Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Error accessing the system registry during OS startup due to virus


  • Please log in to reply
16 replies to this topic

#1 capricorntony13

capricorntony13

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 PM

Posted 10 June 2014 - 08:20 PM

Hello,

 

When I start up my computer, and as the Desktop comes up, I get 2 error messages. One has a yellow exclamation point that says: Error accessing the registry, followed by an error message with a red X that says: unexpected error; quitting. I reached out to one of your techs named Broni, and, after several tricks, we couldn't resolve the issue. Here is the link to the original posting: 

 

http://www.bleepingcomputer.com/forums/t/535005/bootup-error-error-accessing-the-system-registry-due-to-virus/?view=getnewpost

 

I want to mention that, in the original post, the file name that the TraceApp was located to seemed to be in a program called Best Buy PC App. I thought that I deleted that file eons ago, and it does not appear in the program list in Uninstall Programs. 

 

As instructed, below is a posting of the text files named DDS.txt and attach.txt, from the DDS tool recommended by Broni:  (wait, the instructions say to upload the attach.txt file. I will also do so now). 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.17126
Run by Tina at 20:58:05 on 2014-06-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5847.3639 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.16\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.06\AsusFanControlService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\AsHookDevice.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\WUDFHost.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\ASUS Instant On\AsInstantOn.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\windows\SysWOW64\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\RealTimeProtector.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
mRun: [Rosary Reminder] C:\PROGRA~2\VIRTUA~1\reminder.exe
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.104.216\AsusWSPanel.exe /S
mRun: [ASUS Easy Update] C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 172.22.41.126
TCP: Interfaces\{ACC8FA5E-7FF1-406E-B191-D9606FD518DB} : DHCPNameServer = 172.22.41.126
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Persistence] "C:\windows\System32\igfxpers.exe"
x64-Run: [IgfxTray] "C:\windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\windows\System32\hkcmd.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\windows\System32\drivers\asahci64.sys [2012-4-10 49760]
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2014-5-13 191768]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2014-5-13 323352]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2014-5-13 130328]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2014-5-13 31512]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2014-5-20 26176]
R1 Avgdiska;AVG Disk Driver;C:\windows\System32\drivers\avgdiska.sys [2014-5-13 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2014-5-13 236312]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2014-5-13 235800]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2014-5-13 273176]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [2014-5-20 63928]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-7 143088]
R2 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2014-5-20 4163584]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2013-11-21 881952]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2012-4-10 918448]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.16\aaHMSvc.exe [2012-4-10 947328]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-4-10 586880]
R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.06\AsusFanControlService.exe [2012-4-10 1399296]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-5-13 3644432]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-5-13 292424]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-19 2279608]
R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2012-4-10 203392]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-4-10 161560]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [2014-5-20 347448]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-10 363800]
R3 asmthub3;ASMedia USB3 Hub Service;C:\windows\System32\drivers\asmthub3.sys [2011-9-14 129000]
R3 asmtxhci;ASMEDIA XHCI Service;C:\windows\System32\drivers\asmtxhci.sys [2011-9-14 394216]
R3 Blackberry Device Manager;Blackberry Device Manager;C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2013-1-18 577536]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-4-10 331264]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-4-10 646248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-11-21 2152736]
S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2014-5-20 71472]
S3 cleanhlp;cleanhlp;C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2014-5-20 57024]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-4-10 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-6-10 111616]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\windows\System32\drivers\netr28x.sys [2009-6-10 620544]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-5-6 19456]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-2-19 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-5-6 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-5-4 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-10 23:06:24 3178496 ----a-w- C:\windows\System32\rdpcorets.dll
2014-06-10 23:06:24 16384 ----a-w- C:\windows\System32\RdpGroupPolicyExtension.dll
2014-06-10 23:06:06 801280 ----a-w- C:\windows\System32\usp10.dll
2014-06-10 23:06:06 626688 ----a-w- C:\windows\SysWow64\usp10.dll
2014-06-10 23:05:49 2048 ----a-w- C:\windows\SysWow64\msxml6r.dll
2014-06-10 23:05:49 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2014-06-10 23:05:49 2048 ----a-w- C:\windows\System32\msxml6r.dll
2014-06-10 23:05:49 2048 ----a-w- C:\windows\System32\msxml3r.dll
2014-06-10 23:05:49 2002432 ----a-w- C:\windows\System32\msxml6.dll
2014-06-10 23:05:49 1882112 ----a-w- C:\windows\System32\msxml3.dll
2014-06-10 23:05:49 1389056 ----a-w- C:\windows\SysWow64\msxml6.dll
2014-06-10 23:05:49 1237504 ----a-w- C:\windows\SysWow64\msxml3.dll
2014-06-10 23:05:30 288192 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2014-06-10 23:05:30 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys
2014-06-09 18:43:46 -------- d-sh--w- C:\$RECYCLE.BIN
2014-06-09 01:57:55 -------- d-----w- C:\Users\Tina\AppData\Local\{4461C679-4862-4D1D-8264-AC701A7C6E6B}
2014-05-30 01:10:19 -------- d-----w- C:\windows\pss
2014-05-29 01:57:02 -------- d-----w- C:\windows\ERUNT
2014-05-29 01:51:45 -------- d-----w- C:\ProgramData\Microsoft OneDrive
2014-05-27 04:45:22 -------- d-----w- C:\Program Files (x86)\ESET
2014-05-23 02:51:45 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-23 01:25:23 -------- d-----w- C:\Users\Tina\AppData\Local\CrashDumps
2014-05-21 02:14:35 -------- d-----w- C:\SUPERDelete
2014-05-21 02:06:02 536576 ----a-w- C:\windows\SysWow64\sqlite3.dll
2014-05-21 02:05:39 -------- d-----w- C:\AdwCleaner
2014-05-21 02:03:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-05-21 00:52:17 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2014-05-21 00:19:30 98816 ----a-w- C:\windows\sed.exe
2014-05-21 00:19:30 256000 ----a-w- C:\windows\PEV.exe
2014-05-21 00:19:30 208896 ----a-w- C:\windows\MBR.exe
2014-05-17 15:26:41 -------- d-----w- C:\Users\Tina\AppData\Roaming\ProductData
2014-05-16 00:08:01 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-05-16 00:07:50 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-05-16 00:07:50 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-05-16 00:07:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-13 18:20:26 235800 ----a-w- C:\windows\System32\drivers\avgldx64.sys
2014-05-13 18:20:06 273176 ----a-w- C:\windows\System32\drivers\avgtdia.sys
2014-05-13 18:06:06 323352 ----a-w- C:\windows\System32\drivers\avgloga.sys
2014-05-13 18:05:40 191768 ----a-w- C:\windows\System32\drivers\avgidsha.sys
2014-05-13 18:05:08 152344 ----a-w- C:\windows\System32\drivers\avgdiska.sys
2014-05-13 18:05:06 130328 ----a-w- C:\windows\System32\drivers\avgmfx64.sys
2014-05-13 18:04:56 236312 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys
2014-05-13 18:04:30 31512 ----a-w- C:\windows\System32\drivers\avgrkx64.sys
.
==================== Find3M  ====================
.
2014-05-15 13:12:02 70832 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-15 13:12:02 692400 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-05-12 11:25:56 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-05-09 06:14:03 477184 ----a-w- C:\windows\System32\aepdu.dll
2014-05-09 06:11:23 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-04-12 02:22:05 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-04-11 01:48:06 1684928 ----a-w- C:\windows\System32\drivers\ntfs.sys
2014-04-11 01:47:45 27584 ----a-w- C:\windows\System32\drivers\Diskdump.sys
2014-04-11 01:47:45 274880 ----a-w- C:\windows\System32\drivers\msiscsi.sys
2014-04-11 01:47:45 2048 ----a-w- C:\windows\SysWow64\iologmsg.dll
2014-04-11 01:47:45 2048 ----a-w- C:\windows\System32\iologmsg.dll
2014-04-11 01:47:45 190912 ----a-w- C:\windows\System32\drivers\storport.sys
2014-04-11 01:47:00 362496 ----a-w- C:\windows\System32\wow64win.dll
2014-04-11 01:47:00 243712 ----a-w- C:\windows\System32\wow64.dll
2014-04-11 01:47:00 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2014-04-11 01:47:00 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2014-04-11 01:46:59 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2014-04-11 01:46:59 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2014-04-11 01:46:59 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2014-04-11 01:46:59 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2014-04-11 01:46:59 2048 ----a-w- C:\windows\SysWow64\user.exe
2014-04-11 01:46:59 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
.
============= FINISH: 20:58:30.50 ===============
 
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 5/1/2013 11:38:05 PM
System Uptime: 6/10/2014 7:32:47 PM (1 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | CM6330_CM6630_CM6730_CM6830
Processor: Intel® Core™ i5-2320 CPU @ 3.00GHz | LGA1155 | 1590/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 917 GiB total, 842.794 GiB free.
D: is CDROM ()
E: is Removable
F: is FIXED (FAT32) - 298 GiB total, 74.398 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP122: 5/15/2014 9:19:26 AM - Windows Modules Installer
RP123: 5/18/2014 9:11:01 PM - Windows Backup
RP124: 5/18/2014 9:20:51 PM - Windows Backup
RP125: 5/25/2014 9:32:21 PM - Windows Backup
RP126: 6/1/2014 8:01:30 PM - Windows Backup
RP127: 6/8/2014 9:12:27 PM - Windows Backup
RP128: 6/10/2014 7:28:34 PM - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 13 ActiveX
Adobe Reader X (10.1.10) MUI
Advanced SystemCare 7
AI Manager
AI Suite II
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
ASUS Backup Wizard
ASUS Easy Update
ASUS Instant On
ASUS WebStorage
AsusVibe2.0
AVG 2014
Best Buy pc app
BlackBerry Desktop Software 7.1
Bonjour
Canon iP6210D
CCleaner
CCNA ICND2 200-101 Network Simulator Lite
Cisco Connect
Cisco Packet Tracer 5.3.1
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
D3DX10
Emsisoft Anti-Malware
EPSON Scan
ESET Online Scanner v3
Free M4a to MP3 Converter 8.1
Galeria de Fotografias do Windows Live
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Google Chrome
Google Update Helper
ICND2 Network Simulator Lite
Intel® Management Engine Components
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Intel® Trusted Connect Service Client
IObit Uninstaller
iTunes
Junk Mail filter update
Malwarebytes Anti-Exploit version 0.10.3.0100
Malwarebytes Anti-Malware version 2.0.2.1012
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Office Home and Student 2013 - en-us
Microsoft OneDrive
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Pearson IT Certification Practice Test
QuickTime 7
Raccolta foto di Windows Live
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
SUPERAntiSpyware
Surfing Protection
Virtual Rosary
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Winamp
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 18.0
.
==== Event Viewer Messages From Past Week ========
.
6/9/2014 2:42:20 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
6/9/2014 2:38:12 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
6/9/2014 2:28:19 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD AsIO AsUpIO Avgdiska AVGIDSDriver Avgldx64 Avgtdia DfsC discache ESProtectionDriver NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
6/9/2014 2:28:19 PM, Error: Service Control Manager [7001]  - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/9/2014 12:21:19 PM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for Start with the following error:  Access is denied.
6/10/2014 7:23:26 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
6/10/2014 7:23:26 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
6/10/2014 7:16:53 PM, Error: Service Control Manager [7043]  - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
6/10/2014 7:12:55 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
6/10/2014 7:04:59 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}
6/10/2014 6:38:55 PM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
6/10/2014 6:37:12 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
6/10/2014 6:37:11 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/10/2014 6:37:11 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/10/2014 6:37:08 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/10/2014 6:37:02 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/10/2014 6:36:55 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AsIO AsUpIO Avgdiska AVGIDSDriver Avgldx64 discache ESProtectionDriver SASDIFSV SASKUTIL spldr Wanarpv6
6/10/2014 6:36:54 PM, Error: Service Control Manager [7001]  - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error:  A device attached to the system is not functioning.
.
==== End Of File ===========================
 
 
 
 
Any help to get rid of these error messages, and potentially still infecting virus on my computer, would be great. Thank you. 
 
Tony T. 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:04 PM

Posted 14 June 2014 - 09:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Wait for further instructions.

#3 capricorntony13

capricorntony13
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 PM

Posted 17 June 2014 - 11:14 AM

I have 3 scan results.....

 

The first, when I downloaded RKill, one version said that it does both the 32 bit and the 64 bit in the same program. I ran that, and I am posting those results first. Then, I ran the 64 bit version of FSS. Then, I clicked on your link to the 64 bit version of RKill, downloaded and re-scanned, and I am posting those results as well. I deleted everything that was found. As per your instructions, I am copy/pasting the RKill results (32/64 first, then 64 only), copy/pasting FRST.txt in between those results, and attaching the addition.txt results from the FSS scan. All scans were done with my USB external drive disconnected, cable disconnected from the back of the drive. All scans were also done in Safe Mode. 

 

 

RogueKiller V9.0.3.0 [Jun 17 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode
User : Tina [Admin rights]
Mode : Scan -- Date : 06/17/2014  10:40:10
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 8 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 172.22.41.126  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 172.22.41.126  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 172.22.41.126  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ACC8FA5E-7FF1-406E-B191-D9606FD518DB} | DhcpNameServer : 172.22.41.126  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ACC8FA5E-7FF1-406E-B191-D9606FD518DB} | DhcpNameServer : 172.22.41.126  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ACC8FA5E-7FF1-406E-B191-D9606FD518DB} | DhcpNameServer : 172.22.41.126  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 1 ¤¤¤
[C:\windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST31000524AS ATA Device +++++
--- User ---
[MBR] 4b6ed35d3240f251e49318bdfe6d33f6
[BSP] 1c6ea76c4506c2df82a20b8ed62ae68e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 206848 | Size: 14524 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 29952000 | Size: 939243 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2014
Ran by Tina (administrator) on TINA-PC on 17-06-2014 10:42:29
Running from C:\Users\Tina\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Safe Mode (minimal)
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12881512 2011-09-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [RunAIShell] => C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe [232064 2009-12-23] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Rosary Reminder] => C:\Program Files (x86)\Virtual Rosary\REMINDER.EXE [46080 2001-07-10] (CatholicWare)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [1300792 2014-04-10] (Malwarebytes Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.104.216\AsusWSPanel.exe [737104 2011-07-05] (ecareme)
HKLM-x32\...\Run: [ASUS Easy Update] => C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [188416 2011-12-21] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [465536 2011-10-31] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1858369155-3202706354-180487596-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6564120 2014-06-10] (SUPERAntiSpyware)
HKU\S-1-5-21-1858369155-3202706354-180487596-1001\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Docs) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-30]
CHR Extension: (Google Drive) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-30]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-05-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-30]
CHR Extension: (Google Search) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-30]
CHR Extension: (Google Wallet) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-30]
CHR Extension: (Gmail) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-30]
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143088 2013-05-07] (SUPERAntiSpyware.com)
S2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4163584 2014-05-20] (Emsisoft GmbH)
S2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-28] () [File not signed]
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.16\aaHMSvc.exe [947328 2011-08-08] (ASUSTeK Computer Inc.)
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
S2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.06\AsusFanControlService.exe [1399296 2011-09-02] (ASUSTeK Computer Inc.) [File not signed]
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
S3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [347448 2014-04-10] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-20] (Emsisoft GmbH)
S1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14592 2010-10-21] (ASUSTek Computer Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [49760 2012-01-05] (Asmedia Technology)
S2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)
S3 cleanhlp; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
S1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63928 2014-04-11] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-17 10:42 - 2014-06-17 10:42 - 00013327 _____ () C:\Users\Tina\Downloads\FRST.txt
2014-06-17 10:42 - 2014-06-17 10:42 - 00000000 ____D () C:\FRST
2014-06-17 10:41 - 2014-06-17 10:41 - 00002682 _____ () C:\Users\Tina\Desktop\RKreport_SCN_06172014_104009 - latest scan 6-17-14.txt
2014-06-17 10:37 - 2014-06-17 10:37 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-17 10:33 - 2014-06-17 10:33 - 04707328 _____ () C:\Users\Tina\Downloads\RogueKiller (1).exe
2014-06-17 10:33 - 2014-06-17 10:33 - 02081280 _____ (Farbar) C:\Users\Tina\Downloads\FRST64.exe
2014-06-11 22:09 - 2014-06-11 22:09 - 00402324 _____ () C:\Users\Tina\Desktop\download (4a).htm
2014-06-11 20:55 - 2014-06-11 20:55 - 00001506 _____ () C:\Users\Tina\Desktop\Emsisoft Scan - safe mode w networking - a2scan_140611-201920.txt
2014-06-11 06:17 - 2014-06-11 06:17 - 00000000 ____D () C:\Users\Tina\AppData\Local\{DCB60C14-FB7D-4861-9688-5B9501F4D9DB}
2014-06-11 06:17 - 2014-06-11 06:17 - 00000000 ____D () C:\Users\Tina\AppData\Local\{B2050443-6693-42F7-B87A-844423A938FA}
2014-06-10 20:58 - 2014-06-10 21:04 - 00021303 _____ () C:\Users\Tina\Desktop\dds.txt
2014-06-10 20:58 - 2014-06-10 21:04 - 00008676 _____ () C:\Users\Tina\Desktop\attach.txt
2014-06-10 20:56 - 2014-06-10 20:56 - 00688992 ____R (Swearware) C:\Users\Tina\Desktop\dds.com
2014-06-10 20:29 - 2014-06-10 20:29 - 00397564 _____ () C:\Users\Tina\Desktop\photo.htm
2014-06-10 20:28 - 2014-06-10 20:28 - 00393025 _____ () C:\Users\Tina\Desktop\download (4).htm
2014-06-10 19:06 - 2014-06-10 19:06 - 03178496 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-06-10 19:06 - 2014-06-10 19:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-06-10 19:06 - 2014-06-10 19:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2014-06-10 19:06 - 2014-06-10 19:06 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2014-06-10 19:05 - 2014-06-10 19:05 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-06-10 19:05 - 2014-06-10 19:05 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-10 19:05 - 2014-06-10 19:05 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-06-10 19:05 - 2014-06-10 19:05 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2014-06-10 19:05 - 2014-06-10 19:05 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-06-10 19:05 - 2014-06-10 19:05 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 19:05 - 2014-06-10 19:05 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2014-06-10 19:05 - 2014-06-10 19:05 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-06-10 19:05 - 2014-06-10 19:05 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2014-06-10 19:05 - 2014-06-10 19:05 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-10 19:04 - 2014-06-10 19:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-10 19:04 - 2014-06-10 19:04 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-10 19:04 - 2014-06-10 19:04 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-10 19:04 - 2014-06-10 19:04 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-10 19:04 - 2014-06-10 19:04 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-10 19:04 - 2014-06-10 19:04 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-10 19:04 - 2014-06-10 19:04 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-10 19:04 - 2014-06-10 19:04 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-10 19:04 - 2014-06-10 19:04 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-09 14:44 - 2014-06-09 14:44 - 00033255 _____ () C:\Users\Tina\Desktop\combofix scan.txt
2014-06-09 14:43 - 2014-06-09 14:43 - 00033255 _____ () C:\ComboFix.txt
2014-06-09 14:43 - 2014-06-09 14:43 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-09 14:43 - 2014-06-09 14:43 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-09 14:43 - 2014-06-09 14:43 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-09 13:21 - 2014-06-09 13:47 - 00085257 _____ () C:\windows\system32\avgrep.txt
2014-06-08 21:57 - 2014-06-08 21:58 - 00000000 ____D () C:\Users\Tina\AppData\Local\{4461C679-4862-4D1D-8264-AC701A7C6E6B}
2014-05-29 21:15 - 2014-05-29 21:15 - 00000809 _____ () C:\Users\Tina\Desktop\EPU problem details.txt
2014-05-29 21:10 - 2014-06-09 14:29 - 00000000 ____D () C:\windows\pss
2014-05-28 22:44 - 2014-05-28 22:44 - 00084752 _____ () C:\Users\Tina\Desktop\AutoRuns.txt
2014-05-28 22:41 - 2014-05-28 22:41 - 00511782 _____ () C:\Users\Tina\Downloads\Autoruns.zip
2014-05-28 22:24 - 2014-05-28 22:24 - 00000675 _____ () C:\Users\Tina\Desktop\error message.txt
2014-05-28 22:05 - 2014-05-28 22:05 - 00000000 ____D () C:\Users\Tina\Desktop\Virus scans and other
2014-05-28 21:57 - 2014-05-28 21:57 - 00000000 ____D () C:\windows\ERUNT
2014-05-28 21:51 - 2014-05-28 21:51 - 00002156 _____ () C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-05-28 21:51 - 2014-05-28 21:51 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-05-28 21:45 - 2014-05-28 21:45 - 00002818 _____ () C:\Users\Tina\Documents\Prayer of Death.txt
2014-05-27 23:04 - 2014-05-27 23:07 - 02347384 _____ (ESET) C:\Users\Tina\Downloads\esetsmartinstaller_enu (1).exe
2014-05-27 00:45 - 2014-05-27 00:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-27 00:41 - 2014-05-27 00:43 - 02347384 _____ (ESET) C:\Users\Tina\Downloads\esetsmartinstaller_enu.exe
2014-05-27 00:26 - 2014-05-27 00:26 - 00448512 _____ (OldTimer Tools) C:\Users\Tina\Downloads\TFC.exe
2014-05-22 22:51 - 2014-05-22 23:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-22 22:50 - 2014-05-22 22:51 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Tina\Downloads\mbar-1.07.0.1009.exe
2014-05-22 22:35 - 2014-05-22 22:36 - 00025601 _____ () C:\Users\Tina\Downloads\Result.txt
2014-05-22 22:34 - 2014-05-22 22:34 - 00982016 _____ (Farbar) C:\Users\Tina\Downloads\MiniToolBox.exe
2014-05-22 22:33 - 2014-05-22 22:33 - 00002481 _____ () C:\Users\Tina\Downloads\FSS.txt
2014-05-22 22:32 - 2014-05-22 22:33 - 00410112 _____ (Farbar) C:\Users\Tina\Downloads\FSS.exe
2014-05-22 21:25 - 2014-06-17 10:41 - 00000000 ____D () C:\Users\Tina\AppData\Local\CrashDumps
2014-05-20 22:14 - 2014-05-20 22:14 - 00000000 ____D () C:\SUPERDelete
2014-05-20 22:06 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-05-20 22:05 - 2014-05-27 00:34 - 00000000 ____D () C:\AdwCleaner
2014-05-20 22:03 - 2014-05-20 22:03 - 02463848 _____ (Malwarebytes ) C:\Users\Tina\Downloads\mbae-setup-0.10.3.0100.exe
2014-05-20 22:03 - 2014-05-20 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-05-20 22:03 - 2014-05-20 22:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-05-20 20:52 - 2014-06-17 10:35 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-05-20 20:52 - 2014-05-20 20:52 - 00001095 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-05-20 20:52 - 2014-05-20 20:52 - 00000000 ____D () C:\Users\Tina\Documents\Anti-Malware
2014-05-20 20:52 - 2014-05-20 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-05-20 20:45 - 2014-05-20 20:50 - 224608616 _____ (Emsisoft GmbH ) C:\Users\Tina\Downloads\EmsisoftAntiMalwareSetup.exe
2014-05-20 20:44 - 2014-05-20 20:44 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Tina\Downloads\rkill.com
2014-05-20 20:41 - 2014-05-20 20:41 - 01016261 _____ (Thisisu) C:\Users\Tina\Downloads\JRT.exe
2014-05-20 20:32 - 2014-05-20 20:32 - 03972608 _____ () C:\Users\Tina\Downloads\RogueKiller.exe
2014-05-20 20:19 - 2011-06-26 02:45 - 00256000 _____ () C:\windows\PEV.exe
2014-05-20 20:19 - 2010-11-07 13:20 - 00208896 _____ () C:\windows\MBR.exe
2014-05-20 20:19 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-05-20 20:19 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-05-20 20:19 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-05-20 20:19 - 2000-08-30 20:00 - 00098816 _____ () C:\windows\sed.exe
2014-05-20 20:19 - 2000-08-30 20:00 - 00080412 _____ () C:\windows\grep.exe
2014-05-20 20:19 - 2000-08-30 20:00 - 00068096 _____ () C:\windows\zip.exe
2014-05-20 20:16 - 2014-06-09 14:43 - 00000000 ____D () C:\Qoobox
2014-05-20 20:16 - 2014-05-20 23:17 - 00000000 ____D () C:\windows\erdnt
 
==================== One Month Modified Files and Folders =======
 
2014-06-17 10:42 - 2014-06-17 10:42 - 00013327 _____ () C:\Users\Tina\Downloads\FRST.txt
2014-06-17 10:42 - 2014-06-17 10:42 - 00000000 ____D () C:\FRST
2014-06-17 10:42 - 2013-05-01 23:38 - 00000000 ____D () C:\Users\Tina\AppData\Local\Temp
2014-06-17 10:41 - 2014-06-17 10:41 - 00002682 _____ () C:\Users\Tina\Desktop\RKreport_SCN_06172014_104009 - latest scan 6-17-14.txt
2014-06-17 10:41 - 2014-05-22 21:25 - 00000000 ____D () C:\Users\Tina\AppData\Local\CrashDumps
2014-06-17 10:37 - 2014-06-17 10:37 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-17 10:35 - 2014-05-20 20:52 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-06-17 10:35 - 2014-05-15 20:08 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-17 10:35 - 2009-07-14 00:45 - 00016976 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-17 10:35 - 2009-07-14 00:45 - 00016976 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-17 10:33 - 2014-06-17 10:33 - 04707328 _____ () C:\Users\Tina\Downloads\RogueKiller (1).exe
2014-06-17 10:33 - 2014-06-17 10:33 - 02081280 _____ (Farbar) C:\Users\Tina\Downloads\FRST64.exe
2014-06-17 10:30 - 2014-01-22 14:51 - 00004964 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Tina-PC-Tina Tina-PC
2014-06-17 10:30 - 2013-12-30 22:55 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-17 10:27 - 2009-07-14 01:13 - 00797890 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-17 10:13 - 2013-05-01 23:47 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-17 10:12 - 2013-11-21 23:47 - 00002209 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-06-17 10:09 - 2013-12-30 22:55 - 00000890 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-17 10:07 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-14 13:50 - 2013-11-21 23:49 - 00000000 ____D () C:\ProgramData\ProductData
2014-06-13 21:37 - 2014-02-06 09:19 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-06-13 21:32 - 2013-12-30 22:56 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-11 22:09 - 2014-06-11 22:09 - 00402324 _____ () C:\Users\Tina\Desktop\download (4a).htm
2014-06-11 20:55 - 2014-06-11 20:55 - 00001506 _____ () C:\Users\Tina\Desktop\Emsisoft Scan - safe mode w networking - a2scan_140611-201920.txt
2014-06-11 06:20 - 2013-12-06 18:25 - 00000231 _____ () C:\Users\Tina\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-06-11 06:20 - 2013-12-06 18:25 - 00000231 _____ () C:\Users\Tina\AppData\Roaming\Rim.Desktop.Exception.log
2014-06-11 06:17 - 2014-06-11 06:17 - 00000000 ____D () C:\Users\Tina\AppData\Local\{DCB60C14-FB7D-4861-9688-5B9501F4D9DB}
2014-06-11 06:17 - 2014-06-11 06:17 - 00000000 ____D () C:\Users\Tina\AppData\Local\{B2050443-6693-42F7-B87A-844423A938FA}
2014-06-10 21:04 - 2014-06-10 20:58 - 00021303 _____ () C:\Users\Tina\Desktop\dds.txt
2014-06-10 21:04 - 2014-06-10 20:58 - 00008676 _____ () C:\Users\Tina\Desktop\attach.txt
2014-06-10 20:56 - 2014-06-10 20:56 - 00688992 ____R (Swearware) C:\Users\Tina\Desktop\dds.com
2014-06-10 20:29 - 2014-06-10 20:29 - 00397564 _____ () C:\Users\Tina\Desktop\photo.htm
2014-06-10 20:28 - 2014-06-10 20:28 - 00393025 _____ () C:\Users\Tina\Desktop\download (4).htm
2014-06-10 19:40 - 2013-05-02 00:20 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-10 19:31 - 2013-08-17 23:01 - 00000000 ____D () C:\windows\system32\MRT
2014-06-10 19:29 - 2013-05-06 21:15 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-06-10 19:06 - 2014-06-10 19:06 - 03178496 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-06-10 19:06 - 2014-06-10 19:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-06-10 19:06 - 2014-06-10 19:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2014-06-10 19:06 - 2014-06-10 19:06 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2014-06-10 19:05 - 2014-06-10 19:05 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-06-10 19:05 - 2014-06-10 19:05 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-10 19:05 - 2014-06-10 19:05 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-06-10 19:05 - 2014-06-10 19:05 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2014-06-10 19:05 - 2014-06-10 19:05 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-06-10 19:05 - 2014-06-10 19:05 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 19:05 - 2014-06-10 19:05 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2014-06-10 19:05 - 2014-06-10 19:05 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-06-10 19:05 - 2014-06-10 19:05 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2014-06-10 19:05 - 2014-06-10 19:05 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-10 19:04 - 2014-06-10 19:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-10 19:04 - 2014-06-10 19:04 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-10 19:04 - 2014-06-10 19:04 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-10 19:04 - 2014-06-10 19:04 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-10 19:04 - 2014-06-10 19:04 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-10 19:04 - 2014-06-10 19:04 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-10 19:04 - 2014-06-10 19:04 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-10 19:04 - 2014-06-10 19:04 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-10 19:04 - 2014-06-10 19:04 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-10 19:04 - 2014-06-10 19:04 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-10 18:37 - 2013-05-08 23:47 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-09 14:44 - 2014-06-09 14:44 - 00033255 _____ () C:\Users\Tina\Desktop\combofix scan.txt
2014-06-09 14:43 - 2014-06-09 14:43 - 00033255 _____ () C:\ComboFix.txt
2014-06-09 14:43 - 2014-06-09 14:43 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-09 14:43 - 2014-06-09 14:43 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-09 14:43 - 2014-06-09 14:43 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-09 14:43 - 2014-05-20 20:16 - 00000000 ____D () C:\Qoobox
2014-06-09 14:42 - 2009-07-13 22:34 - 00000215 _____ () C:\windows\system.ini
2014-06-09 14:29 - 2014-05-29 21:10 - 00000000 ____D () C:\windows\pss
2014-06-09 14:29 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-09 13:47 - 2014-06-09 13:21 - 00085257 _____ () C:\windows\system32\avgrep.txt
2014-06-09 12:36 - 2009-07-14 00:45 - 00012288 _____ () C:\windows\system32\umstartup.etl
2014-06-09 10:02 - 2014-05-15 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-09 10:02 - 2014-05-15 20:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-09 10:02 - 2013-05-23 23:09 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-08 21:58 - 2014-06-08 21:57 - 00000000 ____D () C:\Users\Tina\AppData\Local\{4461C679-4862-4D1D-8264-AC701A7C6E6B}
2014-06-07 21:16 - 2013-12-16 20:26 - 00000000 ____D () C:\Users\Tina\Desktop\pics from Tina new camera - house - snow
2014-05-30 23:45 - 2009-07-14 01:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-05-29 21:15 - 2014-05-29 21:15 - 00000809 _____ () C:\Users\Tina\Desktop\EPU problem details.txt
2014-05-28 22:44 - 2014-05-28 22:44 - 00084752 _____ () C:\Users\Tina\Desktop\AutoRuns.txt
2014-05-28 22:41 - 2014-05-28 22:41 - 00511782 _____ () C:\Users\Tina\Downloads\Autoruns.zip
2014-05-28 22:24 - 2014-05-28 22:24 - 00000675 _____ () C:\Users\Tina\Desktop\error message.txt
2014-05-28 22:05 - 2014-05-28 22:05 - 00000000 ____D () C:\Users\Tina\Desktop\Virus scans and other
2014-05-28 21:57 - 2014-05-28 21:57 - 00000000 ____D () C:\windows\ERUNT
2014-05-28 21:51 - 2014-05-28 21:51 - 00002156 _____ () C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-05-28 21:51 - 2014-05-28 21:51 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-05-28 21:45 - 2014-05-28 21:45 - 00002818 _____ () C:\Users\Tina\Documents\Prayer of Death.txt
2014-05-27 23:07 - 2014-05-27 23:04 - 02347384 _____ (ESET) C:\Users\Tina\Downloads\esetsmartinstaller_enu (1).exe
2014-05-27 22:59 - 2013-05-31 21:26 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-27 22:59 - 2013-05-31 21:26 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-27 00:45 - 2014-05-27 00:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-27 00:43 - 2014-05-27 00:41 - 02347384 _____ (ESET) C:\Users\Tina\Downloads\esetsmartinstaller_enu.exe
2014-05-27 00:34 - 2014-05-20 22:05 - 00000000 ____D () C:\AdwCleaner
2014-05-27 00:26 - 2014-05-27 00:26 - 00448512 _____ (OldTimer Tools) C:\Users\Tina\Downloads\TFC.exe
2014-05-22 23:07 - 2014-05-22 22:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-22 22:51 - 2014-05-22 22:50 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Tina\Downloads\mbar-1.07.0.1009.exe
2014-05-22 22:36 - 2014-05-22 22:35 - 00025601 _____ () C:\Users\Tina\Downloads\Result.txt
2014-05-22 22:34 - 2014-05-22 22:34 - 00982016 _____ (Farbar) C:\Users\Tina\Downloads\MiniToolBox.exe
2014-05-22 22:33 - 2014-05-22 22:33 - 00002481 _____ () C:\Users\Tina\Downloads\FSS.txt
2014-05-22 22:33 - 2014-05-22 22:32 - 00410112 _____ (Farbar) C:\Users\Tina\Downloads\FSS.exe
2014-05-20 23:17 - 2014-05-20 20:16 - 00000000 ____D () C:\windows\erdnt
2014-05-20 22:14 - 2014-05-20 22:14 - 00000000 ____D () C:\SUPERDelete
2014-05-20 22:14 - 2013-11-21 23:47 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\IObit
2014-05-20 22:03 - 2014-05-20 22:03 - 02463848 _____ (Malwarebytes ) C:\Users\Tina\Downloads\mbae-setup-0.10.3.0100.exe
2014-05-20 22:03 - 2014-05-20 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-05-20 22:03 - 2014-05-20 22:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-05-20 22:03 - 2013-05-23 23:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-20 20:52 - 2014-05-20 20:52 - 00001095 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-05-20 20:52 - 2014-05-20 20:52 - 00000000 ____D () C:\Users\Tina\Documents\Anti-Malware
2014-05-20 20:52 - 2014-05-20 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-05-20 20:50 - 2014-05-20 20:45 - 224608616 _____ (Emsisoft GmbH ) C:\Users\Tina\Downloads\EmsisoftAntiMalwareSetup.exe
2014-05-20 20:44 - 2014-05-20 20:44 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Tina\Downloads\rkill.com
2014-05-20 20:41 - 2014-05-20 20:41 - 01016261 _____ (Thisisu) C:\Users\Tina\Downloads\JRT.exe
2014-05-20 20:32 - 2014-05-20 20:32 - 03972608 _____ () C:\Users\Tina\Downloads\RogueKiller.exe
2014-05-20 20:25 - 2012-04-10 21:11 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-20 20:25 - 2012-04-10 21:11 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-20 20:25 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-05-20 20:15 - 2014-03-05 12:01 - 05200426 ____R (Swearware) C:\Users\Tina\Downloads\ComboFix.exe
2014-05-19 17:26 - 2014-03-31 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-19 17:26 - 2013-09-23 23:40 - 00000969 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-05-18 17:34 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-09 12:10
 
==================== End Of Log ============================
 
 
 
 
 
RogueKiller V9.0.3.0 (x64) [Jun 17 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode
User : Tina [Admin rights]
Mode : Scan -- Date : 06/17/2014  11:16:41
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 6 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 172.22.41.126  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 172.22.41.126  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 172.22.41.126  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ACC8FA5E-7FF1-406E-B191-D9606FD518DB} | DhcpNameServer : 172.22.41.126  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ACC8FA5E-7FF1-406E-B191-D9606FD518DB} | DhcpNameServer : 172.22.41.126  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ACC8FA5E-7FF1-406E-B191-D9606FD518DB} | DhcpNameServer : 172.22.41.126  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 1 ¤¤¤
[C:\windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST31000524AS ATA Device +++++
--- User ---
[MBR] 4b6ed35d3240f251e49318bdfe6d33f6
[BSP] 1c6ea76c4506c2df82a20b8ed62ae68e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 206848 | Size: 14524 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 29952000 | Size: 939243 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_DEL_06172014_104129.log - RKreport_SCN_06172014_104009.log

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:04 PM

Posted 17 June 2014 - 01:47 PM

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 172.22.41.126 -> FOUND
and all the others.

Did you set this proxy?

http://www.tcpiputils.com/browse/ip-address/172.22.41.126

If not clean them with the RogueKiller tool.
===

The rest of the log is clean.

===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Let me know what problem persists.

#5 capricorntony13

capricorntony13
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 PM

Posted 17 June 2014 - 03:35 PM

Hello, 

 

I did not personally set the proxy, but that IP address was set by my Cisco router, EA2700. I have Verizon FiOS to one area of my house, and the router beyond it. Due to these computer problems, I will look for a firmware update. When I type in that IP address that you gave me, I can access my Cisco router. 

 

I did what you asked, and a few other things for 'sh*ts' and giggles, as the expression goes. I did an experiment in 3 modes, Safe Mode, Safe Mode with networking, and the full OS loaded. I ran RKill 64 and Security Check, in that order, in all 3 modes. The PuPs came back up, and I found a rootkit in the Safe Mode with networking. I don;t know if it is gone or not. Take a look at all of my results:

 

 

 

 

RogueKiller V9.0.3.0 (x64) [Jun 17 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Tina [Admin rights]
Mode : Scan -- Date : 06/17/2014  15:49:16
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 172.22.41.126  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 172.22.41.126  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ACC8FA5E-7FF1-406E-B191-D9606FD518DB} | DhcpNameServer : 172.22.41.126  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ACC8FA5E-7FF1-406E-B191-D9606FD518DB} | DhcpNameServer : 172.22.41.126  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 1 ¤¤¤
[C:\windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 4 ¤¤¤
[EAT:Addr] (explorer.exe) napinsp.dll - DllCanUnloadNow : C:\windows\system32\wpdshserviceobj.dll @ 0x7fef4493d60
[EAT:Addr] (explorer.exe) napinsp.dll - DllGetClassObject : C:\windows\system32\wpdshserviceobj.dll @ 0x7fef4491a74
[EAT:Addr] (explorer.exe) napinsp.dll - DllRegisterServer : C:\windows\system32\wpdshserviceobj.dll @ 0x7fef4496070
[EAT:Addr] (explorer.exe) napinsp.dll - DllUnregisterServer : C:\windows\system32\wpdshserviceobj.dll @ 0x7fef4496278
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST31000524AS ATA Device +++++
--- User ---
[MBR] 4b6ed35d3240f251e49318bdfe6d33f6
[BSP] 1c6ea76c4506c2df82a20b8ed62ae68e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 206848 | Size: 14524 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 29952000 | Size: 939243 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_DEL_06172014_104129.log - RKreport_DEL_06172014_115250.log - RKreport_DEL_06172014_154048.log - RKreport_SCN_06172014_104009.log
RKreport_SCN_06172014_111641.log - RKreport_SCN_06172014_154017.log - RKreport_SCN_06172014_154312.log
 
 
 
 
 

 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
AVG AntiVirus Free Edition 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Reader 10.1.10 Adobe Reader out of Date!  
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 
 
 
 
 
 

RogueKiller V9.0.3.0 (x64) [Jun 17 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Tina [Admin rights]
Mode : Scan -- Date : 06/17/2014  15:54:38
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 0 ¤¤¤
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 1 ¤¤¤
[C:\windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
 
¤¤¤ Antirootkit : 4 ¤¤¤
[EAT:Addr] (explorer.exe) napinsp.dll - DllCanUnloadNow : C:\windows\system32\wpdshserviceobj.dll @ 0x7fef4493d60
[EAT:Addr] (explorer.exe) napinsp.dll - DllGetClassObject : C:\windows\system32\wpdshserviceobj.dll @ 0x7fef4491a74
[EAT:Addr] (explorer.exe) napinsp.dll - DllRegisterServer : C:\windows\system32\wpdshserviceobj.dll @ 0x7fef4496070
[EAT:Addr] (explorer.exe) napinsp.dll - DllUnregisterServer : C:\windows\system32\wpdshserviceobj.dll @ 0x7fef4496278
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST31000524AS ATA Device +++++
--- User ---
[MBR] 4b6ed35d3240f251e49318bdfe6d33f6
[BSP] 1c6ea76c4506c2df82a20b8ed62ae68e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 206848 | Size: 14524 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 29952000 | Size: 939243 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_DEL_06172014_104129.log - RKreport_DEL_06172014_115250.log - RKreport_DEL_06172014_154048.log - RKreport_SCN_06172014_104009.log
RKreport_SCN_06172014_111641.log - RKreport_SCN_06172014_154017.log - RKreport_SCN_06172014_154312.log - RKreport_SCN_06172014_154916.log
RKreport_DEL_06172014_155002.log - RKreport_SCN_06172014_155217.log
 
 
 
 
 
 

 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Reader 10.1.10 Adobe Reader out of Date!  
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 
 
 
 
 
 

RogueKiller V9.0.3.0 (x64) [Jun 17 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Tina [Admin rights]
Mode : Scan -- Date : 06/17/2014  16:15:17
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 6 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 172.22.41.126  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 172.22.41.126  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 172.22.41.126  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ACC8FA5E-7FF1-406E-B191-D9606FD518DB} | DhcpNameServer : 172.22.41.126  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ACC8FA5E-7FF1-406E-B191-D9606FD518DB} | DhcpNameServer : 172.22.41.126  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ACC8FA5E-7FF1-406E-B191-D9606FD518DB} | DhcpNameServer : 172.22.41.126  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 1 ¤¤¤
[C:\windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
 
¤¤¤ Antirootkit : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST31000524AS ATA Device +++++
--- User ---
[MBR] 4b6ed35d3240f251e49318bdfe6d33f6
[BSP] 1c6ea76c4506c2df82a20b8ed62ae68e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 206848 | Size: 14524 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 29952000 | Size: 939243 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_DEL_06172014_104129.log - RKreport_DEL_06172014_115250.log - RKreport_DEL_06172014_154048.log - RKreport_DEL_06172014_155002.log
RKreport_DEL_06172014_155606.log - RKreport_DEL_06172014_155937.log - RKreport_SCN_06172014_104009.log - RKreport_SCN_06172014_111641.log
RKreport_SCN_06172014_154017.log - RKreport_SCN_06172014_154312.log - RKreport_SCN_06172014_154916.log - RKreport_SCN_06172014_155217.log
RKreport_SCN_06172014_155438.log - RKreport_SCN_06172014_155439.txt - RKreport_SCN_06172014_155838.log
 
 
 
 
 

 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Reader 10.1.10 Adobe Reader out of Date!  
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 Emsisoft Anti-Malware a2service.exe   
 Malwarebytes Anti-Exploit mbae-svc.exe   
 Malwarebytes Anti-Exploit mbae.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 
 
 
 
 
 


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:04 PM

Posted 18 June 2014 - 07:25 AM

Reset the browser settings and test to find out if the popups are still happening.
===

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

In Internet Explorer it's under the Tool menu > Internet Options > Advanced tab.
You will find the reset at the bottom of the pane.

===

Keep me posted.

#7 capricorntony13

capricorntony13
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 PM

Posted 19 June 2014 - 06:22 PM

I have Chrome and IE. I do not have Firefox. 

 

I was able to reset Chrome's settings. I am so used to Chrome, I forget about IE. I tried to open IE, I can't. I get a new windows that says IE cannot be opened, and it gives me two options: look online for a solution then close the program, or just to close the program outright. When I click on Find a solution online and close the program, the exact same message that I just received keeps popping up, until I finally close the program.

 

The error messages are still happening, even after Chrome's settings are reset. 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:04 PM

Posted 20 June 2014 - 07:01 AM

You should repair Internet Explorer 11.


Follow the instructions one this page.

http://support.microsoft.com/kb/318378
===

When you get IE to work I suggest you remove Chrome using the Add/Remove Programs.
Restart the computer normally.
Re-install Chrome.

Save your Bookmarks before proceeding.
https://support.google.com/chrome/answer/96816?hl=en

They can be imported back to the new version.
===

Keep me posted.

#9 capricorntony13

capricorntony13
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 PM

Posted 20 June 2014 - 08:51 PM

 
 
Hello, 
 
Here's what I have experienced: 
 
I clicked on the link that you posted to repair IE11, the latest version. I clicked on both the fast online version and offline version of the re-installer. Both times, I used the one for my system, Windows 7, SP1, 64bit. Both times, I get an error window that says: 
 
***
Internet Explorer 11
 
(shows the blue E) : Internet Explorer did not finish installing
 
Setup can't continue because a more recent version of Internet Explorer is installed on your computer. 
 
OK ( OK button shows )
***
 
This is untrue, of course, so the virus is preventing me from reinstalling IE11. 
 
I clicked on the link to repair IE11. It ran Microsoft FixIt, which worked. I have internet access now on IE11.  I then removed Chrome and reinstalled it, bookmarks and all. 
 
I still get the error windows. 


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:04 PM

Posted 21 June 2014 - 05:40 AM

Launch Notepad, and copy/paste all the blue instructions below to it.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save
 

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]


Then, disconnect from the Internet!
Next,
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.

On a Vista or Windows 7 operating system right click on the fixme.reg file and run as Administrator.

Optional if the following programs are in your computer.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed.

===

If that fails to stop the pop-ups continue.

The Microsoft Windows ARP cache will occasionally become corrupt and need to be cleared.

Follow the instructions on this page.

ARP cache
http://www.tech-faq.com/clear-arp-cache.shtml

===

Keep me posted.

#11 capricorntony13

capricorntony13
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 PM

Posted 21 June 2014 - 08:42 PM

Hello, 

 

I saved the reg file and ran it. It did not give me an option to Run as Administrator. It did give me an option to merge the info. I did. I rebooted, and the messages are still there. 

 

I went to the link to clear out the ARP cache. From the command prompt, it gave me a message: The requested operation requires elevation ( run as administrator ). I went to Control Panel, and User Accounts, and only found the one account, my wife Tina, who is listed as an administrator. I rebooted in safe mode and then went to the command prompt. I typed in 'netsh interface ip delete arpcache', and it came back as OK after a second or two. I rebooted, and the messages are still there.  



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:04 PM

Posted 22 June 2014 - 07:03 AM


Create a restore point
http://windows.microsoft.com/en-ca/windows7/create-a-restore-point
===

Run the RogueKiller tool and delete these items.

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 172.22.41.126 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 172.22.41.126 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 172.22.41.126 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ACC8FA5E-7FF1-406E-B191-D9606FD518DB} | DhcpNameServer : 172.22.41.126 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ACC8FA5E-7FF1-406E-B191-D9606FD518DB} | DhcpNameServer : 172.22.41.126 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ACC8FA5E-7FF1-406E-B191-D9606FD518DB} | DhcpNameServer : 172.22.41.126 -> FOUND


If something goes wrong then you will be able to restore your system.

Keep me posted.

#13 capricorntony13

capricorntony13
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 PM

Posted 22 June 2014 - 02:18 PM

I used RouKiller x64 to delete those files. I rebooted the computer. I run RogueKiller again, and the same files reappear, to be deleted. In fact, the exploits show up as well. Below, is the report file from the scan:

 

RogueKiller V9.0.3.0 (x64) [Jun 17 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Tina [Admin rights]
Mode : Scan -- Date : 06/22/2014  10:40:04
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 8 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 172.22.41.126  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 172.22.41.126  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 172.22.41.126  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ACC8FA5E-7FF1-406E-B191-D9606FD518DB} | DhcpNameServer : 172.22.41.126  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ACC8FA5E-7FF1-406E-B191-D9606FD518DB} | DhcpNameServer : 172.22.41.126  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ACC8FA5E-7FF1-406E-B191-D9606FD518DB} | DhcpNameServer : 172.22.41.126  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 1 ¤¤¤
[C:\windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
 
¤¤¤ Antirootkit : 4 ¤¤¤
[EAT:Addr] (explorer.exe) msxml6.dll - DllCanUnloadNow : C:\windows\system32\wpdshserviceobj.dll @ 0x7fefa9b3d60
[EAT:Addr] (explorer.exe) msxml6.dll - DllGetClassObject : C:\windows\system32\wpdshserviceobj.dll @ 0x7fefa9b1a74
[EAT:Addr] (explorer.exe) msxml6.dll - DllRegisterServer : C:\windows\system32\wpdshserviceobj.dll @ 0x7fefa9b6070
[EAT:Addr] (explorer.exe) msxml6.dll - DllUnregisterServer : C:\windows\system32\wpdshserviceobj.dll @ 0x7fefa9b6278
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST31000524AS ATA Device +++++
--- User ---
[MBR] 4b6ed35d3240f251e49318bdfe6d33f6
[BSP] 1c6ea76c4506c2df82a20b8ed62ae68e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 206848 | Size: 14524 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 29952000 | Size: 939243 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: Canon iP6210DStorage USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_DEL_06172014_104129.log - RKreport_DEL_06172014_115250.log - RKreport_DEL_06172014_154048.log - RKreport_DEL_06172014_155002.log
RKreport_DEL_06172014_155606.log - RKreport_DEL_06172014_155937.log - RKreport_DEL_06172014_162602.log - RKreport_SCN_06172014_104009.log
RKreport_SCN_06172014_111641.log - RKreport_SCN_06172014_154017.log - RKreport_SCN_06172014_154312.log - RKreport_SCN_06172014_154916.log
RKreport_SCN_06172014_155217.log - RKreport_SCN_06172014_155438.log - RKreport_SCN_06172014_155439.txt - RKreport_SCN_06172014_155838.log
RKreport_SCN_06172014_161517.log
 
 
 
I am suspicious that the virus infected IE11 or at least entered through it. I went to Control Panel, Uninstall a Program, Turn on and off Windows Features, and unclicked Internet Explorer 11. I rebooted, and ran RogueKiller. The same registry files show up again, but, this time, the stuff that shows up in anti-rootkit does't show up anymore. I get the same thing when I run RogueKiller in Safe Mode with Networking.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:04 PM

Posted 23 June 2014 - 07:30 AM

Please download Malwarebytes Anti-Rootkit here.
  • Unzip the contents to a folder on the Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Please post the two logs produced.
If MBAM fails to fix the issue we may have to reset your Router.
Will see.

#15 capricorntony13

capricorntony13
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 PM

Posted 25 June 2014 - 10:25 PM

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org
 
Database version: v2014.06.25.03
 
Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 11.0.9600.17126
Tina :: TINA-PC [administrator]
 
6/25/2014 1:48:09 AM
mbar-log-2014-06-25 (01-48-09).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 283560
Time elapsed: 14 minute(s), 2 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.17126
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.993000 GHz
Memory total: 6130900992, free: 4178857984
 
Downloaded database version: v2014.06.24.14
Downloaded database version: v2014.06.23.02
=======================================
Initializing...
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4557640A
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Other (0x1b)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 29745152
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 29952000  Numsec = 1923569664
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 44FDFE06
 
Partition information:
 
    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 625137282
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 320072933376 bytes
Sector size: 512 bytes
 
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
System is currently in a safe mode
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.17126
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.993000 GHz
Memory total: 6130900992, free: 4490223616
 
=======================================
Initializing...
------------ Kernel report ------------
     06/24/2014 21:49:17
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\isapnp.sys
\SystemRoot\system32\drivers\mpio.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\aliide.sys
\SystemRoot\system32\drivers\amdide.sys
\SystemRoot\system32\drivers\cmdide.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\msdsm.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\viaide.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\lsi_sas.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\drivers\asahci64.sys
\SystemRoot\system32\drivers\HpSAMD.sys
\SystemRoot\system32\drivers\adp94xx.sys
\SystemRoot\system32\drivers\adpahci.sys
\SystemRoot\system32\drivers\adpu320.sys
\SystemRoot\system32\drivers\amdsata.sys
\SystemRoot\system32\drivers\amdsbs.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\arc.sys
\SystemRoot\system32\drivers\arcsas.sys
\SystemRoot\system32\drivers\elxstor.sys
\SystemRoot\system32\drivers\iirsp.sys
\SystemRoot\system32\drivers\lsi_fc.sys
\SystemRoot\system32\drivers\lsi_sas2.sys
\SystemRoot\system32\drivers\lsi_scsi.sys
\SystemRoot\system32\drivers\megasas.sys
\SystemRoot\system32\drivers\MegaSR.sys
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\nfrd960.sys
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\drivers\ql2300.sys
\SystemRoot\system32\drivers\ql40xx.sys
\SystemRoot\system32\drivers\SiSRaid2.sys
\SystemRoot\system32\drivers\sisraid4.sys
\SystemRoot\system32\drivers\stexstor.sys
\SystemRoot\system32\drivers\vsmraid.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\drivers\sbp2port.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\drivers\HECIx64.sys
\SystemRoot\SysWow64\drivers\AiCharger.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\asmtxhci.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\asmthub3.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_asahci64.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\framebuf.dll
\SystemRoot\system32\DRIVERS\mouhid.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8006d23060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000ab\
Lower Device Object: 0xfffffa8006d1a750
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8006a70060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000a6\
Lower Device Object: 0xfffffa8006a587a0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8005faa060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-8\
Lower Device Object: 0xfffffa8005cdd680
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8005faa060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005e129f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005faa060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005cdd680, DeviceName: \Device\Ide\IdeDeviceP4T0L0-8\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4557640A
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Other (0x1b)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 29745152
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 29952000  Numsec = 1923569664
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8006a70060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006a59630, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006a70060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006a587a0, DeviceName: \Device\000000a6\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa8006d23060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006d30780, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006d23060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006d1a750, DeviceName: \Device\000000ab\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 44FDFE06
 
Partition information:
 
    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 625137282
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 320072933376 bytes
Sector size: 512 bytes
 
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.17126
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.993000 GHz
Memory total: 6130900992, free: 3726688256
 
Downloaded database version: v2014.06.25.01
Downloaded database version: v2014.06.23.02
=======================================
Initializing...
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4557640A
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Other (0x1b)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 29745152
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 29952000  Numsec = 1923569664
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 44FDFE06
 
Partition information:
 
    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 625137282
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 320072933376 bytes
Sector size: 512 bytes
 
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
System is currently in a safe mode
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.17126
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.993000 GHz
Memory total: 6130900992, free: 5401571328
 
=======================================
------------ Kernel report ------------
     06/24/2014 22:58:16
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\isapnp.sys
\SystemRoot\system32\drivers\mpio.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\aliide.sys
\SystemRoot\system32\drivers\amdide.sys
\SystemRoot\system32\drivers\cmdide.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\msdsm.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\viaide.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\lsi_sas.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\drivers\asahci64.sys
\SystemRoot\system32\drivers\HpSAMD.sys
\SystemRoot\system32\drivers\adp94xx.sys
\SystemRoot\system32\drivers\adpahci.sys
\SystemRoot\system32\drivers\adpu320.sys
\SystemRoot\system32\drivers\amdsata.sys
\SystemRoot\system32\drivers\amdsbs.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\arc.sys
\SystemRoot\system32\drivers\arcsas.sys
\SystemRoot\system32\drivers\elxstor.sys
\SystemRoot\system32\drivers\iirsp.sys
\SystemRoot\system32\drivers\lsi_fc.sys
\SystemRoot\system32\drivers\lsi_sas2.sys
\SystemRoot\system32\drivers\lsi_scsi.sys
\SystemRoot\system32\drivers\megasas.sys
\SystemRoot\system32\drivers\MegaSR.sys
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\nfrd960.sys
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\drivers\ql2300.sys
\SystemRoot\system32\drivers\ql40xx.sys
\SystemRoot\system32\drivers\SiSRaid2.sys
\SystemRoot\system32\drivers\sisraid4.sys
\SystemRoot\system32\drivers\stexstor.sys
\SystemRoot\system32\drivers\vsmraid.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\drivers\sbp2port.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\drivers\HECIx64.sys
\SystemRoot\SysWow64\drivers\AiCharger.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\asmtxhci.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_asahci64.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\asmthub3.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\framebuf.dll
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\imagehlp.dll
\Windows\System32\shlwapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\advapi32.dll
\Windows\System32\imm32.dll
\Windows\System32\msctf.dll
\Windows\System32\normaliz.dll
\Windows\System32\kernel32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\psapi.dll
\Windows\System32\wininet.dll
\Windows\System32\Wldap32.dll
\Windows\System32\sechost.dll
\Windows\System32\user32.dll
\Windows\System32\lpk.dll
\Windows\System32\shell32.dll
\Windows\System32\urlmon.dll
\Windows\System32\ole32.dll
\Windows\System32\gdi32.dll
\Windows\System32\nsi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\setupapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\difxapi.dll
\Windows\System32\usp10.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa80070f2060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000a6\
Lower Device Object: 0xfffffa8006f07b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8005faa060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-8\
Lower Device Object: 0xfffffa8005cde650
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8005faa060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005faab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005faa060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005cde650, DeviceName: \Device\Ide\IdeDeviceP4T0L0-8\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4557640A
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Other (0x1b)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 29745152
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 29952000  Numsec = 1923569664
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa80070f2060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006f008d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80070f2060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006f07b60, DeviceName: \Device\000000a6\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
System is currently in a safe mode
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.17126
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.993000 GHz
Memory total: 6130900992, free: 4191113216
 
Downloaded database version: v2014.06.25.03
Downloaded database version: v2014.06.23.02
Initializing...
======================
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4557640A
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Other (0x1b)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 29745152
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 29952000  Numsec = 1923569664
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
 
 
 
OK.....After this program found nothing to clean, I experimented again. I went into Safe Mode with Networking. I ran SuperAntispyware, Emsisoft AntiMalware, Avast AntiVirus, ESET online scanner, Malwarebytes AntiRootkit, and Rougue Killer at the same time, then ran ComboFix, I came up with nothing on all but one....the usual six to eight results from RogueKiller, those registry keys that we've mentioned before. I did take notice to a few things, while in Safe Mode with Networking ( on my infected computer ):
 
* on the lower right side of the desktop, by the clock, the little white flag appears, but with a message: Turn On Windows Security Center ( and it won't let me turn it on )  ( also, just to mention, my Windows Update stuff is up to date )
* I try to reinstall IE 11, but I keep getting an error message saying that I cannot because a newer version is already on my computer.
* I get a message on my Avast antivirus program saying that my protection is off and when I click to start it up, it does nothing,
* when I try to update my virus definition online from Emsisoft AntiMalware, it does nothing. 
 
I also reset my router ( by holding in the button for 30 seconds ) and lowered the number of IP's that can be given out, so that my router HAD to change the IP address to my computer. 

 

no change in status yet...although, after a lengthly virus scan, then upon OS bootup, it takes a little longer for the Error Messages to reappear again, but they still show up,






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users