Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown User in security settings s-1-5-21 ... 1001 - Can someone please review?


  • This topic is locked This topic is locked
20 replies to this topic

#1 texandave

texandave

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 17 April 2014 - 09:27 PM

Hi, a little background: I updated to Malwarebytes 2.0 premium on Sunday and on its first scan it found pum.hijack.start menu for a user in s-1-5-21 . . .. -1001. I have never been redirected, and my computer is a few years old so I know that the slowness might just be the age and the kaspersky and malwarebytes pro running together, but I was worried so i had some people look at it. I go to school right now and can't afford to pay for a professional so the IT guys there did a few scans and ran a few programs to clean any infections(you'll see there are a few left on my computer, not sure if I should get rid of them or not). Told me that they think I am fine, but because they left the programs on there, and the fact I'm OCD (admitted fault), I decided to see if I can make the PC more secure.

 

 

Forward to today: I found the same user in permissions on a few folders as "unknown user" with the name s-1-5-21 . . . 1001. I have put a picture of what I am talking about as an attachment. Anyway here is my DDS logs, I am copying both the dds.txt and the attach.txt. If you need me to run any other please let me know. Thanks for any help you can give. This is my only PC and finals are coming in about 3 weeks so hope it is ok.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by Owner at 21:12:56 on 2014-04-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4095.2085 [GMT -5:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uProxyOverride = <local>
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"
dRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-Explorer: UseDefaultTile = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1D6E1FAD-1456-4C09-B573-3F2A4712AB27} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1D6E1FAD-1456-4C09-B573-3F2A4712AB27}\374777962756C6563737 : DHCPNameServer = 172.16.3.2 172.16.2.1 172.16.2.3
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vzl20o4g.default-1397684348712\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2012-3-3 15928]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 29792]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-6-8 54368]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]
R1 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-4-13 88280]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-2-29 202752]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2012-3-3 14904]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -r [?]
R2 FastBootAgent;FastBootAgent;C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe [2012-3-3 306232]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-13 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-13 857912]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-10-25 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-10-25 29280]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-6-25 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-13 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-13 63192]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-8 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-4 19456]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-4 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-3 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-04-18 00:56:01    119512    ----a-w-    C:\Windows\System32\drivers\7DD519D3.sys
2014-04-17 13:16:12    --------    d-----w-    C:\Users\Owner\AppData\Local\Google
2014-04-16 03:29:49    --------    d-----w-    C:\Windows\pss
2014-04-16 03:19:24    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-04-16 00:01:01    10521840    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{88A5669A-4B58-4228-8EBF-797F6C069719}\mpengine.dll
2014-04-14 22:37:33    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-14 01:21:25    --------    d-----w-    C:\AdwCleaner
2014-04-13 16:46:33    119512    ----a-w-    C:\Windows\System32\drivers\654D1A23.sys
2014-04-13 15:03:20    119512    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-13 15:00:38    88280    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-13 15:00:38    63192    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-04-13 15:00:37    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-09 00:48:58    48128    ----a-w-    C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll
2014-04-09 00:16:36    1684928    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2014-04-07 02:49:15    --------    d-----w-    C:\Windows\ERUNT
.
==================== Find3M  ====================
.
2014-04-17 23:53:40    45056    ----a-w-    C:\Windows\System32\acovcnt.exe
2014-04-03 14:50:58    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-03-12 02:53:22    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 02:53:22    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-06 09:32:16    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-03-06 09:31:33    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:32:07    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-03-06 08:29:40    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41    5784064    ----a-w-    C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43    38400    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36    4254720    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40    592896    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43    32256    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15    2043904    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39    1967104    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40    2260480    ----a-w-    C:\Windows\System32\wininet.dll
2014-03-06 05:41:49    1789440    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-03-04 09:44:21    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21    243712    ----a-w-    C:\Windows\System32\wow64.dll
2014-03-04 09:44:21    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2014-02-07 01:23:30    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-02-04 02:35:56    190912    ----a-w-    C:\Windows\System32\drivers\storport.sys
2014-02-04 02:35:49    274880    ----a-w-    C:\Windows\System32\drivers\msiscsi.sys
2014-02-04 02:35:35    27584    ----a-w-    C:\Windows\System32\drivers\Diskdump.sys
2014-02-04 02:32:22    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-02-04 02:28:36    2048    ----a-w-    C:\Windows\System32\iologmsg.dll
2014-02-04 02:04:22    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-02-04 02:00:39    2048    ----a-w-    C:\Windows\SysWow64\iologmsg.dll
2014-01-29 02:32:18    484864    ----a-w-    C:\Windows\System32\wer.dll
2014-01-29 02:06:47    381440    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
2009-04-08 18:31:56    106496    ----a-w-    C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45:20    155648    ----a-w-    C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 21:13:29.87 ===============
 

 

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/3/2012 9:12:50 AM
System Uptime: 4/17/2014 6:52:55 PM (3 hours ago)
.
Motherboard: ASUSTeK Computer Inc.         |  | N81Vp     
Processor: Intel® Core™2 Duo CPU     P8700  @ 2.53GHz | Socket 478 | 2534/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 116 GiB total, 71.676 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 335 GiB total, 300.247 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP300: 4/15/2014 10:15:21 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
ASUS AI Recovery
ASUS CopyProtect
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ATI Catalyst Install Manager
ATK Generic Function Service
ATK Hotkey
ATKOSD2
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
ControlDeck
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Fast Boot
FEZ
Google Chrome
Google Update Helper
ITECIR
Kaspersky Anti-Virus 2013
Left 4 Dead 2
Malwarebytes Anti-Malware version 2.0.1.1004
Microsoft .NET Framework 4.5.1
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
NVIDIA PhysX
Origin
Papers, Please
PunkBuster Services
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
RICOH R5U8xx Media Driver ver.3.62.02
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2863926) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shadow Warrior Classic Redux
Sine Mora
Steam
Synaptics Pointing Device Driver
The Sims™ 3
The Sims™ 3 High-End Loft Stuff
The Sims™ 3 Late Night
The Walking Dead: Season Two
The Wolf Among Us
To the Moon
Toki Tori 2+
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
WebEx Training Manager for Firefox or Chrome
WinFlash
Wireless Console 2
.
==== Event Viewer Messages From Past Week ========
.
4/17/2014 7:01:09 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
4/17/2014 7:01:09 AM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/17/2014 7:01:08 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/17/2014 7:00:46 AM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
4/17/2014 7:00:46 AM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
4/17/2014 6:54:28 PM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
4/17/2014 12:11:39 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{1D6E1FAD-1456-4C09-B573-3F2A4712AB27} because another computer on the network has the same name.  The server could not start.
4/17/2014 12:11:39 PM, Error: NetBT [4321]  - The name "OWNER-PC       :20" could not be registered on the interface with IP address 172.16.105.118. The computer with the IP address 172.16.3.2 did not allow the name to be claimed by this computer.
4/17/2014 12:11:36 PM, Error: NetBT [4321]  - The name "OWNER-PC       :0" could not be registered on the interface with IP address 172.16.105.118. The computer with the IP address 172.16.3.2 did not allow the name to be claimed by this computer.
4/16/2014 5:37:42 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer EDBD-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1D6E1FAD-1456-4C09-B573-3F2A4712AB27}. The master browser is stopping or an election is being forced.
4/16/2014 12:05:45 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
4/16/2014 10:30:48 PM, Error: Service Control Manager [7034]  - The ASLDR Service service terminated unexpectedly.  It has done this 1 time(s).
4/15/2014 8:18:22 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
4/15/2014 10:31:07 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
4/15/2014 10:31:07 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/15/2014 10:31:07 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/15/2014 10:31:04 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/15/2014 10:30:59 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/15/2014 10:30:49 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache KLIF kneps spldr Wanarpv6
.
==== End Of File ===========================
 

Attached Files


Edited by texandave, 17 April 2014 - 09:30 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 AM

Posted 22 April 2014 - 09:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/531468 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 texandave

texandave
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 23 April 2014 - 06:51 AM

Thank you for the reply:

1. I don't know if I would say problems, but the user account was in the security of some users, I was able to remove the user and has not reappeared.

2. I do not have the original windows cd, but do have an oem windows 7 home I can use if needed.

 

The new logs are below:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by Owner at 6:46:07 on 2014-04-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4095.1908 [GMT -5:00]
.
AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\wmi64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uProxyOverride = <local>
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"
dRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-Explorer: UseDefaultTile = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1D6E1FAD-1456-4C09-B573-3F2A4712AB27} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1D6E1FAD-1456-4C09-B573-3F2A4712AB27}\374777962756C6563737 : DHCPNameServer = 172.16.3.2 172.16.2.1 172.16.2.3
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vzl20o4g.default-1397684348712\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2012-3-3 15928]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 29792]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-6-8 54368]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]
R1 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-4-13 88280]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-2-29 202752]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2012-3-3 14904]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -r [?]
R2 FastBootAgent;FastBootAgent;C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe [2012-3-3 306232]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-13 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-13 857912]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-10-25 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-10-25 29280]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-6-25 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-13 119512]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-8 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-4 19456]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-4 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-3 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-04-22 11:51:50    10651704    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BADB3367-141D-450E-B34B-3F6D1C3CD251}\mpengine.dll
2014-04-20 15:14:46    119512    ----a-w-    C:\Windows\System32\drivers\509A42FA.sys
2014-04-18 14:07:05    --------    d-----w-    C:\Users\Owner\AppData\Local\CrashDumps
2014-04-18 02:28:24    --------    d-----w-    C:\Users\Owner\AppData\Local\Macromedia
2014-04-18 00:56:01    119512    ----a-w-    C:\Windows\System32\drivers\7DD519D3.sys
2014-04-17 13:16:12    --------    d-----w-    C:\Users\Owner\AppData\Local\Google
2014-04-16 03:29:49    --------    d-----w-    C:\Windows\pss
2014-04-16 03:19:24    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-04-14 22:37:33    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-14 01:21:25    --------    d-----w-    C:\AdwCleaner
2014-04-13 16:46:33    119512    ----a-w-    C:\Windows\System32\drivers\654D1A23.sys
2014-04-13 15:03:20    119512    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-13 15:00:38    88280    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-13 15:00:38    63192    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-04-13 15:00:37    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-09 00:48:58    48128    ----a-w-    C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll
2014-04-09 00:16:36    1684928    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2014-04-07 02:49:15    --------    d-----w-    C:\Windows\ERUNT
.
==================== Find3M  ====================
.
2014-04-21 11:28:48    45056    ----a-w-    C:\Windows\System32\acovcnt.exe
2014-04-03 14:50:58    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-03-31 14:35:08    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-03-12 02:53:22    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 02:53:22    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-06 09:32:16    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-03-06 09:31:33    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:32:07    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-03-06 08:29:40    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41    5784064    ----a-w-    C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43    38400    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36    4254720    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40    592896    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43    32256    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15    2043904    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39    1967104    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40    2260480    ----a-w-    C:\Windows\System32\wininet.dll
2014-03-06 05:41:49    1789440    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-03-04 09:44:21    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21    243712    ----a-w-    C:\Windows\System32\wow64.dll
2014-03-04 09:44:21    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2014-02-07 01:23:30    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-02-04 02:35:56    190912    ----a-w-    C:\Windows\System32\drivers\storport.sys
2014-02-04 02:35:49    274880    ----a-w-    C:\Windows\System32\drivers\msiscsi.sys
2014-02-04 02:35:35    27584    ----a-w-    C:\Windows\System32\drivers\Diskdump.sys
2014-02-04 02:32:22    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-02-04 02:28:36    2048    ----a-w-    C:\Windows\System32\iologmsg.dll
2014-02-04 02:04:22    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-02-04 02:00:39    2048    ----a-w-    C:\Windows\SysWow64\iologmsg.dll
2014-01-29 02:32:18    484864    ----a-w-    C:\Windows\System32\wer.dll
2014-01-29 02:06:47    381440    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
2009-04-08 18:31:56    106496    ----a-w-    C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45:20    155648    ----a-w-    C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH:  6:47:04.10 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/3/2012 9:12:50 AM
System Uptime: 4/23/2014 6:36:59 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer Inc.         |  | N81Vp     
Processor: Intel® Core™2 Duo CPU     P8700  @ 2.53GHz | Socket 478 | 2534/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 116 GiB total, 70.86 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 335 GiB total, 299.455 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP300: 4/15/2014 10:15:21 PM - ComboFix created restore point
RP301: 4/22/2014 6:51:04 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
ASUS AI Recovery
ASUS CopyProtect
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ATI Catalyst Install Manager
ATK Generic Function Service
ATK Hotkey
ATKOSD2
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
ControlDeck
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Fast Boot
FEZ
Google Chrome
Google Update Helper
ITECIR
Kaspersky Anti-Virus 2013
Left 4 Dead 2
Malwarebytes Anti-Malware version 2.0.1.1004
Microsoft .NET Framework 4.5.1
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
NVIDIA PhysX
Origin
Papers, Please
PunkBuster Services
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
RICOH R5U8xx Media Driver ver.3.62.02
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2863926) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shadow Warrior Classic Redux
Sine Mora
Steam
Synaptics Pointing Device Driver
The Sims™ 3
The Sims™ 3 High-End Loft Stuff
The Sims™ 3 Late Night
The Walking Dead: Season Two
The Wolf Among Us
To the Moon
Toki Tori 2+
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
WebEx Training Manager for Firefox or Chrome
WinFlash
Wireless Console 2
.
==== Event Viewer Messages From Past Week ========
.
4/22/2014 6:48:04 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
4/22/2014 6:48:04 AM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/22/2014 6:47:42 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/22/2014 6:47:34 AM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
4/22/2014 6:47:34 AM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
4/21/2014 8:55:14 PM, Error: Service Control Manager [7034]  - The ATKGFNEX Service service terminated unexpectedly.  It has done this 1 time(s).
4/21/2014 8:23:25 PM, Error: Service Control Manager [7034]  - The ASLDR Service service terminated unexpectedly.  It has done this 1 time(s).
4/21/2014 6:53:02 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer EDBD-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1D6E1FAD-1456-4C09-B573-3F2A4712AB27}. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================

 


Edited by texandave, 23 April 2014 - 06:53 AM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:58 PM

Posted 23 April 2014 - 06:45 PM

Greetings texandave and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Are you experiencing any issues now? Are you simply trying to confirm your computer is clean?

While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • Attached System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 texandave

texandave
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 23 April 2014 - 07:19 PM

No worries on the patience thing, I understand you guys are busy.
 
And yes, I'm not really seeing any problems. I am just hoping someone can check to see if it is clean is all, it's my only laptop that I can use for exams.
 
Logs are below:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-04-2014
Ran by Owner (administrator) on DB-WORK on 23-04-2014 19:05:34
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(ASUSTeK Computer Inc.) C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8061984 2009-08-12] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1813288 2009-09-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-08-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [8493624 2009-07-07] (ASUS)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM\...\Policies\Explorer: [UseDefaultTile] 0
HKU\S-1-5-21-52788973-1784177707-2326817986-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vzl20o4g.default-1397684348712
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll No File
FF Extension: NoScript - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vzl20o4g.default-1397684348712\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-16]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013-03-01]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013-03-01]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2013-03-01]

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-17]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-17]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-17]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-17]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-04-17]
CHR Extension: (Content Blocker) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-04-17]
CHR Extension: (Virtual Keyboard) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-04-17]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-17]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-17]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\ab.crx [2012-10-25]

==================== Services (Whitelisted) =================

R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
R2 FastBootAgent; C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe [306232 2009-07-23] (ASUSTeK Computer Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-13] ()

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-04-26] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-26] (Kaspersky Lab ZAO)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [88280 2014-04-03] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-05-20] ()
S3 ASUSProcObsrv; \??\C:\Preload64\Patch\AsPrOb64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-23 19:05 - 2014-04-23 19:05 - 00014161 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-04-23 19:05 - 2014-04-23 19:05 - 00000000 ____D () C:\FRST
2014-04-23 19:04 - 2014-04-23 19:04 - 02061312 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-04-23 17:20 - 2014-04-23 17:20 - 00005971 _____ () C:\Users\Owner\Desktop\command center teas.obj
2014-04-23 06:47 - 2014-04-23 06:47 - 00017070 _____ () C:\Users\Owner\Desktop\dds.txt
2014-04-23 06:47 - 2014-04-23 06:47 - 00007661 _____ () C:\Users\Owner\Desktop\attach.txt
2014-04-22 06:45 - 2014-04-23 15:55 - 00000168 _____ () C:\Windows\setupact.log
2014-04-22 06:45 - 2014-04-22 06:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-20 10:14 - 2014-04-20 10:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\509A42FA.sys
2014-04-18 09:07 - 2014-04-18 09:16 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-04-17 21:28 - 2014-04-17 21:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\Macromedia
2014-04-17 21:07 - 2014-04-17 21:07 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2014-04-17 19:56 - 2014-04-17 19:56 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\7DD519D3.sys
2014-04-17 08:17 - 2014-04-17 08:17 - 00002257 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-17 08:17 - 2014-04-17 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-04-17 08:16 - 2014-04-23 18:21 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-17 08:16 - 2014-04-23 16:02 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-17 08:16 - 2014-04-17 08:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-04-17 08:16 - 2014-04-17 08:16 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-17 08:16 - 2014-04-17 08:16 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-17 08:16 - 2014-04-17 08:16 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-16 07:07 - 2014-04-16 07:07 - 00002107 _____ () C:\Users\Owner\Desktop\aswMBR.txt
2014-04-16 07:07 - 2014-04-16 07:07 - 00000512 _____ () C:\Users\Owner\Desktop\MBR.dat
2014-04-16 06:37 - 2014-04-16 06:37 - 04745728 _____ (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
2014-04-16 06:37 - 2014-04-16 06:37 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
2014-04-15 22:29 - 2014-04-15 22:29 - 00000000 ____D () C:\Windows\pss
2014-04-15 19:51 - 2014-04-15 19:51 - 00001415 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-14 17:37 - 2014-04-15 07:43 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-13 20:21 - 2014-04-18 09:15 - 00000000 ____D () C:\AdwCleaner
2014-04-13 20:20 - 2014-04-13 20:20 - 01426178 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe
2014-04-13 20:08 - 2014-04-13 20:08 - 00448512 _____ (OldTimer Tools) C:\Users\Owner\Desktop\TFC.exe
2014-04-13 19:52 - 2014-04-15 22:15 - 00000000 ____D () C:\Windows\erdnt
2014-04-13 16:23 - 2014-04-13 16:23 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-13 16:23 - 2014-04-13 16:23 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-13 16:23 - 2014-04-13 16:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-13 11:46 - 2014-04-13 11:46 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\654D1A23.sys
2014-04-13 10:03 - 2014-04-23 16:58 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-13 10:00 - 2014-04-13 10:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-13 10:00 - 2014-04-13 10:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-13 10:00 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-13 10:00 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-12 11:09 - 2014-04-12 11:12 - 00000000 ____D () C:\Users\Owner\Desktop\Command Center filing docs
2014-04-08 19:49 - 2014-03-06 04:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-08 19:49 - 2014-03-06 04:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-08 19:49 - 2014-03-06 03:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-08 19:49 - 2014-03-06 03:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-08 19:49 - 2014-03-06 03:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-08 19:49 - 2014-03-06 03:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-08 19:49 - 2014-03-06 03:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-08 19:49 - 2014-03-06 03:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-08 19:49 - 2014-03-06 02:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-08 19:49 - 2014-03-06 02:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-08 19:48 - 2014-03-06 05:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-08 19:48 - 2014-03-06 04:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-08 19:48 - 2014-03-06 03:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-08 19:48 - 2014-03-06 03:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-08 19:48 - 2014-03-06 03:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-08 19:48 - 2014-03-06 03:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-08 19:48 - 2014-03-06 03:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-08 19:48 - 2014-03-06 03:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-08 19:48 - 2014-03-06 03:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-08 19:48 - 2014-03-06 03:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-08 19:48 - 2014-03-06 03:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-08 19:48 - 2014-03-06 03:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-08 19:48 - 2014-03-06 03:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-08 19:48 - 2014-03-06 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-08 19:48 - 2014-03-06 02:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-08 19:48 - 2014-03-06 02:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-08 19:48 - 2014-03-06 02:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-08 19:48 - 2014-03-06 02:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-08 19:48 - 2014-03-06 02:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-08 19:48 - 2014-03-06 02:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-08 19:48 - 2014-03-06 02:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-08 19:48 - 2014-03-06 02:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-08 19:48 - 2014-03-06 02:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-08 19:48 - 2014-03-06 02:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-08 19:48 - 2014-03-06 02:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-08 19:48 - 2014-03-06 02:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-08 19:48 - 2014-03-06 02:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-08 19:48 - 2014-03-06 02:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-08 19:48 - 2014-03-06 01:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-08 19:48 - 2014-03-06 01:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-08 19:48 - 2014-03-06 01:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-08 19:48 - 2014-03-06 01:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-08 19:48 - 2014-03-06 01:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-08 19:48 - 2014-03-06 00:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-08 19:48 - 2014-03-06 00:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-08 19:48 - 2014-03-06 00:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-08 19:48 - 2014-03-06 00:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-08 19:48 - 2014-03-06 00:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-08 19:16 - 2014-03-04 04:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-08 19:16 - 2014-03-04 04:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-08 19:16 - 2014-03-04 04:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-08 19:16 - 2014-03-04 04:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-08 19:16 - 2014-03-04 04:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-08 19:16 - 2014-03-04 04:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-08 19:16 - 2014-03-04 04:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 19:16 - 2014-03-04 04:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-08 19:16 - 2014-03-04 04:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-08 19:16 - 2014-03-04 03:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-08 19:16 - 2014-03-04 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-08 19:16 - 2014-02-03 21:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-08 19:16 - 2014-02-03 21:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-08 19:16 - 2014-02-03 21:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-08 19:16 - 2014-02-03 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-08 19:16 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-08 19:16 - 2014-01-23 21:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-06 21:49 - 2014-04-06 21:49 - 00000000 ____D () C:\Windows\ERUNT
2014-03-30 08:42 - 2014-04-15 19:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-25 16:06 - 2014-04-23 07:14 - 00003104 _____ () C:\Windows\System32\Tasks\P4G Sidebar

==================== One Month Modified Files and Folders =======

2014-04-23 19:05 - 2014-04-23 19:05 - 00014161 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-04-23 19:05 - 2014-04-23 19:05 - 00000000 ____D () C:\FRST
2014-04-23 19:04 - 2014-04-23 19:04 - 02061312 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-04-23 19:03 - 2012-05-24 07:41 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-23 18:53 - 2012-03-29 06:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-23 18:21 - 2014-04-17 08:16 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-23 18:15 - 2012-03-04 16:17 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-23 17:41 - 2012-06-03 11:20 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-04-23 17:40 - 2012-02-29 09:35 - 01981885 _____ () C:\Windows\WindowsUpdate.log
2014-04-23 17:20 - 2014-04-23 17:20 - 00005971 _____ () C:\Users\Owner\Desktop\command center teas.obj
2014-04-23 16:58 - 2014-04-13 10:03 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-23 16:07 - 2012-03-03 04:59 - 00003004 _____ () C:\Windows\System32\Tasks\ASUS Live Update
2014-04-23 16:03 - 2009-07-13 23:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-23 16:03 - 2009-07-13 23:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-23 16:02 - 2014-04-17 08:16 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-23 15:55 - 2014-04-22 06:45 - 00000168 _____ () C:\Windows\setupact.log
2014-04-23 15:55 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-23 07:14 - 2014-03-25 16:06 - 00003104 _____ () C:\Windows\System32\Tasks\P4G Sidebar
2014-04-23 06:47 - 2014-04-23 06:47 - 00017070 _____ () C:\Users\Owner\Desktop\dds.txt
2014-04-23 06:47 - 2014-04-23 06:47 - 00007661 _____ () C:\Users\Owner\Desktop\attach.txt
2014-04-22 06:45 - 2014-04-22 06:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-21 06:28 - 2012-05-15 06:14 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-04-20 10:14 - 2014-04-20 10:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\509A42FA.sys
2014-04-18 09:16 - 2014-04-18 09:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-04-18 09:15 - 2014-04-13 20:21 - 00000000 ____D () C:\AdwCleaner
2014-04-17 21:28 - 2014-04-17 21:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\Macromedia
2014-04-17 21:07 - 2014-04-17 21:07 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2014-04-17 19:56 - 2014-04-17 19:56 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\7DD519D3.sys
2014-04-17 08:17 - 2014-04-17 08:17 - 00002257 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-17 08:17 - 2014-04-17 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-04-17 08:17 - 2014-04-17 08:16 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-04-17 08:16 - 2014-04-17 08:16 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-17 08:16 - 2014-04-17 08:16 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-17 08:16 - 2014-04-17 08:16 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-16 21:52 - 2013-12-10 20:43 - 00000000 ____D () C:\Users\Owner\Documents\Fall 2013
2014-04-16 20:47 - 2012-09-30 09:08 - 00000000 ____D () C:\Users\Owner\Documents\English for Erika
2014-04-16 07:07 - 2014-04-16 07:07 - 00002107 _____ () C:\Users\Owner\Desktop\aswMBR.txt
2014-04-16 07:07 - 2014-04-16 07:07 - 00000512 _____ () C:\Users\Owner\Desktop\MBR.dat
2014-04-16 06:37 - 2014-04-16 06:37 - 04745728 _____ (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
2014-04-16 06:37 - 2014-04-16 06:37 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
2014-04-15 22:29 - 2014-04-15 22:29 - 00000000 ____D () C:\Windows\pss
2014-04-15 22:24 - 2009-07-29 01:03 - 00000000 ____D () C:\Windows\Panther
2014-04-15 22:15 - 2014-04-13 19:52 - 00000000 ____D () C:\Windows\erdnt
2014-04-15 20:18 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-15 19:51 - 2014-04-15 19:51 - 00001415 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-15 19:10 - 2012-03-18 16:44 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-15 19:09 - 2014-03-30 08:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-15 07:43 - 2014-04-14 17:37 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-13 20:20 - 2014-04-13 20:20 - 01426178 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe
2014-04-13 20:08 - 2014-04-13 20:08 - 00448512 _____ (OldTimer Tools) C:\Users\Owner\Desktop\TFC.exe
2014-04-13 20:02 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-04-13 16:23 - 2014-04-13 16:23 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-13 16:23 - 2014-04-13 16:23 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-13 16:23 - 2014-04-13 16:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-13 16:23 - 2012-03-16 14:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2014-04-13 11:46 - 2014-04-13 11:46 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\654D1A23.sys
2014-04-13 10:00 - 2014-04-13 10:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-13 10:00 - 2014-04-13 10:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-13 10:00 - 2012-06-25 07:14 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Malwarebytes
2014-04-13 10:00 - 2012-06-25 07:13 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-13 10:00 - 2012-06-25 07:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-13 10:00 - 2012-06-25 07:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-04-12 11:12 - 2014-04-12 11:09 - 00000000 ____D () C:\Users\Owner\Desktop\Command Center filing docs
2014-04-08 21:20 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-04-08 19:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-08 19:22 - 2012-03-10 19:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-08 19:20 - 2013-08-14 08:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-08 19:18 - 2012-03-03 12:37 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-08 07:37 - 2013-06-05 07:50 - 00000000 ____D () C:\ProgramData\Skype
2014-04-07 21:44 - 2012-03-03 10:12 - 00000000 ____D () C:\Users\Owner
2014-04-06 21:49 - 2014-04-06 21:49 - 00000000 ____D () C:\Windows\ERUNT
2014-04-06 20:09 - 2012-11-04 12:14 - 00000000 ____D () C:\Users\Owner\Documents\David's resume
2014-04-03 09:51 - 2014-04-13 10:00 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-13 10:00 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2012-06-25 07:13 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-03 06:43 - 2013-10-30 20:31 - 00032560 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-31 09:41 - 2012-03-03 10:18 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-31 09:39 - 2014-03-11 21:29 - 00000000 ___RD () C:\Users\Owner\Dropbox
2014-03-31 09:35 - 2012-03-03 10:41 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-25 07:04 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-20 10:50

==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-04-2014
Ran by Owner at 2014-04-23 19:06:10
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Anti-Virus (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.5 - ASUS)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}) (Version: 1.1.19 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.17 - asus)
ATI Catalyst Install Manager (HKLM\...\{70AC5D50-0810-1B01-AAED-F86702610BD9}) (Version: 3.0.741.0 - ATI Technologies, Inc.)
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0052 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0005 - ASUS)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0813.2131.36817 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0813.2131.36817 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0813.2131.36817 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0813.2131.36817 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0813.2131.36817 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0813.2131.36817 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0813.2131.36817 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0813.2131.36817 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0813.2130.36817 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0813.2130.36817 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0813.2130.36817 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0813.2130.36817 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0813.2130.36817 - ATI) Hidden
CCC Help English (x32 Version: 2009.0813.2130.36817 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0813.2130.36817 - ATI) Hidden
CCC Help French (x32 Version: 2009.0813.2130.36817 - ATI) Hidden
CCC Help German (x32 Version: 2009.0813.2130.36817 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0813.2130.36817 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0813.2130.36817 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0813.2130.36817 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0813.2130.36817 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0813.2130.36817 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0813.2130.36817 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0813.2130.36817 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0813.2130.36817 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0813.2130.36817 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0813.2130.36817 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0813.2130.36817 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0813.2130.36817 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0813.2130.36817 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0813.2131.36817 - ATI) Hidden
ccc-utility64 (Version: 2009.0813.2131.36817 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.3 - ASUS)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
Fast Boot (HKLM-x32\...\{A16656CE-4B17-4484-A13F-22B9500E5223}) (Version: 1.0.0 - ASUS)
FEZ (HKLM-x32\...\Steam App 224760) (Version:  - Polytron Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
ITECIR (HKLM-x32\...\{40580068-9B10-40B5-9548-536CE88AB23C}) (Version: 1.00.0000 - ITE)
Kaspersky Anti-Virus 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Anti-Virus 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.989 - Even Balance, Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5915 - Realtek Semiconductor Corp.)
RICOH R5U8xx Media Driver ver.3.62.02 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.62.02 - RICOH)
Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version:  - 5th Cell Media)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shadow Warrior Classic Redux (HKLM-x32\...\Steam App 225160) (Version:  - 3D Realms)
Sine Mora (HKLM-x32\...\Steam App 207040) (Version:  - Digital Reality)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.1.1 - Synaptics Incorporated)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.55.4 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version:  - Telltale Games)
The Wolf Among Us (HKLM-x32\...\Steam App 250320) (Version:  - )
To the Moon (HKLM-x32\...\Steam App 206440) (Version:  - Freebird Games)
Toki Tori 2+ (HKLM-x32\...\Steam App 201420) (Version:  - Two Tribes)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
WebEx Training Manager for Firefox or Chrome (HKLM-x32\...\{81F0FD7B-3B8A-4642-921D-2F3B7DE3631C}) (Version: 5.29.3212 - Cisco WebEx LLC)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
Wireless Console 2 (HKLM-x32\...\{83F73CB1-7705-49D1-9852-84D839CA2A45}) (Version: 2.0.10 - ATK)

==================== Restore Points  =========================

16-04-2014 03:15:21 ComboFix created restore point
22-04-2014 11:51:04 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2014-04-13 20:00 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {21BC8A5C-34E5-479B-8819-36664CC08AF3} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {39FBA4F5-C950-4B0E-B764-9CC85BA3E72A} - System32\Tasks\P4G Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {58B5C353-8F68-4E5C-94D6-46C21F75B13D} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-09-03] ()
Task: {647C487C-19A3-4A7D-820D-4BC35499F1BF} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {7CDAE96D-08B2-4AFB-B25B-831F67616444} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-18] (ASUS)
Task: {7F319402-52D8-4FD5-B72A-88AA2CF8117E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-17] (Google Inc.)
Task: {82ECB0E6-9332-40AF-93D9-8D5D76F24887} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-17] (Google Inc.)
Task: {8F56AC1F-0822-484A-9DB9-EE841C5C709C} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-07-28] (ATK)
Task: {927D5DD6-C6D5-47F4-AA96-51AF6460DBA2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {A181920C-C6C0-4E1A-A9D2-F6C8E4BFB952} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS)
Task: {DDD28382-B3F5-48CC-A271-B31D191A8DE6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-03-03 04:59 - 2007-08-08 03:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2013-10-13 12:21 - 2013-10-13 12:29 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-03-03 05:00 - 2007-07-05 19:53 - 01317888 _____ () C:\Program Files\Wireless Console 2\wcourier.exe
2008-10-01 02:02 - 2008-10-01 02:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2009-05-05 13:00 - 2009-05-05 13:00 - 00041472 _____ () C:\Program Files\P4G\DevMng.dll
2009-07-27 13:12 - 2009-07-27 13:12 - 00026624 _____ () C:\Program Files\P4G\OvrClk.dll
2012-03-03 04:59 - 2007-03-09 21:58 - 00124416 _____ () C:\Program Files\ATKGFNEX\AGFNEX64.dll
2009-09-03 13:33 - 2009-09-03 13:33 - 00054400 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2008-10-23 13:21 - 2008-10-23 13:21 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-03-03 04:57 - 2012-03-03 04:57 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-03-03 04:59 - 2007-11-30 14:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2012-08-17 22:39 - 2013-03-01 21:34 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\kpcengine.2.2.dll
2012-03-03 04:59 - 2009-06-22 16:37 - 00212992 _____ () C:\Windows\SysWOW64\Fast Boot\GetBootTime.dll
2012-08-17 22:38 - 2012-08-17 22:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll
2014-04-13 16:23 - 2014-03-15 03:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/23/2014 05:38:35 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/22/2014 06:47:34 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/22/2014 06:47:34 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/22/2014 06:47:34 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/22/2014 06:47:34 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (04/22/2014 06:47:27 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/22/2014 06:47:27 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/22/2014 06:47:27 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/22/2014 06:47:27 AM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/22/2014 06:47:27 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot open the Jet property store.


Details:
    0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))


System errors:
=============
Error: (04/23/2014 05:36:43 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer EDBD-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1D6E1FAD-1456-4C09-B573-3F2A4712AB27}.
The master browser is stopping or an election is being forced.

Error: (04/22/2014 06:48:04 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (04/22/2014 06:48:04 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (04/22/2014 06:48:04 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (04/22/2014 06:48:04 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (04/22/2014 06:48:02 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (04/22/2014 06:48:02 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (04/22/2014 06:48:02 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (04/22/2014 06:48:02 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (04/22/2014 06:48:01 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (04/23/2014 05:38:35 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/22/2014 06:47:34 AM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/22/2014 06:47:34 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/22/2014 06:47:34 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/22/2014 06:47:34 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (04/22/2014 06:47:27 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (04/22/2014 06:47:27 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/22/2014 06:47:27 AM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (04/22/2014 06:47:27 AM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (04/22/2014 06:47:27 AM) (Source: Windows Search Service)(User: )
Description:
Details:
    0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))


CodeIntegrity Errors:
===================================
  Date: 2014-04-23 18:13:10.801
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-23 18:13:10.801
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-23 18:13:10.801
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-23 18:13:10.754
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-23 18:13:10.754
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-23 18:13:10.754
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-23 18:13:10.723
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-23 18:13:10.723
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-23 18:13:10.723
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-22 08:09:44.392
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 46%
Total physical RAM: 4095.11 MB
Available physical RAM: 2200.04 MB
Total Pagefile: 8188.41 MB
Available Pagefile: 6017.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:69.97 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (New Volume) (Fixed) (Total:334.67 GB) (Free:297.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: D9B3496E)
Partition 1: (Not Active) - (Size=15 GB) - (Type=1C)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=335 GB) - (Type=OF Extended)

==================== End Of Log ============================

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:58 PM

Posted 23 April 2014 - 07:58 PM

Greetings,

Things look pretty good. Just a couple of minor things to delete.

Are you having any issues with Steam?

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll No File
C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Steam issues?
  • Fixlog
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 texandave

texandave
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 23 April 2014 - 08:27 PM

To be honest with you I had steam on when I ran the first FRST scan and it was updating. I don't think I have any problems with it. I just opened it and dont see any problems.

 

Here is the fix log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-04-2014
Ran by Owner at 2014-04-23 20:26:17 Run:1
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll No File
C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll
*****************

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin => Key deleted successfully.
C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll not found.
"C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll" => File/Directory not found.

==== End of Fixlog ====



#8 texandave

texandave
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 23 April 2014 - 08:28 PM

Forgot to say, I dont see any problems with the computer, no redirects, etc., just hoping I can get some confirmation from someone who knows alot more than me about computers, which isn't much.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:58 PM

Posted 23 April 2014 - 08:51 PM

Things look good so far but let's run one more scan.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 texandave

texandave
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 23 April 2014 - 10:48 PM

Scan finished and says no threats. I dont see a log like your instructions say.

I clicked finish. I'm off to bed now though, so I will check your next reply when I get up.

 

Thanks for all the help so far! good night!



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:58 PM

Posted 24 April 2014 - 08:00 AM

No log if no threats are found. You are good to go.

Now that your computer is running well it is my great pleasure to proclaim the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a day or so in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif

Edited by Oh My, 24 April 2014 - 08:02 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 texandave

texandave
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 24 April 2014 - 07:35 PM

Thanks a bunch for all the help!.

 

By the way, before you go. Is there any firewall program I should run that will work with kaspersky and malwarebytes without conflicts that you know of? I read through the link but am still unsure which one would be best. Thanks!



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:58 PM

Posted 24 April 2014 - 08:52 PM

You are welcome.

Your wireless router can provide firewall protection and if you check the settings it is most likely doing that now. This site can check to make sure it is working properly.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 texandave

texandave
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 26 April 2014 - 09:07 AM

Thanks for all your help. However, I did find one problem and I'm not sure what is causing it. Chrome and Firefox work perfect, but I decided to test IE and when I try and open Google.com it wont' open it. It will open google translate, but not google's search site

#15 texandave

texandave
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 26 April 2014 - 09:17 AM

A quick update to my own post. when I hit reset on the IE's advanced tab, it opened google. I wonder if one of the kaspersky plugin stopped it, i'm not sure. Also, there are no redirects from searches in IE, Chrome, or FIrefox.

If you think I'm good, please close this thread.

 

Thanks for all the help!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users