 - 00000000 ____D () C:\Program Files\pia_manager
2014-03-03 14:05 - 2014-02-19 19:52 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2014-03-02 12:04 - 2014-02-21 16:11 - 00000038 _____ () C:\Users\Owner\AppData\Roaming\mbam.context.scan
2014-03-01 00:30 - 2014-03-11 14:06 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-28 23:47 - 2014-03-11 14:06 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-28 23:25 - 2014-03-11 14:06 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-28 23:14 - 2014-03-11 14:06 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 23:03 - 2014-03-11 14:06 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 22:57 - 2014-03-11 14:06 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 22:32 - 2014-03-11 14:06 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 22:27 - 2014-03-11 14:06 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 22:25 - 2014-03-11 14:06 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-27 17:13 - 2014-02-27 17:12 - 00000000 ___SD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2014-02-27 17:12 - 2014-02-27 17:12 - 00001162 _____ () C:\Users\Owner\Desktop\OpenOffice 4.0.1.lnk
2014-02-27 17:09 - 2014-02-18 15:13 - 00000000 ____D () C:\Program Files\OpenOffice 4
2014-02-27 17:08 - 2013-08-22 04:17 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-02-27 16:06 - 2014-02-27 15:51 - 143485940 _____ () C:\Users\Owner\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_en-US(1).exe
2014-02-22 21:33 - 2014-02-22 21:33 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Owner\Downloads\mbar-1.07.0.1009.exe
2014-02-22 19:50 - 2014-02-21 22:44 - 00000000 ____D () C:\Users\Owner\Downloads\mbam-chameleon-1.62.1.1000
2014-02-22 07:24 - 2014-03-11 14:07 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-02-21 19:31 - 2014-02-21 19:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\ESET
2014-02-20 23:02 - 2014-02-20 23:02 - 00000000 ____D () C:\Users\Owner\AppData\Local\tjnet
2014-02-20 23:02 - 2014-02-20 18:36 - 00000000 ____D () C:\Users\Owner\AppData\Local\magicJack
2014-02-20 17:31 - 2014-02-18 17:08 - 00012974 _____ () C:\Windows\system32\lvcoinst.log
2014-02-20 03:02 - 2014-02-20 03:02 - 00001887 _____ () C:\Users\Owner\Desktop\Canon MG2100 series - Shortcut.lnk
2014-02-20 00:43 - 2014-02-20 00:43 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\OpenOffice
2014-02-20 00:42 - 2014-02-20 00:42 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-02-20 00:34 - 2013-08-22 04:17 - 00000000 ___RD () C:\Windows\ToastData
2014-02-20 00:20 - 2013-08-22 04:17 - 00000000 __RSD () C:\Windows\Media
2014-02-20 00:20 - 2013-08-22 04:17 - 00000000 ____D () C:\Windows\twain_32
2014-02-20 00:19 - 2014-02-20 00:19 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-02-20 00:07 - 2014-02-20 00:07 - 00000000 ____D () C:\Users\Owner\Desktop\Tor Browser
2014-02-20 00:03 - 2014-02-20 00:03 - 00000000 ____D () C:\Users\Owner\Desktop\OpenOffice 4.0.1 (en-US) Installation Files
2014-02-19 23:29 - 2014-02-19 23:29 - 00000000 ____D () C:\Program Files\CONEXANT
2014-02-19 23:15 - 2013-08-22 04:17 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-02-19 22:16 - 2014-02-15 15:21 - 00000000 ____D () C:\Windows\Panther
2014-02-19 20:31 - 2014-02-19 20:31 - 00001017 _____ () C:\Users\Owner\Desktop\Pia_Manager.lnk
2014-02-19 20:30 - 2014-02-19 20:28 - 98509072 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\msert.exe
2014-02-19 19:56 - 2014-02-19 19:56 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Titanium
2014-02-19 19:51 - 2014-02-19 19:51 - 00026624 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2014-02-19 19:46 - 2014-02-19 19:45 - 25625628 _____ () C:\Users\Owner\Downloads\privateinternetaccess.exe
2014-02-19 19:23 - 2014-02-18 17:08 - 00000000 ____D () C:\Program Files\Common Files\logishrd
2014-02-19 18:58 - 2013-08-22 04:17 - 00000000 ____D () C:\Windows\WinStore
2014-02-19 18:58 - 2013-08-22 04:17 - 00000000 ____D () C:\Windows\MediaViewer
2014-02-19 18:58 - 2013-08-22 04:17 - 00000000 ____D () C:\Windows\FileManager
2014-02-19 18:58 - 2013-08-22 04:17 - 00000000 ____D () C:\Windows\Camera
2014-02-19 15:55 - 2013-08-22 04:17 - 00000000 ____D () C:\Windows\system32\WinMetadata
2014-02-19 15:54 - 2014-02-18 13:29 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-19 15:54 - 2014-02-15 12:32 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-02-19 15:54 - 2014-02-15 12:32 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-19 15:54 - 2014-02-15 12:32 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-02-19 15:54 - 2014-02-15 12:32 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-19 15:54 - 2013-08-22 04:17 - 00000000 ____D () C:\Windows\SystemResources
2014-02-19 15:54 - 2013-08-22 04:17 - 00000000 ____D () C:\Windows\system32\Macromed
2014-02-19 15:43 - 2013-08-22 04:17 - 00000000 ____D () C:\Windows\registration
2014-02-19 15:38 - 2014-02-18 12:14 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2014-02-19 15:37 - 2014-02-18 12:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\Mozilla
2014-02-19 13:32 - 2014-02-19 13:32 - 00000000 ____D () C:\ProgramData\magicJack
2014-02-18 13:29 - 2014-02-18 13:29 - 00001083 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-18 13:29 - 2014-02-18 13:29 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Malwarebytes
2014-02-18 13:29 - 2014-02-18 13:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-18 12:42 - 2014-02-18 12:42 - 01581896 _____ (ESET) C:\Users\Owner\Downloads\eset_smart_security_live_installer.exe
2014-02-18 12:26 - 2014-02-18 12:26 - 00000000 ____D () C:\ProgramData\ESET
2014-02-18 12:26 - 2014-02-18 12:26 - 00000000 ____D () C:\Program Files\ESET
2014-02-18 12:24 - 2014-02-18 12:24 - 01682336 _____ (ESET) C:\Users\Owner\Downloads\eset_nod32_antivirus_live_installer.exe
2014-02-18 12:16 - 2014-02-18 12:16 - 22892386 _____ () C:\Users\Owner\Downloads\torbrowser-install-3.5.2.1_en-US.exe
2014-02-18 12:14 - 2014-02-18 12:14 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-18 12:12 - 2014-02-18 12:12 - 00282840 _____ (Mozilla) C:\Users\Owner\Downloads\Firefox Setup Stub 27.0.1.exe
2014-02-18 12:11 - 2013-08-22 04:17 - 00000000 ____D () C:\Windows\Help
2014-02-15 15:26 - 2013-08-22 04:17 - 00000000 ____D () C:\Windows\system32\Recovery
2014-02-15 15:20 - 2013-08-22 04:17 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
2014-02-15 13:29 - 2014-02-15 13:29 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Macromedia
2014-02-15 13:17 - 2014-02-15 13:17 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-02-15 13:17 - 2013-08-22 04:17 - 00000000 ____D () C:\Windows\system32\restore
2014-02-15 12:34 - 2014-02-15 12:34 - 00001446 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-15 12:34 - 2014-02-15 12:34 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Adobe
2014-02-15 12:32 - 2014-02-15 12:32 - 00000020 ___SH () C:\Users\Owner\ntuser.ini

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Owner\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys
[2014-03-11 14:06] - [2014-01-31 10:04] - 0265560 ___AC (Microsoft Corporation) CA3C52D981550DEA46576F9FFBA22C58



LastRegBack: 2014-03-16 10:26

==================== End Of Log ============================


#4 messedwith

messedwith
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 17 March 2014 - 02:57 PM

The scan with GMER.exe would not complete!  I tried it twice...the second time, I disconnected my DSL cable, just in case the program was disabled because it was "detected" that I was trying to rid my system of the malware.  On BOTH occasions I got this message as a "pop-up" just after the program stopped:

 

5gvd15fe.exe has stopped working.

 

A problem caused the program to stop working correctly.  Windows will close the program and notify you if a solution is available.

 

What do I do now???



#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 PM

Posted 17 March 2014 - 02:59 PM

Please attach the addition.txt as well.

 

Skip Gmer, do the following instead:

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 messedwith

messedwith
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 17 March 2014 - 03:10 PM

As I stated to you in my first reply...there was NO "Addition.txt" that generated after the first scan...because the "Addition" box was left unchecked.  However, YOU told me NOT to check any of the other boxes.  In order to get a report labeled "Addition"...I will need to check that box in the FRST program AND run a 2nd scan!  IS THIS WHAT YOU WANT ME TO DO???  If so, do you want the NEW FRST.txt doc that will generate with the "Addition.txt" doc???



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 PM

Posted 17 March 2014 - 03:23 PM

I did not see that, sorry.

Please run FRST gain, place the checkmark next to "addition.txt" and run the scan.

 

Upload only the addition.txt. :)

 

P.S.: LARGE words are a sign that you want to YELL at someone - please stop doing that (if you don´t want to yell at me after my work day...I hope so! :) )


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 messedwith

messedwith
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 17 March 2014 - 04:19 PM

I don't mean to offend you...I only use Capital letters in some words as emphasis...so you can see and understand what I am asking.  Otherwise, I fear that my questions or issues will be "passed over"...as you did with my first question about the Addition.txt doc.  Anyway, please find below, the results of the "Addtion.txt" record that came up:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Owner at 2014-03-17 17:14:56
Running from C:\Users\Owner\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ESET NOD32 Antivirus (HKLM\...\{1BE7C1D9-06A8-466D-ADEA-B07F68BDEFB5}) (Version: 7.0.302.26 - ESET, spol s r. o.)
magicJack (HKCU\...\magicJack) (Version: 3.1.6970.4873 - magicJack L.P.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mouse Suite (HKLM\...\MouseSuite98) (Version:  - )
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
OpenOffice 4.0.1 (HKLM\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
PCI SoftV92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.80.5.0 - Conexant Systems)
Private Internet Access Support Files (HKLM\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version:  - )
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)

==================== Restore Points  =========================

27-02-2014 19:10:21 Removed OpenOffice 4.0.1
09-03-2014 20:34:38 Scheduled Checkpoint
15-03-2014 22:08:53 Installed Safari

==================== Hosts content: ==========================

2013-08-22 02:13 - 2014-03-16 11:23 - 00040114 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 2010-fr.com # hosts anti-adware / pups
127.0.0.1 2012-new.biz # hosts anti-adware / pups
127.0.0.1 212link.com # hosts anti-adware / pups
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
127.0.0.1 24h00business.com # hosts anti-adware / pups
127.0.0.1 a.adorika.net # hosts anti-adware / pups
127.0.0.1 a.ad-sys.com # hosts anti-adware / pups
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
127.0.0.1 ad.adn360.com # hosts anti-adware / pups
127.0.0.1 adeartss.eu # hosts anti-adware / pups
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
127.0.0.1 adm.soft365.com # hosts anti-adware / pups
127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups
127.0.0.1 ads.aff.co # hosts anti-adware / pups
127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
127.0.0.1 ads.egdating.net # hosts anti-adware / pups
127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
127.0.0.1 ads.pornerbros.com # hosts anti-adware / pups
127.0.0.1 ads.realken.com # hosts anti-adware / pups
127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups
127.0.0.1 ads.sucomspot.com # hosts anti-adware / pups

There are 641 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {00BC77BF-3352-4FE8-9617-4F1B27BEC19A} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {17233BE9-87E9-40B0-B003-AE9D2B92CBBE} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {247BD142-0549-4E91-84B0-172C25563718} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {2BE65564-89D1-4396-A5CC-D7D9283FC4A1} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {392EB017-207C-42BF-A061-F3BE721F456C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {4B7EF56A-8A42-4BD2-BB5C-7C389AC54A37} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {5700ACE8-D0AF-4BA7-98B6-1033521A877A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {5F39593C-26CC-45B0-B3B9-5229A392CA2B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-03-11] (Microsoft Corporation)
Task: {6E84A59B-1863-4B21-8BD8-C9B20FD15484} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7C7CF1DA-F461-4850-96B2-ADCA8A67E59C} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {850DA3C3-E040-4A54-AA35-0CF3C8661F3C} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2014-03-03] ()
Task: {8B5819AE-7B44-478B-A3D3-8846AF160A8F} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {92ED6570-4654-4BFA-9A6C-1084C6939C16} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {997C8BBD-710B-4E66-B5BC-CC09575A58D2} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {9D585E71-0D37-4E05-960D-C29FB1865A5D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A5D45ED3-F524-4574-8F39-527F3729D1E2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {C0D0F7C4-419F-41B3-90A2-FE79270B828A} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {CF5A1DDC-D14D-4D59-AD49-A19A645B087B} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DCF55BED-B1DF-4ABF-8D85-6542C7007799} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E4C8774A-2818-45A4-8A6D-11DDF6348886} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

==================== Loaded Modules (whitelisted) =============

2014-02-18 12:11 - 2003-11-06 19:51 - 00020480 _____ () C:\Windows\System32\FSRremoS.EXE
2013-05-06 15:12 - 2013-05-06 15:12 - 00084344 _____ () C:\Users\Owner\AppData\Roaming\mjusbsp\octvqem_apiw.DLL
2014-02-19 19:49 - 2014-03-03 14:07 - 08757066 _____ () C:\Program Files\pia_manager\pia_manager.exe
2014-03-17 12:15 - 2014-03-17 12:15 - 00012800 _____ () C:\Users\Owner\AppData\Local\Temp\ocrF6D9.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2014-03-17 12:15 - 2014-03-17 12:15 - 00009728 _____ () C:\Users\Owner\AppData\Local\Temp\ocrF6D9.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2014-03-17 12:15 - 2014-03-17 12:15 - 00014848 _____ () C:\Users\Owner\AppData\Local\Temp\ocrF6D9.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2014-03-17 12:15 - 2014-03-17 12:15 - 00094208 _____ () C:\Users\Owner\AppData\Local\Temp\ocrF6D9.tmp\src\rgloader\rgloader193.mswin.so
2014-03-17 12:15 - 2014-03-17 12:15 - 00009216 _____ () C:\Users\Owner\AppData\Local\Temp\ocrF6D9.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2014-03-17 12:15 - 2014-03-17 12:15 - 00094208 _____ () C:\Users\Owner\AppData\Local\Temp\ocrF6D9.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2014-03-17 12:15 - 2014-03-17 12:15 - 00126976 _____ () C:\Users\Owner\AppData\Local\Temp\ocrF6D9.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2014-03-17 12:15 - 2014-03-17 12:15 - 00087552 _____ () C:\Users\Owner\AppData\Local\Temp\ocrF6D9.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2014-03-17 12:15 - 2014-03-17 12:15 - 00016384 _____ () C:\Users\Owner\AppData\Local\Temp\ocrF6D9.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2014-03-17 12:15 - 2014-03-17 12:15 - 00127316 _____ () C:\Users\Owner\AppData\Local\Temp\ocrF6D9.tmp\bin\libffi-6.dll
2014-03-17 12:15 - 2014-03-17 12:15 - 00008704 _____ () C:\Users\Owner\AppData\Local\Temp\ocrF6D9.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2014-03-17 12:15 - 2014-03-17 12:15 - 00013312 _____ () C:\Users\Owner\AppData\Local\Temp\ocrF6D9.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2014-03-17 12:15 - 2014-03-17 12:15 - 00095744 _____ () C:\Users\Owner\AppData\Local\Temp\ocrF6D9.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2014-03-17 12:15 - 2014-03-17 12:15 - 00027648 _____ () C:\Users\Owner\AppData\Local\Temp\ocrF6D9.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.4.8-x86-mingw32\lib\win32\ruby19\win32\api.so
2014-03-17 12:16 - 2014-03-17 12:16 - 00012800 _____ () C:\Users\Owner\AppData\Local\Temp\ocr77A2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2014-03-17 12:16 - 2014-03-17 12:16 - 00009728 _____ () C:\Users\Owner\AppData\Local\Temp\ocr77A2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2014-03-17 12:16 - 2014-03-17 12:16 - 00014848 _____ () C:\Users\Owner\AppData\Local\Temp\ocr77A2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2014-03-17 12:16 - 2014-03-17 12:16 - 00094208 _____ () C:\Users\Owner\AppData\Local\Temp\ocr77A2.tmp\src\rgloader\rgloader193.mswin.so
2014-03-17 12:16 - 2014-03-17 12:16 - 00094208 _____ () C:\Users\Owner\AppData\Local\Temp\ocr77A2.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2014-03-17 12:16 - 2014-03-17 12:16 - 00118784 _____ () C:\Users\Owner\AppData\Local\Temp\ocr77A2.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2014-03-17 12:16 - 2014-03-17 12:16 - 00069120 _____ () C:\Users\Owner\AppData\Local\Temp\ocr77A2.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2014-03-17 12:16 - 2014-03-17 12:16 - 00083968 _____ () C:\Users\Owner\AppData\Local\Temp\ocr77A2.tmp\bin\zlib1.dll
2014-03-17 12:16 - 2014-03-17 12:16 - 00026624 _____ () C:\Users\Owner\AppData\Local\Temp\ocr77A2.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2014-03-17 12:16 - 2014-03-17 12:16 - 00275968 _____ () C:\Users\Owner\AppData\Local\Temp\ocr77A2.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2014-03-17 12:16 - 2014-03-17 12:16 - 00015360 _____ () C:\Users\Owner\AppData\Local\Temp\ocr77A2.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2014-03-17 12:16 - 2014-03-17 12:16 - 00008192 _____ () C:\Users\Owner\AppData\Local\Temp\ocr77A2.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2014-03-17 12:16 - 2014-03-17 12:16 - 00009216 _____ () C:\Users\Owner\AppData\Local\Temp\ocr77A2.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2014-03-17 12:16 - 2014-03-17 12:16 - 00023552 _____ () C:\Users\Owner\AppData\Local\Temp\ocr77A2.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2014-03-17 12:16 - 2014-03-17 12:16 - 00008704 _____ () C:\Users\Owner\AppData\Local\Temp\ocr77A2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2014-03-17 12:16 - 2014-03-17 12:16 - 00008704 _____ () C:\Users\Owner\AppData\Local\Temp\ocr77A2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2014-03-17 12:16 - 2014-03-17 12:16 - 00008704 _____ () C:\Users\Owner\AppData\Local\Temp\ocr77A2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2014-03-17 12:16 - 2014-03-17 12:16 - 00008704 _____ () C:\Users\Owner\AppData\Local\Temp\ocr77A2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2014-03-17 12:16 - 2014-03-17 12:16 - 00036352 _____ () C:\Users\Owner\AppData\Local\Temp\ocr77A2.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2014-03-17 12:16 - 2014-03-17 12:16 - 00126976 _____ () C:\Users\Owner\AppData\Local\Temp\ocr77A2.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2014-03-17 12:16 - 2014-03-17 12:16 - 00087552 _____ () C:\Users\Owner\AppData\Local\Temp\ocr77A2.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2014-03-17 12:16 - 2014-03-17 12:16 - 00016384 _____ () C:\Users\Owner\AppData\Local\Temp\ocr77A2.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2014-03-17 12:16 - 2014-03-17 12:16 - 00127316 _____ () C:\Users\Owner\AppData\Local\Temp\ocr77A2.tmp\bin\libffi-6.dll
2014-03-17 12:16 - 2014-03-17 12:16 - 00013312 _____ () C:\Users\Owner\AppData\Local\Temp\ocr77A2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2014-03-17 12:16 - 2014-03-17 12:16 - 00095744 _____ () C:\Users\Owner\AppData\Local\Temp\ocr77A2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2014-03-17 12:16 - 2014-03-17 12:16 - 00027648 _____ () C:\Users\Owner\AppData\Local\Temp\ocr77A2.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.4.8-x86-mingw32\lib\win32\ruby19\win32\api.so
2014-02-19 19:49 - 2014-03-03 14:07 - 00176128 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
2014-02-19 19:49 - 2014-03-03 14:07 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
2014-02-19 19:50 - 2014-03-03 14:07 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
2014-02-19 19:49 - 2014-03-03 14:07 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
2014-02-19 19:49 - 2014-03-03 14:07 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
2014-02-19 19:51 - 2014-03-03 14:07 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
2014-02-19 19:49 - 2014-03-03 14:07 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
2014-02-19 19:50 - 2014-03-03 14:07 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
2014-02-19 19:50 - 2014-03-03 14:07 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
2014-02-19 19:49 - 2014-03-03 14:07 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
2014-02-19 19:49 - 2014-03-03 14:07 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
2014-02-19 19:49 - 2014-03-03 14:07 - 00376832 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
2014-02-19 19:50 - 2014-03-03 14:07 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
2014-02-19 19:49 - 2014-03-03 14:07 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
2014-03-16 18:10 - 2014-03-16 18:10 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-03-11 18:45 - 2014-03-11 18:45 - 16276872 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Owner\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/17/2014 03:47:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: 5qvd15fe.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: 5qvd15fe.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000409
Fault offset: 0x0007eed4
Faulting process id: 0xaf8
Faulting application start time: 0x5qvd15fe.exe0
Faulting application path: 5qvd15fe.exe1
Faulting module path: 5qvd15fe.exe2
Report Id: 5qvd15fe.exe3
Faulting package full name: 5qvd15fe.exe4
Faulting package-relative application ID: 5qvd15fe.exe5

Error: (03/17/2014 03:25:31 PM) (Source: Application Error) (User: )
Description: Faulting application name: nxxogfmc.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: nxxogfmc.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000409
Fault offset: 0x0007eed4
Faulting process id: 0xdc4
Faulting application start time: 0xnxxogfmc.exe0
Faulting application path: nxxogfmc.exe1
Faulting module path: nxxogfmc.exe2
Report Id: nxxogfmc.exe3
Faulting package full name: nxxogfmc.exe4
Faulting package-relative application ID: nxxogfmc.exe5

Error: (03/17/2014 02:56:36 PM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20413 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 798

Start Time: 01cf4211e431cda9

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbwe\LiveComm.exe

Report Id: d963bbbf-ae05-11e3-973e-00e04d8d848b

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (03/17/2014 02:26:39 PM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20413 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: adc

Start Time: 01cf420db3663707

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbwe\LiveComm.exe

Report Id: aa6e8aee-ae01-11e3-973e-00e04d8d848b

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (03/17/2014 00:20:33 PM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20413 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e48

Start Time: 01cf41fc1afe8494

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbwe\LiveComm.exe

Report Id: 0f8be257-adf0-11e3-973e-00e04d8d848b

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (03/17/2014 00:02:19 PM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20413 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2a8

Start Time: 01cf41f3af2fdf1e

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbwe\LiveComm.exe

Report Id: ab96ab77-ade7-11e3-973e-00e04d8d848b

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (03/17/2014 11:56:28 AM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20413 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d98

Start Time: 01cf41f8be311916

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbwe\LiveComm.exe

Report Id: b225bdb3-adec-11e3-973e-00e04d8d848b

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (03/17/2014 11:15:15 AM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20413 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14c

Start Time: 01cf41f2eef02321

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbwe\LiveComm.exe

Report Id: eb74e1c7-ade6-11e3-973e-00e04d8d848b

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (03/17/2014 10:56:35 AM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20413 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 970

Start Time: 01cf41f05c4d9ad7

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbwe\LiveComm.exe

Report Id: 50e07ffd-ade4-11e3-973e-00e04d8d848b

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (03/17/2014 10:41:35 AM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20413 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: de4

Start Time: 01cf41ee440d0dab

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbwe\LiveComm.exe

Report Id: 3a02461a-ade2-11e3-973e-00e04d8d848b

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1


System errors:
=============
Error: (03/17/2014 09:59:35 AM) (Source: DCOM) (User: BECKY)
Description: Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.1

Error: (03/17/2014 09:47:28 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (03/16/2014 11:20:42 AM) (Source: Service Control Manager) (User: )
Description: The HOSTS Anti-PUPs service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (03/15/2014 08:23:25 PM) (Source: DCOM) (User: BECKY)
Description: {7456B51F-073B-5634-A0D2-65E3CDECDDC5}

Error: (03/15/2014 08:23:04 PM) (Source: DCOM) (User: BECKY)
Description: Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.1

Error: (03/15/2014 07:48:34 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (03/15/2014 07:48:23 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (03/15/2014 07:47:38 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (03/14/2014 02:08:58 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (03/14/2014 01:49:35 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:59:28 PM on ‎3/‎13/‎2014 was unexpected.


Microsoft Office Sessions:
=========================
Error: (03/17/2014 03:47:16 PM) (Source: Application Error)(User: )
Description: 5qvd15fe.exe2.1.19357.052e7ea835qvd15fe.exe2.1.19357.052e7ea83c00004090007eed4af801cf42170945e28bC:\Users\Owner\Downloads\5qvd15fe.exeC:\Users\Owner\Downloads\5qvd15fe.exef0f133aa-ae0c-11e3-973e-00e04d8d848b

Error: (03/17/2014 03:25:31 PM) (Source: Application Error)(User: )
Description: nxxogfmc.exe2.1.19357.052e7ea83nxxogfmc.exe2.1.19357.052e7ea83c00004090007eed4dc401cf421333d8b960C:\Users\Owner\Downloads\nxxogfmc.exeC:\Users\Owner\Downloads\nxxogfmc.exee745df9d-ae09-11e3-973e-00e04d8d848b

Error: (03/17/2014 02:56:36 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.2041379801cf4211e431cda94294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbwe\LiveComm.exed963bbbf-ae05-11e3-973e-00e04d8d848bmicrosoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (03/17/2014 02:26:39 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20413adc01cf420db36637074294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbwe\LiveComm.exeaa6e8aee-ae01-11e3-973e-00e04d8d848bmicrosoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (03/17/2014 00:20:33 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20413e4801cf41fc1afe84944294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbwe\LiveComm.exe0f8be257-adf0-11e3-973e-00e04d8d848bmicrosoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (03/17/2014 00:02:19 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.204132a801cf41f3af2fdf1e4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbwe\LiveComm.exeab96ab77-ade7-11e3-973e-00e04d8d848bmicrosoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (03/17/2014 11:56:28 AM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20413d9801cf41f8be3119164294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbwe\LiveComm.exeb225bdb3-adec-11e3-973e-00e04d8d848bmicrosoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (03/17/2014 11:15:15 AM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.2041314c01cf41f2eef023214294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbwe\LiveComm.exeeb74e1c7-ade6-11e3-973e-00e04d8d848bmicrosoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (03/17/2014 10:56:35 AM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.2041397001cf41f05c4d9ad74294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbwe\LiveComm.exe50e07ffd-ade4-11e3-973e-00e04d8d848bmicrosoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (03/17/2014 10:41:35 AM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20413de401cf41ee440d0dab4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbwe\LiveComm.exe3a02461a-ade2-11e3-973e-00e04d8d848bmicrosoft.windowscommunicationsapps_17.5.9600.20413_x86__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1


==================== Memory info ===========================

Percentage of memory in use: 50%
Total physical RAM: 1982.49 MB
Available physical RAM: 987.68 MB
Total Pagefile: 2430.49 MB
Available Pagefile: 919.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.24 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.45 GB) (Free:91.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: FA53FA53)

Partition: GPT Partition Type.

==================== End Of Log ============================



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 PM

Posted 17 March 2014 - 04:38 PM

Looks good.

 

Please run aswMBR as well and post the log


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 messedwith

messedwith
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 17 March 2014 - 04:56 PM

OK, Marius...here's the aswMBR.txt results:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-03-17 17:20:37
-----------------------------
17:20:37.082 OS Version: Windows 6.2.9200
17:20:37.083 Number of processors: 1 586 0x4F02
17:20:37.160 ComputerName: BECKY UserName: Owner
17:20:39.799 Initialize success
17:25:06.772 AVAST engine defs: 14031701
17:25:33.673 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-6
17:25:33.677 Disk 0 Vendor: ST3120213A 3.AAH Size: 114473MB BusType: 3
17:25:34.080 Disk 0 MBR read successfully
17:25:34.084 Disk 0 MBR scan
17:25:34.198 Disk 0 Windows 7 default MBR code
17:25:34.216 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 350 MB offset 2048
17:25:34.238 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114121 MB offset 718848
17:25:34.338 Disk 0 scanning sectors +234438656
17:25:34.645 Disk 0 scanning C:\Windows\system32\drivers
17:26:25.236 Service scanning
17:27:44.406 Modules scanning
17:28:15.074 Disk 0 trace - called modules:
17:28:15.098 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS viaide.sys PCIIDEX.SYS atapi.sys
17:28:15.717 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x847e7030]
17:28:15.727 3 CLASSPNP.SYS[81b6e4b8] -> nt!IofCallDriver -> [0x84632920]
17:28:15.735 5 ACPI.sys[88cd1d7a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-6[0x83bfd878]
17:28:16.250 AVAST engine scan C:\Windows
17:28:25.390 AVAST engine scan C:\Windows\system32
17:38:25.787 AVAST engine scan C:\Windows\system32\drivers
17:39:27.021 AVAST engine scan C:\Users\Owner
17:47:50.149 AVAST engine scan C:\ProgramData
17:49:28.561 Scan finished successfully
17:50:06.752 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
17:50:06.770 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

 

Please let me know what you find!  THANK YOU!!!  :-)



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 PM

Posted 17 March 2014 - 04:59 PM

There is no malware to be seen.

 

C:\Windows\System32\services.exe Modify startup settings HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS\Start allowed Automatic mode

 

This is a legit system process that configures the Background Intelligent Transfer Service (BITS) to start automated as a service.

It is needed for Windows Updates.

 

Let´s see what we can find else:

 

 

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:
 

  • Click the "Windows Orb" Start button, then click Computer.
  • Right-click on the drive that you wish to check > Properties > Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes > Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check > OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.


A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:
 

  • Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

 

 

 

 

System File Check

For Windows XP:
 

  • Press the Windows- and the R-key simultanously.
  • Within the text box that jus opened, write cmd and hit Enter.


For Windows Vista/7:
 

  • Press the Windows key to open the start menu.
  • Don´t highlight anything, just write cmd.
  • The start menu will offer you an entry named cmd.
  • Right click it and select "run as administrator"



Within the opening window, write the following:
 

sfc /scannow

(See the blank within).

 

  • Hit enter. Your system will be checked for damaged system files.
  • Tell me the result of that scan in here (as the tool produces no log).

Edited by TB-Psychotic, 17 March 2014 - 05:00 PM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 PM

Posted 23 March 2014 - 01:07 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users