Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please can you help


  • This topic is locked This topic is locked
7 replies to this topic

#1 vintagepilot

vintagepilot

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:lake district UK
  • Local time:11:51 AM

Posted 17 May 2014 - 10:58 AM

Hi everyone
 
Please help me if you can
 
here is the story
bought some unrelated car parts, noticed I had an email with invoice attached Thought it was for car parts, I opened it! :oopsign:  
it was sent from "asxxxupport_zoeu@yahooz.co.uk
nothing in the file except "uk invoice No "
now my PC has a transparent desktop icon "desktop.ini" and one that sometimes appears, again transparent "thumbs.db"
 
I have used FRST to generate the logs below
 
 
Attached File  Addition.txt   27.17KB   2 downloads
Attached File  FRST.txt   30.92KB   3 downloads

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by Shell (administrator) on SHELLS on 16-05-2014 19:11:05
Running from C:\Users\Shell\Downloads
Platform: Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\Core\mchost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Sysinternals - www.sysinternals.com) C:\Users\Shell\Desktop\autoruns.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-05-15] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-05-23] (cyberlink)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637528 2012-10-09] (CANON INC.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3347278755-1764252673-249895162-1002\...\Run: [Google Update] => C:\Users\Shell\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-24] (Google Inc.)
HKU\S-1-5-21-3347278755-1764252673-249895162-1002\...\Run: [MusicManager] => C:\Users\Shell\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-04-23] (Google Inc.)
HKU\S-1-5-21-3347278755-1764252673-249895162-1002\...\Run: [GoogleChromeAutoLaunch_038FC9371C5BF2F3DA11D76F4481A085] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-05-08] (Google Inc.)
HKU\S-1-5-21-3347278755-1764252673-249895162-1002\...\Run: [Host-process Windows (Rundll32.exe)] => C:\Users\Shell\AppData\Roaming\rundll32.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Shell\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Shell\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-05-15]

Chrome:
=======
CHR HomePage: hxxp://www.msn.com/?pc=UP94&ocid=UP94DHP&dt=110813
CHR StartupUrls: "hxxp://www.msn.com/?pc=UP94&ocid=UP94DHP&dt=110813"
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Docs) - C:\Users\Shell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-01]
CHR Extension: (Google Drive) - C:\Users\Shell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-01]
CHR Extension: (YouTube) - C:\Users\Shell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-01]
CHR Extension: (Adblock Plus) - C:\Users\Shell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-15]
CHR Extension: (Google Search) - C:\Users\Shell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-01]
CHR Extension: (Google Wallet) - C:\Users\Shell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01]
CHR Extension: (Gmail) - C:\Users\Shell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-01]

==================== Services (Whitelisted) =================

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-22] (Advanced Micro Devices, Inc.)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-03-14] ()
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-03-14] (ASUSTeK Computer Inc.)
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-03-14] (ASUSTeK Computer Inc.)
S2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] ()
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-05-23] (CyberLink)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-03] (McAfee, Inc.)
S2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek )
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2014-03-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-16 19:11 - 2014-05-16 19:11 - 00013003 _____ () C:\Users\Shell\Downloads\FRST.txt
2014-05-16 19:10 - 2014-05-16 19:11 - 00000000 ____D () C:\FRST
2014-05-16 19:09 - 2014-05-16 19:09 - 02067456 _____ (Farbar) C:\Users\Shell\Downloads\FRST64.exe
2014-05-16 16:45 - 2014-05-16 16:45 - 00002988 _____ () C:\Windows\PFRO.log
2014-05-16 11:21 - 2014-05-16 16:45 - 00011726 _____ () C:\Windows\WindowsUpdate.log
2014-05-16 10:33 - 2014-05-16 10:33 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-16 10:33 - 2014-05-16 10:33 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-16 10:33 - 2014-05-16 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-16 10:33 - 2014-05-16 10:33 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-16 10:29 - 2014-05-16 10:30 - 04745984 _____ (Piriform Ltd) C:\Users\Shell\Downloads\ccsetup413.exe
2014-05-16 10:04 - 2014-05-16 10:05 - 00000000 ____D () C:\Users\Shell\autoruns
2014-05-16 10:01 - 2014-05-16 10:01 - 00511782 _____ () C:\Users\Shell\Downloads\Autoruns.zip
2014-05-15 19:49 - 2014-04-12 13:41 - 00852224 _____ () C:\Users\Shell\Desktop\cc_20140412_134028.reg
2014-05-15 18:25 - 2014-05-15 18:25 - 00000000 ____D () C:\Users\Shell\AppData\Roaming\McAfee
2014-05-15 18:23 - 2014-05-15 18:23 - 00541592 _____ (McAfee, Inc.) C:\Users\Shell\Downloads\MVTInstaller.exe
2014-05-15 17:46 - 2014-05-15 17:46 - 00001181 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-05-15 17:46 - 2014-05-15 17:46 - 00001169 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-05-15 17:46 - 2014-05-15 17:46 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-05-15 17:45 - 2014-05-15 17:45 - 06171848 _____ (TeamViewer GmbH) C:\Users\Shell\Downloads\TeamViewer_Setup_en.exe
2014-05-15 17:20 - 2014-05-16 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-05-15 08:37 - 2014-05-01 21:37 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 08:37 - 2014-05-01 21:37 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 07:46 - 2014-03-28 09:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 07:46 - 2014-03-28 07:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 07:45 - 2014-05-06 06:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 07:45 - 2014-05-06 06:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 07:45 - 2014-05-06 04:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 07:45 - 2014-05-06 04:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 07:45 - 2014-05-06 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 07:45 - 2014-05-06 04:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 07:45 - 2014-04-12 10:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 07:45 - 2014-04-12 10:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 07:45 - 2014-04-12 10:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-05-15 07:45 - 2014-04-12 10:09 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-05-15 07:45 - 2014-04-12 10:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 07:45 - 2014-04-12 10:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 07:45 - 2014-04-12 10:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 07:45 - 2014-04-12 10:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 07:45 - 2014-04-12 10:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-05-15 07:45 - 2014-04-12 10:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 07:45 - 2014-04-12 10:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 07:45 - 2014-04-12 08:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-05-15 07:45 - 2014-04-12 08:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-05-15 07:45 - 2014-04-12 08:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 07:45 - 2014-04-12 08:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 07:45 - 2014-04-12 08:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 07:45 - 2014-04-12 08:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 07:45 - 2014-04-12 08:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 07:45 - 2014-04-12 07:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
2014-05-15 07:45 - 2014-03-28 20:19 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-15 07:45 - 2014-03-28 09:23 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-05-15 07:45 - 2014-03-23 23:11 - 00269592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-15 07:45 - 2014-03-11 04:32 - 06987096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 07:45 - 2014-03-11 04:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 07:45 - 2014-03-11 01:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 07:45 - 2014-03-11 01:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 07:45 - 2014-03-11 01:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 07:45 - 2014-03-11 01:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 07:45 - 2014-03-11 01:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 07:45 - 2014-03-11 01:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 07:45 - 2014-03-11 01:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 07:45 - 2014-03-11 01:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-05-15 07:45 - 2014-03-11 01:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 07:45 - 2014-03-11 01:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 07:45 - 2014-03-11 01:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 07:45 - 2014-03-10 04:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 07:45 - 2014-03-10 02:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 07:45 - 2014-03-04 00:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-05-15 07:44 - 2014-03-01 10:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-15 07:44 - 2014-03-01 10:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-05-15 07:44 - 2014-03-01 09:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-05-15 07:44 - 2014-03-01 07:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-15 07:44 - 2014-02-27 00:18 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-05-15 07:44 - 2014-02-27 00:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-05-15 07:44 - 2014-02-27 00:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-05-15 07:44 - 2014-02-27 00:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-05-15 07:44 - 2014-02-15 05:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-05-14 10:13 - 2014-05-14 10:13 - 00003346 _____ () C:\Users\Shell\Desktop\c CV.txt
2014-05-12 23:27 - 2014-05-16 18:57 - 00591040 _____ (Sysinternals - www.sysinternals.com) C:\Users\Shell\Desktop\autoruns.exe
2014-05-12 23:27 - 2014-05-16 18:57 - 00504000 _____ (Sysinternals - www.sysinternals.com) C:\Users\Shell\Desktop\autorunsc.exe
2014-05-05 09:16 - 2014-05-16 11:18 - 00000000 ____D () C:\Users\Shell\Desktop\Tenancy stuff
2014-04-26 17:50 - 2014-04-19 10:39 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-26 17:50 - 2014-04-19 09:45 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-26 17:50 - 2014-04-19 09:45 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-26 17:50 - 2014-04-19 07:57 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-26 17:50 - 2014-04-19 07:57 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-16 09:59 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys

==================== One Month Modified Files and Folders =======

2014-05-16 19:11 - 2014-05-16 19:11 - 00013003 _____ () C:\Users\Shell\Downloads\FRST.txt
2014-05-16 19:11 - 2014-05-16 19:10 - 00000000 ____D () C:\FRST
2014-05-16 19:09 - 2014-05-16 19:09 - 02067456 _____ (Farbar) C:\Users\Shell\Downloads\FRST64.exe
2014-05-16 18:57 - 2014-05-12 23:27 - 00591040 _____ (Sysinternals - www.sysinternals.com) C:\Users\Shell\Desktop\autoruns.exe
2014-05-16 18:57 - 2014-05-12 23:27 - 00504000 _____ (Sysinternals - www.sysinternals.com) C:\Users\Shell\Desktop\autorunsc.exe
2014-05-16 18:57 - 2013-03-17 16:52 - 00049518 _____ () C:\Users\Shell\Desktop\autoruns.chm
2014-05-16 18:57 - 2006-07-28 09:32 - 00007005 _____ () C:\Users\Shell\Desktop\Eula.txt
2014-05-16 18:12 - 2014-05-15 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-05-16 18:09 - 2012-07-26 08:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-16 18:00 - 2013-10-01 02:30 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-16 18:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-05-16 17:35 - 2013-10-01 01:50 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3347278755-1764252673-249895162-1002
2014-05-16 17:27 - 2013-10-24 10:02 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3347278755-1764252673-249895162-1002UA.job
2014-05-16 17:26 - 2013-10-01 02:30 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-16 17:24 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-16 17:18 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-16 16:45 - 2014-05-16 16:45 - 00002988 _____ () C:\Windows\PFRO.log
2014-05-16 16:45 - 2014-05-16 11:21 - 00011726 _____ () C:\Windows\WindowsUpdate.log
2014-05-16 16:45 - 2014-03-31 12:21 - 00380744 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-16 16:45 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-05-16 11:21 - 2013-10-20 09:35 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-05-16 11:21 - 2013-05-15 21:03 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-16 11:18 - 2014-05-05 09:16 - 00000000 ____D () C:\Users\Shell\Desktop\Tenancy stuff
2014-05-16 10:34 - 2013-11-13 17:49 - 00000000 ____D () C:\Windows\Minidump
2014-05-16 10:34 - 2013-05-15 20:42 - 00000000 ____D () C:\Windows\Panther
2014-05-16 10:33 - 2014-05-16 10:33 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-16 10:33 - 2014-05-16 10:33 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-16 10:33 - 2014-05-16 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-16 10:33 - 2014-05-16 10:33 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-16 10:30 - 2014-05-16 10:29 - 04745984 _____ (Piriform Ltd) C:\Users\Shell\Downloads\ccsetup413.exe
2014-05-16 10:05 - 2014-05-16 10:04 - 00000000 ____D () C:\Users\Shell\autoruns
2014-05-16 10:05 - 2013-10-01 01:42 - 00000000 ____D () C:\Users\Shell
2014-05-16 10:01 - 2014-05-16 10:01 - 00511782 _____ () C:\Users\Shell\Downloads\Autoruns.zip
2014-05-15 18:25 - 2014-05-15 18:25 - 00000000 ____D () C:\Users\Shell\AppData\Roaming\McAfee
2014-05-15 18:24 - 2013-05-15 21:08 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-05-15 18:24 - 2013-05-15 21:07 - 00000000 ____D () C:\ProgramData\McAfee
2014-05-15 18:23 - 2014-05-15 18:23 - 00541592 _____ (McAfee, Inc.) C:\Users\Shell\Downloads\MVTInstaller.exe
2014-05-15 17:46 - 2014-05-15 17:46 - 00001181 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-05-15 17:46 - 2014-05-15 17:46 - 00001169 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-05-15 17:46 - 2014-05-15 17:46 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-05-15 17:45 - 2014-05-15 17:45 - 06171848 _____ (TeamViewer GmbH) C:\Users\Shell\Downloads\TeamViewer_Setup_en.exe
2014-05-15 08:37 - 2013-10-01 01:45 - 00000000 ___RD () C:\Users\Shell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 08:37 - 2013-10-01 01:45 - 00000000 ___RD () C:\Users\Shell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 08:35 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
2014-05-15 08:35 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-15 08:35 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-15 08:35 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-15 08:35 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-15 08:35 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-15 08:27 - 2013-10-24 10:02 - 00000870 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3347278755-1764252673-249895162-1002Core.job
2014-05-15 08:06 - 2013-10-01 02:31 - 00002190 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-14 10:13 - 2014-05-14 10:13 - 00003346 _____ () C:\Users\Shell\Desktop\c CV.txt
2014-05-14 09:58 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-05-13 09:10 - 2013-10-02 03:54 - 00000000 ____D () C:\Users\Shell\Documents\Calibre Library
2014-05-09 07:55 - 2013-10-01 02:30 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 07:55 - 2013-10-01 02:30 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 06:14 - 2014-05-15 07:45 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:14 - 2014-05-15 07:45 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:48 - 2014-05-15 07:45 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 04:48 - 2014-05-15 07:45 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-06 04:37 - 2014-05-15 07:45 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:26 - 2014-05-15 07:45 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 10:41 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-05-05 08:22 - 2013-10-24 10:02 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3347278755-1764252673-249895162-1002UA
2014-05-05 08:22 - 2013-10-24 10:02 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3347278755-1764252673-249895162-1002Core
2014-05-04 17:12 - 2013-10-02 02:21 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-01 21:37 - 2014-05-15 08:37 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 21:37 - 2014-05-15 08:37 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-27 08:30 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2014-04-26 16:47 - 2013-10-01 01:43 - 00000000 ____D () C:\Users\Shell\AppData\Local\Packages
2014-04-26 16:19 - 2014-04-12 12:43 - 00000000 ____D () C:\Users\Shell\AppData\Roaming\HpUpdate
2014-04-19 10:39 - 2014-04-26 17:50 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-19 09:45 - 2014-04-26 17:50 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-19 09:45 - 2014-04-26 17:50 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-19 07:57 - 2014-04-26 17:50 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-19 07:57 - 2014-04-26 17:50 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-16 09:54 - 2012-07-26 09:12 - 00000000 ___HD () C:\Windows\ELAMBKUP

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-15 07:45] - [2014-04-12 10:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-15 19:54

==================== End Of Log ============================

Edited by nasdaq, 22 May 2014 - 08:24 AM.
FRST log posted for easy reference. email address obfuscated.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:51 AM

Posted 22 May 2014 - 08:26 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 vintagepilot

vintagepilot
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:lake district UK
  • Local time:11:51 AM

Posted 22 May 2014 - 05:54 PM

Hi nasdaq, thanks very much for your time and help.

​Below are the requested logs in the order described

 

 

 

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software

 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Shell [Admin rights]
Mode : Remove -- Date : 05/22/2014 18:43:25
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][HJNAME] HKCU\[...]\Run : Host-process Windows (Rundll32.exe) (C:\Users\Shell\AppData\Roaming\rundll32.exe [x]) -> DELETED
[RUN][HJNAME] HKUS\S-1-5-21-3347278755-1764252673-249895162-1002\[...]\Run : Host-process Windows (Rundll32.exe) (C:\Users\Shell\AppData\Roaming\rundll32.exe [x]) -> [0x2] The system cannot find the file specified. 
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> [0x2] The system cannot find the file specified. 
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified. 
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA DT01ACA200 SATA Disk Device +++++
--- User ---
[MBR] f890880d31541897f06bc32fa5467b5b
[BSP] 8207e8106413710667a8c77cc529d205 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- Multi-Card USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
 
Finished : << RKreport[0]_D_05222014_184325.txt >>
RKreport[0]_S_05222014_184305.txt
 =========================================================================================
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 22/05/2014
Scan Time: 19:04:28
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.05.22.09
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: Shell
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 258505
Time Elapsed: 8 min, 14 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
====================================================================================================
 
# AdwCleaner v3.210 - Report created 22/05/2014 at 19:20:31
# Updated 19/05/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Shell - SHELLS
# Running from : C:\Users\Shell\Downloads\adwcleaner_3.210.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Google Chrome v34.0.1847.137
 
[ File : C:\Users\Shell\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [602 octets] - [22/05/2014 19:20:31]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [661 octets] ##########
============================================================================================
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by Shell (administrator) on SHELLS on 22-05-2014 19:43:58
Running from C:\Users\Shell\Downloads
Platform: Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Microsoft) C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-05-15] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-05-23] (cyberlink)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637528 2012-10-09] (CANON INC.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3347278755-1764252673-249895162-1002\...\Run: [Google Update] => C:\Users\Shell\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-24] (Google Inc.)
HKU\S-1-5-21-3347278755-1764252673-249895162-1002\...\Run: [MusicManager] => C:\Users\Shell\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-04-23] (Google Inc.)
HKU\S-1-5-21-3347278755-1764252673-249895162-1002\...\Run: [GoogleChromeAutoLaunch_038FC9371C5BF2F3DA11D76F4481A085] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-05-08] (Google Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Shell\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Shell\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-05-16]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-05-16]
 
Chrome: 
=======
CHR HomePage: hxxp://www.msn.com/?pc=UP94&ocid=UP94DHP&dt=110813
CHR StartupUrls: "hxxp://www.msn.com/?pc=UP94&ocid=UP94DHP&dt=110813"
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Docs) - C:\Users\Shell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-01]
CHR Extension: (Google Drive) - C:\Users\Shell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-01]
CHR Extension: (YouTube) - C:\Users\Shell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-01]
CHR Extension: (Adblock Plus) - C:\Users\Shell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-15]
CHR Extension: (Google Search) - C:\Users\Shell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-01]
CHR Extension: (SiteAdvisor) - C:\Users\Shell\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-05-20]
CHR Extension: (Google Wallet) - C:\Users\Shell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01]
CHR Extension: (Gmail) - C:\Users\Shell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-01]
 
==================== Services (Whitelisted) =================
 
S2 0125391400740383mcinstcleanup; C:\Windows\TEMP\012539~1.EXE [836168 2014-03-13] (McAfee, Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-22] (Advanced Micro Devices, Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-03-14] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-03-14] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-03-14] (ASUSTeK Computer Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] ()
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-05-23] (CyberLink)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-22 19:43 - 2014-05-22 19:44 - 00017608 _____ () C:\Users\Shell\Downloads\FRST.txt
2014-05-22 19:27 - 2014-05-22 19:27 - 00000740 _____ () C:\Users\Shell\Desktop\AdwCleaner[R0].txt
2014-05-22 19:20 - 2014-05-22 19:27 - 00000000 ____D () C:\AdwCleaner
2014-05-22 19:20 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-22 19:19 - 2014-05-22 19:19 - 01326389 _____ () C:\Users\Shell\Downloads\adwcleaner_3.210.exe
2014-05-22 19:15 - 2014-05-22 19:15 - 00001038 _____ () C:\Users\Shell\Desktop\mbam.txt
2014-05-22 18:48 - 2014-05-22 19:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-22 18:48 - 2014-05-22 18:48 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-22 18:48 - 2014-05-22 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-22 18:48 - 2014-05-22 18:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-22 18:48 - 2014-05-22 18:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-22 18:48 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-22 18:48 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-22 18:48 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-22 18:46 - 2014-05-22 18:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Shell\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-22 18:44 - 2014-05-22 18:44 - 00002494 _____ () C:\Users\Shell\Documents\RKreport[0]_D_05222014_184325.txt
2014-05-22 18:43 - 2014-05-22 18:43 - 00002494 _____ () C:\Users\Shell\Desktop\RKreport[0]_D_05222014_184325.txt
2014-05-22 18:43 - 2014-05-22 18:43 - 00002307 _____ () C:\Users\Shell\Desktop\RKreport[0]_S_05222014_184305.txt
2014-05-22 18:31 - 2014-05-22 18:44 - 00000000 ____D () C:\Users\Shell\Desktop\RK_Quarantine
2014-05-22 18:30 - 2014-05-22 18:30 - 04527616 _____ () C:\Users\Shell\Downloads\RogueKillerX64.exe
2014-05-22 18:27 - 2014-05-22 18:48 - 00027850 _____ () C:\Windows\WindowsUpdate.log
2014-05-21 10:22 - 2014-04-03 12:19 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-05-21 10:22 - 2014-04-03 04:44 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-05-21 10:22 - 2014-03-31 23:08 - 00387268 _____ () C:\Windows\system32\ApnDatabase.xml
2014-05-21 10:22 - 2014-03-25 00:42 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-05-21 10:22 - 2014-03-24 23:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-05-21 09:36 - 2014-05-21 09:36 - 00038563 _____ () C:\Users\Shell\Documents\FRST.txt
2014-05-20 18:56 - 2014-05-20 19:00 - 103356696 _____ (Microsoft Corporation) C:\Users\Shell\Downloads\msert.exe
2014-05-20 17:59 - 2014-05-20 18:00 - 02181032 _____ () C:\Users\Shell\Documents\AutoRuns.arn
2014-05-20 17:46 - 2014-05-20 17:46 - 00000000 ____D () C:\Users\Shell\AppData\Roaming\GlarySoft
2014-05-20 17:44 - 2014-05-20 17:44 - 00001231 _____ () C:\Users\Shell\Desktop\Registry Repair.lnk
2014-05-20 17:44 - 2014-05-20 17:44 - 00000000 ____D () C:\Users\Shell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Glarysoft
2014-05-20 17:44 - 2014-05-20 17:44 - 00000000 ____D () C:\Program Files (x86)\Glarysoft
2014-05-20 17:43 - 2014-05-20 17:43 - 02092296 _____ () C:\Users\Shell\Downloads\rrsetup.exe
2014-05-16 21:56 - 2014-05-22 18:46 - 00001851 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-05-16 21:55 - 2014-05-16 21:55 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-05-16 21:55 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-05-16 21:52 - 2014-05-16 21:52 - 00000000 ____D () C:\Program Files\McAfee.com
2014-05-16 21:48 - 2014-01-19 08:33 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-05-16 21:39 - 2014-04-03 17:15 - 00189912 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2014-05-16 21:31 - 2014-05-16 21:32 - 00000000 ____D () C:\Program Files\stinger
2014-05-16 21:30 - 2014-05-16 21:30 - 05142080 _____ (McAfee, Inc.) C:\Users\Shell\Downloads\McAfeeSetup.exe
2014-05-16 19:27 - 2014-05-20 17:58 - 02181032 _____ () C:\Users\Shell\Desktop\AutoRuns.arn
2014-05-16 19:10 - 2014-05-22 19:43 - 00000000 ____D () C:\FRST
2014-05-16 19:09 - 2014-05-16 19:09 - 02067456 _____ (Farbar) C:\Users\Shell\Downloads\FRST64.exe
2014-05-16 10:33 - 2014-05-21 09:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-16 10:33 - 2014-05-16 10:33 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-16 10:33 - 2014-05-16 10:33 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-16 10:33 - 2014-05-16 10:33 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-16 10:29 - 2014-05-16 10:30 - 04745984 _____ (Piriform Ltd) C:\Users\Shell\Downloads\ccsetup413.exe
2014-05-16 10:04 - 2014-05-16 10:05 - 00000000 ____D () C:\Users\Shell\autoruns
2014-05-16 10:01 - 2014-05-16 10:01 - 00511782 _____ () C:\Users\Shell\Downloads\Autoruns.zip
2014-05-15 19:49 - 2014-04-12 13:41 - 00852224 _____ () C:\Users\Shell\Desktop\cc_20140412_134028.reg
2014-05-15 18:25 - 2014-05-15 18:25 - 00000000 ____D () C:\Users\Shell\AppData\Roaming\McAfee
2014-05-15 18:23 - 2014-05-15 18:23 - 00541592 _____ (McAfee, Inc.) C:\Users\Shell\Downloads\MVTInstaller.exe
2014-05-15 17:46 - 2014-05-15 17:46 - 00001181 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-05-15 17:46 - 2014-05-15 17:46 - 00001169 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-05-15 17:46 - 2014-05-15 17:46 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-05-15 17:45 - 2014-05-15 17:45 - 06171848 _____ (TeamViewer GmbH) C:\Users\Shell\Downloads\TeamViewer_Setup_en.exe
2014-05-15 17:20 - 2014-05-22 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-05-15 08:37 - 2014-05-01 21:37 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 08:37 - 2014-05-01 21:37 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 07:46 - 2014-03-28 09:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 07:46 - 2014-03-28 07:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 07:45 - 2014-05-06 06:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 07:45 - 2014-05-06 06:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 07:45 - 2014-05-06 04:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 07:45 - 2014-05-06 04:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 07:45 - 2014-05-06 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 07:45 - 2014-05-06 04:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 07:45 - 2014-04-12 10:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 07:45 - 2014-04-12 10:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 07:45 - 2014-04-12 10:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-05-15 07:45 - 2014-04-12 10:09 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-05-15 07:45 - 2014-04-12 10:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 07:45 - 2014-04-12 10:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 07:45 - 2014-04-12 10:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 07:45 - 2014-04-12 10:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 07:45 - 2014-04-12 10:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-05-15 07:45 - 2014-04-12 10:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 07:45 - 2014-04-12 10:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 07:45 - 2014-04-12 08:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-05-15 07:45 - 2014-04-12 08:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-05-15 07:45 - 2014-04-12 08:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 07:45 - 2014-04-12 08:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 07:45 - 2014-04-12 08:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 07:45 - 2014-04-12 08:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 07:45 - 2014-04-12 08:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 07:45 - 2014-04-12 07:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
2014-05-15 07:45 - 2014-03-28 20:19 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-15 07:45 - 2014-03-28 09:23 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-05-15 07:45 - 2014-03-23 23:11 - 00269592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-15 07:45 - 2014-03-11 04:32 - 06987096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 07:45 - 2014-03-11 04:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 07:45 - 2014-03-11 01:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 07:45 - 2014-03-11 01:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 07:45 - 2014-03-11 01:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 07:45 - 2014-03-11 01:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 07:45 - 2014-03-11 01:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 07:45 - 2014-03-11 01:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 07:45 - 2014-03-11 01:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 07:45 - 2014-03-11 01:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-05-15 07:45 - 2014-03-11 01:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 07:45 - 2014-03-11 01:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 07:45 - 2014-03-11 01:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 07:45 - 2014-03-10 04:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 07:45 - 2014-03-10 02:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 07:45 - 2014-03-04 00:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-05-15 07:44 - 2014-03-01 10:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-15 07:44 - 2014-03-01 10:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-05-15 07:44 - 2014-03-01 09:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-05-15 07:44 - 2014-03-01 07:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-15 07:44 - 2014-02-27 00:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-05-15 07:44 - 2014-02-27 00:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-05-15 07:44 - 2014-02-27 00:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-05-15 07:44 - 2014-02-15 05:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-05-14 10:13 - 2014-05-14 10:13 - 00003346 _____ () C:\Users\Shell\Desktop\c CV.txt
2014-05-12 23:27 - 2014-05-16 18:57 - 00591040 _____ (Sysinternals - www.sysinternals.com) C:\Users\Shell\Desktop\autoruns.exe
2014-05-12 23:27 - 2014-05-16 18:57 - 00504000 _____ (Sysinternals - www.sysinternals.com) C:\Users\Shell\Desktop\autorunsc.exe
2014-05-05 09:16 - 2014-05-21 10:46 - 00000000 ____D () C:\Users\Shell\Desktop\Tenancy stuff
2014-04-26 17:50 - 2014-04-19 10:39 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-26 17:50 - 2014-04-19 09:45 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-26 17:50 - 2014-04-19 09:45 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-26 17:50 - 2014-04-19 07:57 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-26 17:50 - 2014-04-19 07:57 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
 
==================== One Month Modified Files and Folders =======
 
2014-05-22 19:44 - 2014-05-22 19:43 - 00017608 _____ () C:\Users\Shell\Downloads\FRST.txt
2014-05-22 19:43 - 2014-05-16 19:10 - 00000000 ____D () C:\FRST
2014-05-22 19:27 - 2014-05-22 19:27 - 00000740 _____ () C:\Users\Shell\Desktop\AdwCleaner[R0].txt
2014-05-22 19:27 - 2014-05-22 19:20 - 00000000 ____D () C:\AdwCleaner
2014-05-22 19:27 - 2013-10-24 10:02 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3347278755-1764252673-249895162-1002UA.job
2014-05-22 19:19 - 2014-05-22 19:19 - 01326389 _____ () C:\Users\Shell\Downloads\adwcleaner_3.210.exe
2014-05-22 19:15 - 2014-05-22 19:15 - 00001038 _____ () C:\Users\Shell\Desktop\mbam.txt
2014-05-22 19:04 - 2014-05-22 18:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-22 19:00 - 2013-10-01 02:30 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-22 19:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-05-22 18:48 - 2014-05-22 18:48 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-22 18:48 - 2014-05-22 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-22 18:48 - 2014-05-22 18:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-22 18:48 - 2014-05-22 18:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-22 18:48 - 2014-05-22 18:27 - 00027850 _____ () C:\Windows\WindowsUpdate.log
2014-05-22 18:46 - 2014-05-22 18:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Shell\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-22 18:46 - 2014-05-16 21:56 - 00001851 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-05-22 18:46 - 2014-05-15 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-05-22 18:44 - 2014-05-22 18:44 - 00002494 _____ () C:\Users\Shell\Documents\RKreport[0]_D_05222014_184325.txt
2014-05-22 18:44 - 2014-05-22 18:31 - 00000000 ____D () C:\Users\Shell\Desktop\RK_Quarantine
2014-05-22 18:43 - 2014-05-22 18:43 - 00002494 _____ () C:\Users\Shell\Desktop\RKreport[0]_D_05222014_184325.txt
2014-05-22 18:43 - 2014-05-22 18:43 - 00002307 _____ () C:\Users\Shell\Desktop\RKreport[0]_S_05222014_184305.txt
2014-05-22 18:33 - 2013-10-01 01:50 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3347278755-1764252673-249895162-1002
2014-05-22 18:30 - 2014-05-22 18:30 - 04527616 _____ () C:\Users\Shell\Downloads\RogueKillerX64.exe
2014-05-22 18:28 - 2013-10-01 02:30 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-22 09:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-05-22 08:27 - 2013-10-24 10:02 - 00000870 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3347278755-1764252673-249895162-1002Core.job
2014-05-22 07:33 - 2013-05-15 21:08 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-05-21 16:45 - 2012-07-26 08:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-21 16:39 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-21 10:46 - 2014-05-05 09:16 - 00000000 ____D () C:\Users\Shell\Desktop\Tenancy stuff
2014-05-21 10:24 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-05-21 09:48 - 2013-05-15 21:08 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-05-21 09:48 - 2012-07-26 09:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-05-21 09:36 - 2014-05-21 09:36 - 00038563 _____ () C:\Users\Shell\Documents\FRST.txt
2014-05-21 09:21 - 2014-05-16 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-21 09:21 - 2013-10-10 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CanoScan LiDE 110
2014-05-21 09:21 - 2013-10-01 01:42 - 00000000 ___RD () C:\Users\Shell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-21 09:21 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-21 09:21 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-21 09:21 - 2012-07-26 09:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-20 19:00 - 2014-05-20 18:56 - 103356696 _____ (Microsoft Corporation) C:\Users\Shell\Downloads\msert.exe
2014-05-20 18:00 - 2014-05-20 17:59 - 02181032 _____ () C:\Users\Shell\Documents\AutoRuns.arn
2014-05-20 17:58 - 2014-05-16 19:27 - 02181032 _____ () C:\Users\Shell\Desktop\AutoRuns.arn
2014-05-20 17:46 - 2014-05-20 17:46 - 00000000 ____D () C:\Users\Shell\AppData\Roaming\GlarySoft
2014-05-20 17:45 - 2013-05-15 21:07 - 00000000 ____D () C:\ProgramData\McAfee
2014-05-20 17:44 - 2014-05-20 17:44 - 00001231 _____ () C:\Users\Shell\Desktop\Registry Repair.lnk
2014-05-20 17:44 - 2014-05-20 17:44 - 00000000 ____D () C:\Users\Shell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Glarysoft
2014-05-20 17:44 - 2014-05-20 17:44 - 00000000 ____D () C:\Program Files (x86)\Glarysoft
2014-05-20 17:43 - 2014-05-20 17:43 - 02092296 _____ () C:\Users\Shell\Downloads\rrsetup.exe
2014-05-16 21:56 - 2013-05-15 21:08 - 00000000 ____D () C:\Program Files\mcafee
2014-05-16 21:55 - 2014-05-16 21:55 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-05-16 21:52 - 2014-05-16 21:52 - 00000000 ____D () C:\Program Files\McAfee.com
2014-05-16 21:48 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-16 21:32 - 2014-05-16 21:31 - 00000000 ____D () C:\Program Files\stinger
2014-05-16 21:30 - 2014-05-16 21:30 - 05142080 _____ (McAfee, Inc.) C:\Users\Shell\Downloads\McAfeeSetup.exe
2014-05-16 19:09 - 2014-05-16 19:09 - 02067456 _____ (Farbar) C:\Users\Shell\Downloads\FRST64.exe
2014-05-16 18:57 - 2014-05-12 23:27 - 00591040 _____ (Sysinternals - www.sysinternals.com) C:\Users\Shell\Desktop\autoruns.exe
2014-05-16 18:57 - 2014-05-12 23:27 - 00504000 _____ (Sysinternals - www.sysinternals.com) C:\Users\Shell\Desktop\autorunsc.exe
2014-05-16 18:57 - 2013-03-17 16:52 - 00049518 _____ () C:\Users\Shell\Desktop\autoruns.chm
2014-05-16 18:57 - 2006-07-28 09:32 - 00007005 _____ () C:\Users\Shell\Desktop\Eula.txt
2014-05-16 16:45 - 2014-03-31 12:21 - 00380744 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-16 11:21 - 2013-10-20 09:35 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-05-16 11:21 - 2013-05-15 21:03 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-16 10:34 - 2013-11-13 17:49 - 00000000 ____D () C:\Windows\Minidump
2014-05-16 10:34 - 2013-05-15 20:42 - 00000000 ____D () C:\Windows\Panther
2014-05-16 10:33 - 2014-05-16 10:33 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-16 10:33 - 2014-05-16 10:33 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-16 10:33 - 2014-05-16 10:33 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-16 10:30 - 2014-05-16 10:29 - 04745984 _____ (Piriform Ltd) C:\Users\Shell\Downloads\ccsetup413.exe
2014-05-16 10:05 - 2014-05-16 10:04 - 00000000 ____D () C:\Users\Shell\autoruns
2014-05-16 10:05 - 2013-10-01 01:42 - 00000000 ____D () C:\Users\Shell
2014-05-16 10:01 - 2014-05-16 10:01 - 00511782 _____ () C:\Users\Shell\Downloads\Autoruns.zip
2014-05-15 18:25 - 2014-05-15 18:25 - 00000000 ____D () C:\Users\Shell\AppData\Roaming\McAfee
2014-05-15 18:23 - 2014-05-15 18:23 - 00541592 _____ (McAfee, Inc.) C:\Users\Shell\Downloads\MVTInstaller.exe
2014-05-15 17:46 - 2014-05-15 17:46 - 00001181 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-05-15 17:46 - 2014-05-15 17:46 - 00001169 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-05-15 17:46 - 2014-05-15 17:46 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-05-15 17:45 - 2014-05-15 17:45 - 06171848 _____ (TeamViewer GmbH) C:\Users\Shell\Downloads\TeamViewer_Setup_en.exe
2014-05-15 08:37 - 2013-10-01 01:45 - 00000000 ___RD () C:\Users\Shell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 08:37 - 2013-10-01 01:45 - 00000000 ___RD () C:\Users\Shell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 08:35 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
2014-05-15 08:35 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-15 08:35 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-15 08:35 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-15 08:06 - 2013-10-01 02:31 - 00002190 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-14 10:13 - 2014-05-14 10:13 - 00003346 _____ () C:\Users\Shell\Desktop\c CV.txt
2014-05-14 09:58 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-05-13 09:10 - 2013-10-02 03:54 - 00000000 ____D () C:\Users\Shell\Documents\Calibre Library
2014-05-12 07:26 - 2014-05-22 18:48 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-22 18:48 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-22 18:48 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 07:55 - 2013-10-01 02:30 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 07:55 - 2013-10-01 02:30 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 06:14 - 2014-05-15 07:45 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:14 - 2014-05-15 07:45 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:48 - 2014-05-15 07:45 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 04:48 - 2014-05-15 07:45 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-06 04:37 - 2014-05-15 07:45 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:26 - 2014-05-15 07:45 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 08:22 - 2013-10-24 10:02 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3347278755-1764252673-249895162-1002UA
2014-05-05 08:22 - 2013-10-24 10:02 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3347278755-1764252673-249895162-1002Core
2014-05-04 17:12 - 2013-10-02 02:21 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-01 21:37 - 2014-05-15 08:37 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 21:37 - 2014-05-15 08:37 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-27 08:30 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2014-04-26 16:47 - 2013-10-01 01:43 - 00000000 ____D () C:\Users\Shell\AppData\Local\Packages
2014-04-26 16:19 - 2014-04-12 12:43 - 00000000 ____D () C:\Users\Shell\AppData\Roaming\HpUpdate
 
Some content of TEMP:
====================
C:\Users\Shell\AppData\Local\Temp\ntdll_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe
[2014-05-15 07:45] - [2014-04-12 10:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B
 
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-15 19:54
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05-2014
Ran by Shell at 2014-05-22 19:44:26
Running from C:\Users\Shell\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.01 - ASUSTeK Computer Inc.)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.1.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 2.1.0 - Amazon Services LLC) Hidden
AMD Accelerated Video Transcoding (Version: 12.10.100.30322 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{DD86C046-D5AB-954F-EBB7-592EB36BD196}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden
ASUS Easy Update (HKLM-x32\...\{E7AA854E-6756-424E-84C2-4E47D5729AFF}) (Version: 2.00.30 - ASUSTeK Computer Inc)
ASUS Launcher (HKLM-x32\...\{40376CD0-67E0-4190-86CA-8BD8CBAC331C}) (Version: 1.00.12 - ASUSTeK Computer Inc.)
ASUS Music Maker (HKLM-x32\...\MAGIX_{AB515018-7F9D-4047-B0C0-F26BAC30F3E1}) (Version: 18.0.3.3 - MAGIX AG)
ASUS Music Maker (Version: 18.0.3.3 - MAGIX AG) Hidden
ASUS MX Suite (HKLM-x32\...\MAGIX_{CFA9C800-9B0B-42E3-92E7-08B5AF2E192E}) (Version: 1.13.0.121 - MAGIX AG)
ASUS MX Suite (Version: 1.13.0.121 - MAGIX AG) Hidden
ASUS Video easy (HKLM-x32\...\MAGIX_{E3185090-8796-46FB-A27F-6C844F106DAC}) (Version: 4.0.1.90 - MAGIX AG)
ASUS Video easy (Version: 4.0.1.90 - MAGIX AG) Hidden
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4127.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4127.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
calibre (HKLM-x32\...\{D0940326-79BF-4D05-98CA-ED208661D34B}) (Version: 1.19.0 - Kovid Goyal)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414) (Version:  - Canon Inc.)
Catalyst Control Center InstallProxy (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
eManual (HKLM-x32\...\{0C84E634-EB68-4A54-B21E-A05EC87A4CC5}) (Version: 1.00.06 - ASUSTeK Computer Inc.)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HP Deskjet 2540 series Basic Device Software (HKLM\...\{7AF1A318-2914-41CC-9B24-041C2D4AAAD7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mavis Beacon Teaches Typing Deluxe 16 (HKLM-x32\...\Mavis Beacon Teaches Typing Deluxe 16) (Version:  - )
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.5.0.3093 - McAfee, Inc.)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Music Manager (HKCU\...\MusicManager) (Version:  - Google, Inc.)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
OpenOffice 4.0.1 (HKLM-x32\...\{24B89186-2A56-4D28-B930-6F4FCF224E2F}) (Version: 4.01.9714 - Apache Software Foundation)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{446CCB22-B632-4A1D-BF84-DA8DB0575F98}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Registry Repair 4.1.0.388 (HKLM-x32\...\Registry Repair) (Version: 4.1.0.388 - Glarysoft Ltd)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
Why ASUS PC (HKLM-x32\...\{5648F9D9-299E-408C-AC1F-59DC75894A1F}) (Version: 1.00.02 - ASUSTeK Computer Inc.)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
08-05-2014 07:49:16 Scheduled Checkpoint
15-05-2014 07:21:30 Windows Update
16-05-2014 20:51:54 Windows Modules Installer
21-05-2014 09:22:53 Windows Update
 
==================== Hosts content: ==========================
 
2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {048545BC-4D86-4894-816C-E4C657D45790} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {22D14FEF-7A91-4C88-B95B-6EB6D11BC7CC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {294F4419-A11C-4262-9B47-24E51F8E0E45} - System32\Tasks\ASUS\ASUS Easy Update => C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [2012-11-20] (ASUSTeK Computer Inc.)
Task: {4BF4E684-1C07-402F-8F24-62AD41D26AE0} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-27] ()
Task: {530F2B22-7EFF-4270-929C-908F6EAA662C} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {57AED43B-7A97-4B81-9124-D75CCC57405A} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {6D4D8A51-76EF-45D6-9E55-B2EE9A74DBFB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3347278755-1764252673-249895162-1002UA => C:\Users\Shell\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-24] (Google Inc.)
Task: {81C5A5E2-128F-4503-BC49-B89A08DFE904} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-01] (Google Inc.)
Task: {A1E2442C-D30E-4F28-952C-80EB1B87205B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3347278755-1764252673-249895162-1002Core => C:\Users\Shell\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-24] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B0FE151B-B070-464B-8F1F-950A96298D35} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-01] (Google Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D254A978-07F3-41AE-B459-AC9BBEE0EA06} - System32\Tasks\ASUS\ASUS Launcher Helper => C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe [2013-04-24] (Microsoft)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3347278755-1764252673-249895162-1002Core.job => C:\Users\Shell\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3347278755-1764252673-249895162-1002UA.job => C:\Users\Shell\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-12-13 11:50 - 2009-11-04 09:17 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeddrpp.dll
2013-12-13 11:19 - 2010-07-20 04:55 - 00216064 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxefdrpp.dll
2013-03-22 13:24 - 2013-03-22 13:24 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-05-15 21:01 - 2013-03-14 08:33 - 00920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2012-12-19 07:10 - 2012-12-19 07:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2013-05-15 21:07 - 2013-04-18 00:08 - 00855040 _____ () C:\Windows\AsusLauncherContextMenu64.dll
2013-03-22 13:24 - 2013-03-22 13:24 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-05-15 21:01 - 2014-05-21 16:39 - 00026112 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2013-05-15 21:01 - 2010-06-29 03:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2014-05-15 08:05 - 2014-05-08 00:29 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll
2014-05-15 08:05 - 2014-05-08 00:29 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libglesv2.dll
2014-05-15 08:05 - 2014-05-08 00:29 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libegl.dll
2014-05-15 08:05 - 2014-05-08 00:29 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll
2014-05-15 08:06 - 2014-05-08 00:29 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll
2014-05-15 08:05 - 2014-05-08 00:29 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/20/2014 09:08:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x51488c11
Faulting module name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x51488c11
Exception code: 0xc0000005
Fault offset: 0x000000000002ea19
Faulting process id: 0x1a5c
Faulting application start time: 0xatieclxx.exe0
Faulting application path: atieclxx.exe1
Faulting module path: atieclxx.exe2
Report Id: atieclxx.exe3
Faulting package full name: atieclxx.exe4
Faulting package-relative application ID: atieclxx.exe5
 
Error: (05/20/2014 05:40:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SHELLS)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (05/20/2014 05:40:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.0.1119.516 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: b1c
 
Start Time: 01cf7449f99aa8be
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 6ef9112d-e03d-11e3-beea-60a44cea6a0c
 
Faulting package full name: microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: Microsoft.WindowsLive.Mail
 
Error: (05/20/2014 05:40:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: SHELLS)
Description: App microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail did not launch within its allotted time.
 
Error: (05/16/2014 10:30:09 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.
 
Error: (05/16/2014 06:50:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SHELLS)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (05/16/2014 06:09:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SHELLS)
Description: Activation of app McAfeeInc.05.McAfeeSecurityAdvisorforASUS_qnhseag2m6wjg!McAfeeCentral failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (05/16/2014 05:27:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: delegate_execute.exe, version: 34.0.1847.137, time stamp: 0x536aae9d
Faulting module name: delegate_execute.exe, version: 34.0.1847.137, time stamp: 0x536aae9d
Exception code: 0xc0000005
Fault offset: 0x0003232d
Faulting process id: 0x17e8
Faulting application start time: 0xdelegate_execute.exe0
Faulting application path: delegate_execute.exe1
Faulting module path: delegate_execute.exe2
Report Id: delegate_execute.exe3
Faulting package full name: delegate_execute.exe4
Faulting package-relative application ID: delegate_execute.exe5
 
Error: (05/15/2014 07:54:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SHELLS)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (05/15/2014 07:54:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SHELLS)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (05/22/2014 07:38:52 PM) (Source: DCOM) (EventID: 10016) (User: SHELLS)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}shellsShellS-1-5-21-3347278755-1764252673-249895162-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/22/2014 07:33:35 PM) (Source: DCOM) (EventID: 10016) (User: SHELLS)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}shellsShellS-1-5-21-3347278755-1764252673-249895162-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/22/2014 07:28:27 PM) (Source: DCOM) (EventID: 10016) (User: SHELLS)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}shellsShellS-1-5-21-3347278755-1764252673-249895162-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/22/2014 07:17:28 PM) (Source: DCOM) (EventID: 10016) (User: SHELLS)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}shellsShellS-1-5-21-3347278755-1764252673-249895162-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/22/2014 06:45:36 PM) (Source: DCOM) (EventID: 10016) (User: SHELLS)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}shellsShellS-1-5-21-3347278755-1764252673-249895162-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/22/2014 06:44:02 PM) (Source: DCOM) (EventID: 10010) (User: SHELLS)
Description: {209500FC-6B45-4693-8871-6296C4843751}
 
Error: (05/21/2014 04:40:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%1070
 
Error: (05/21/2014 04:40:13 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Function Discovery Resource Publication service hung on starting.
 
Error: (05/21/2014 04:39:04 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:03:35 on ‎21/‎05/‎2014 was unexpected.
 
Error: (05/21/2014 04:38:50 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 32212256841168896
 
 
Microsoft Office Sessions:
=========================
Error: (05/20/2014 09:08:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: atieclxx.exe6.14.11.114351488c11atieclxx.exe6.14.11.114351488c11c0000005000000000002ea191a5c01cf746753073596C:\Windows\system32\atieclxx.exeC:\Windows\system32\atieclxx.exe914031de-e05a-11e3-beea-60a44cea6a0c
 
Error: (05/20/2014 05:40:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SHELLS)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927142
 
Error: (05/20/2014 05:40:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.0.1119.516b1c01cf7449f99aa8be4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe6ef9112d-e03d-11e3-beea-60a44cea6a0cmicrosoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Mail
 
Error: (05/20/2014 05:40:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: SHELLS)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail
 
Error: (05/16/2014 10:30:09 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description: 
 
Error: (05/16/2014 06:50:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SHELLS)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927149
 
Error: (05/16/2014 06:09:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SHELLS)
Description: McAfeeInc.05.McAfeeSecurityAdvisorforASUS_qnhseag2m6wjg!McAfeeCentral-2144927149
 
Error: (05/16/2014 05:27:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: delegate_execute.exe34.0.1847.137536aae9ddelegate_execute.exe34.0.1847.137536aae9dc00000050003232d17e801cf7123bb4130d3C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\delegate_execute.exeC:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\delegate_execute.exef96a2b5c-dd16-11e3-bee6-60a44cea6a0c
 
Error: (05/15/2014 07:54:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SHELLS)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141
 
Error: (05/15/2014 07:54:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SHELLS)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 31%
Total physical RAM: 7368.37 MB
Available physical RAM: 5046.89 MB
Total Pagefile: 8520.37 MB
Available Pagefile: 6040.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:150 GB) (Free:101.85 GB) NTFS
Drive d: (Data) (Fixed) (Total:1693.08 GB) (Free:1692.18 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 9C1220BE)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:51 AM

Posted 23 May 2014 - 07:15 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

#5 vintagepilot

vintagepilot
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:lake district UK
  • Local time:11:51 AM

Posted 23 May 2014 - 10:11 AM

Hi Nasdaq

 

here are the logs you requested

 

Terry

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-05-2014
Ran by Shell at 2014-05-23 15:41:49 Run:1
Running from C:\Users\Shell\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
End
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL => Value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
 
==== End of Fixlog ====
 
 
 
 Results of screen317's Security Check version 0.99.83  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
Windows Defender                     
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Reader XI  
 Google Chrome 34.0.1847.137  
 Google Chrome 35.0.1916.114  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 

````````````````````End of Log``````````````````````  



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:51 AM

Posted 24 May 2014 - 07:04 AM

Looking good.

If all is well:

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#7 vintagepilot

vintagepilot
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:lake district UK
  • Local time:11:51 AM

Posted 25 May 2014 - 04:42 AM

Thanks nasdaq

All seems to be ok.

 

I will take your advice about setting up better security on th pc.

 

once again thanks for all your help and patience.

 

vintagepilot 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:51 AM

Posted 25 May 2014 - 07:47 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users