Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think something's fishy


  • Please log in to reply
10 replies to this topic

#1 Nomz

Nomz

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 20 June 2014 - 12:51 AM

So my computer randomly was unable to wirelessly connect to either of my wireless routers for about a day or so. After about half a day of trying to figure out the problem in safe mode, the issue went away. So I updated my Malewarebytes Anti-Maleware and deleted a few bugs, but now I'm finding random files/apps on my start menu that I didn't download.

 

Any help would be greatly appreciated.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.55.2
Run by Nomz at 1:31:51 on 2014-06-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3948.1643 [GMT -4:00]
.
AV: Bitdefender Antivirus Free Edition *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antivirus Free Edition *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\pcmax\pcmax.exe
C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\PC Speed Maximizer\SPMSmartScan.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
C:\Users\Nomz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nomz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nomz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nomz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nomz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nomz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nomz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nomz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nomz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nomz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nomz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Bitdefender\Antivirus Free Edition\update.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://acer.msn.com
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Nomz\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Facebook Update] "C:\Users\Nomz\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s
uRun: [pcreg] C:\Program Files\pcmax\service.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [pcreg] C:\Program Files\pcmax\service.exe
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{AEE8ECEE-59C4-4B30-AB4A-C1B81994B988} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{AEE8ECEE-59C4-4B30-AB4A-C1B81994B988}\2454C4B494E4 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{AEE8ECEE-59C4-4B30-AB4A-C1B81994B988}\2484E402E45677023547576666 : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{AEE8ECEE-59C4-4B30-AB4A-C1B81994B988}\2656C6B696E6E2135356 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{AEE8ECEE-59C4-4B30-AB4A-C1B81994B988}\3334753515 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{AEE8ECEE-59C4-4B30-AB4A-C1B81994B988}\348696F5058696 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{AEE8ECEE-59C4-4B30-AB4A-C1B81994B988}\74C6F62616C6355796475675962756C6563737 : DHCPNameServer = 4.2.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [pcreg] C:\Program Files\pcmax\service.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nomz\AppData\Roaming\Mozilla\Firefox\Profiles\jtalmsl1.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Nomz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Nomz\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2014-6-20 718840]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [2014-6-20 121928]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2010-12-7 22912]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2010-12-7 20328]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2010-12-7 62584]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-12-10 311376]
R2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-27 172912]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-12-7 868224]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 gzserv;Bitdefender Antivirus Free Edition;C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [2014-6-20 69368]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-7 13336]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-4-23 255376]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2010-11-11 257344]
R2 pcmaxservice;pcmaxservice Service;C:\Program Files\pcmax\pcmax.exe [2014-5-29 241344]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-8-27 93072]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-4 2656280]
R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2014-6-20 593144]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2010-12-11 67112]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2010-12-11 19496]
R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2010-12-15 35368]
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2010-12-12 85544]
R3 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2014-6-20 148696]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-1-6 317440]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-12-2 411688]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\System32\drivers\ManyCam_x64.sys [2008-3-13 27136]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-9-30 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-9-30 180736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-10 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-28 19456]
S3 RzSynapse;Razer Driver;C:\Windows\System32\drivers\RzSynapse.sys [2011-3-31 126464]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-25 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-7 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-20 04:57:54 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-20 04:57:52 128728 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-20 04:57:23 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-20 04:35:11 261056 ----a-w- C:\Windows\System32\drivers\avchv.sys
2014-06-20 04:31:35 206432 ----a-w- C:\ProgramData\1403238490.bdinstall.bin
2014-06-20 04:31:09 261056 ----a-w- C:\Windows\System32\drivers\SET8BAB.tmp
2014-06-20 04:31:08 718840 ----a-w- C:\Windows\System32\drivers\avc3.sys
2014-06-20 04:31:08 593144 ----a-w- C:\Windows\System32\drivers\avckf.sys
2014-06-20 04:28:29 -------- d-----w- C:\Program Files\Bitdefender
2014-06-20 04:28:23 148696 ----a-w- C:\Windows\System32\drivers\gzflt.sys
2014-06-20 04:28:22 382536 ----a-w- C:\Windows\System32\drivers\trufos.sys
2014-06-20 04:26:53 43726 ----a-w- C:\ProgramData\1403238395.bdinstall.bin
2014-06-20 04:25:31 44039 ----a-w- C:\ProgramData\1403238319.bdinstall.bin
2014-06-20 04:24:15 44171 ----a-w- C:\ProgramData\1403238222.bdinstall.bin
2014-06-20 04:23:42 -------- d-----w- C:\Users\Nomz\AppData\Roaming\QuickScan
2014-06-20 04:02:22 -------- d-----w- C:\Program Files (x86)\Bench
2014-06-20 04:02:01 -------- d-----w- C:\Users\Nomz\AppData\Local\Browser Guardian
2014-06-11 18:09:20 965232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuuc52.dll
2014-06-11 18:09:20 1266800 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuin52.dll
2014-06-11 18:09:20 10594416 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icudt52.dll
2014-06-11 03:20:35 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-06-11 03:19:59 359936 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2014-06-11 03:19:52 293080 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2014-06-11 03:19:51 977408 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-06-11 03:19:50 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-11 03:17:22 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-11 03:17:21 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-31 22:23:25 -------- d-----w- C:\Program Files (x86)\SearchProtect
2014-05-31 22:22:00 -------- d-----w- C:\temp
2014-05-31 08:02:48 -------- d-----w- C:\Users\Nomz\.android
2014-05-31 07:52:45 -------- d-----w- C:\Users\Nomz\.VirtualBox
2014-05-31 07:52:44 -------- d-----w- C:\Users\Nomz\AppData\Local\Genymobile
2014-05-31 07:51:36 237840 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2014-05-31 07:50:57 120080 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2014-05-31 07:50:50 -------- d-----w- C:\Program Files\Oracle
2014-05-31 06:39:09 -------- d-----w- C:\Users\Nomz\AppData\Roaming\PC Speed Maximizer
2014-05-31 06:34:00 -------- d-----w- C:\Program Files\pcmax
2014-05-31 06:33:56 -------- d-----w- C:\Program Files (x86)\PC Speed Maximizer
2014-05-31 06:29:58 -------- d-sh--w- C:\Users\Nomz\AppData\Local\EmieUserList
2014-05-31 06:29:58 -------- d-sh--w- C:\Users\Nomz\AppData\Local\EmieSiteList
2014-05-25 15:29:03 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M  ====================
.
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-13 22:00:28 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-13 22:00:28 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-08 09:32:11 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-05-08 09:32:11 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-04-15 06:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-05 02:47:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-03-26 14:44:48 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-03-26 14:44:48 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-03-26 14:27:50 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-03-26 14:27:50 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
.
============= FINISH:  1:33:35.69 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:35 PM

Posted 24 June 2014 - 08:53 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
To attach a file select the "More Reply Option" and follow the instructions.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 Nomz

Nomz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 25 June 2014 - 11:35 AM

I reinstalled Malwarebytes Anti-Malware to my system and am unable to update it. I get a window from Microsoft Visual C++ Runtime Library and it says 'Runtime Error'

 

"This application has requested the Runtime to terminate it in an unusual way. Please contact the application's support team for more information. "

 

The file path is C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

 

I have even tried running it through the chameleon tool that comes with the download and seem to get the error I attached as a .png on this message.

 

I was able to download and run adwcleaner. Here are the results for that. # AdwCleaner v3.213 - Report created 25/06/2014 at 11:09:08

# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Nomz - Nomz - PC
# Running from : C:\Users\Nomz\Downloads\adwcleaner_3.213.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\jZip
Folder Deleted : C:\Program Files (x86)\PC Speed Maximizer
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\uTorrentBar
Folder Deleted : C:\Users\Nomz~1\AppData\Local\Temp\jZip
Folder Deleted : C:\Users\Public\Documents\iWin
Folder Deleted : C:\Users\Nomz\AppData\Local\Conduit
Folder Deleted : C:\Users\Nomz\AppData\Local\jZip
Folder Deleted : C:\Users\Nomz\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Nomz\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Nomz\AppData\LocalLow\jZip
Folder Deleted : C:\Users\Nomz\AppData\LocalLow\uTorrentBar
Folder Deleted : C:\Users\Nomz\AppData\Roaming\PC Speed Maximizer
Folder Deleted : C:\Users\Nomz\Documents\PC Speed Maximizer
File Deleted : C:\Users\Nomz\AppData\Roaming\Mozilla\Firefox\Profiles\jtalmsl1.default\Extensions\OneClickDownload@OneClickDownload.com.xpi
File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp
File Deleted : C:\Windows\System32\Tasks\PC Speed Maximizer Schedule
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\jZip.file
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0C3F82A-234D-445C-A5DF-B1669078B10D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB8C8DA1-17EA-4044-A0B1-DF419BBCA5C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52997CBA-B7E2-44D0-98D5-C5A1D67F19DD}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\pc speed maximizer
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Deleted : HKLM\Software\Bench
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\jZip
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\uTorrentBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jZip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Speed Maximizer_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine 
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Mozilla Firefox v29.0.1 (en-US)
 
[ File : C:\Users\Nomz\AppData\Roaming\Mozilla\Firefox\Profiles\jtalmsl1.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Nomz\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : bejbohlohkkgompgecdcbbglkpjfjgdj
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : pmlghpafmmnmmkjdhacccolfgnkiboco
 
*************************
 
AdwCleaner[R0].txt - [6363 octets] - [25/06/2014 02:05:47]
AdwCleaner[R1].txt - [6277 octets] - [25/06/2014 11:02:28]
AdwCleaner[S0].txt - [5960 octets] - [25/06/2014 11:09:08]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6020 octets] ##########
 
The FRST64.exe run.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2014
Ran by Nomz (administrator) on Nomz-PC on 25-06-2014 12:22:40
Running from C:\Users\Nomz\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Pharos Systems International) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Users\Nomz\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Nomz\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Nomz\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Nomz\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Nomz\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Nomz\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Nomz\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Nomz\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\hh.exe
(Google Inc.) C:\Users\Nomz\AppData\Local\Google\Chrome\Application\chrome.exe
(MalwareBytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\firefox.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11725928 2010-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2010-12-10] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2010-10-29] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296768 2010-11-11] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1025616 2010-12-09] (Dritek System Inc.)
HKLM-x32\...\Run: [Razer Naga Driver] => C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe [953232 2011-04-12] (Razer USA Ltd)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-4015364815-4253602215-15868191-1001\...\Run: [Google Update] => C:\Users\Nomz\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-06-06] (Google Inc.)
HKU\S-1-5-21-4015364815-4253602215-15868191-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-4015364815-4253602215-15868191-1001\...\Run: [Facebook Update] => C:\Users\Nomz\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-4015364815-4253602215-15868191-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-4015364815-4253602215-15868191-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\S-1-5-21-4015364815-4253602215-15868191-1001\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()
HKU\S-1-5-21-4015364815-4253602215-15868191-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-4015364815-4253602215-15868191-1001\...\MountPoints2: {7a6203a5-9014-11e0-8221-1c7508da3953} - E:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Nomz\AppData\Roaming\Mozilla\Firefox\Profiles\jtalmsl1.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Nomz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Nomz\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Nomz\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-06-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-06-11]
FF HKCU\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12171.xpi
 
Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Nomz\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Nomz\AppData\Local\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Nomz\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Nomz\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\Nomz\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Nomz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Users\Nomz\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nomz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Stats Checker for Google Analytics™) - C:\Users\Nomz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhhijgglehlaflknjkgjbhbjhbfgnpjm [2013-10-11]
CHR Extension: (Adblock Plus) - C:\Users\Nomz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-18]
CHR Extension: (AdBlock) - C:\Users\Nomz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-25]
CHR Extension: (Fat Cat Workout - 7 minute) - C:\Users\Nomz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkllacgldnpbfigpdekbjppdfifidbj [2014-04-30]
CHR Extension: (IP Address and Domain Information) - C:\Users\Nomz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhgkegeccnckoiliokondpaaalbhafoa [2013-10-10]
CHR Extension: (Into The Mist) - C:\Users\Nomz\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh [2013-03-04]
CHR Extension: (Google Wallet) - C:\Users\Nomz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR StartMenuInternet: Google Chrome - C:\Users\Nomz\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2010-11-11] (NTI Corporation)
R2 Pharos Systems ComTaskMaster; C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe [339456 2012-06-14] (Pharos Systems International) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [126464 2011-03-31] (Razer USA Ltd)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S1 MpKsl5aedc6de; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4CF3249E-00A1-4690-A4F4-823764D10193}\MpKsl5aedc6de.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-25 12:22 - 2014-06-25 12:23 - 00023013 _____ () C:\Users\Nomz\Downloads\FRST.txt
2014-06-25 12:21 - 2014-06-25 12:22 - 00000000 ____D () C:\Users\Nomz\Desktop\Bug Stuff
2014-06-25 12:21 - 2014-06-25 12:22 - 00000000 ____D () C:\FRST
2014-06-25 11:23 - 2014-06-25 12:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-25 11:23 - 2014-06-25 12:14 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-25 11:23 - 2014-06-25 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-25 11:23 - 2014-06-25 11:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-25 11:23 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-25 11:23 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-25 11:21 - 2014-06-25 11:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nomz\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-25 02:06 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-25 01:33 - 2014-06-25 11:09 - 00000000 ____D () C:\AdwCleaner
2014-06-25 01:31 - 2014-06-25 01:31 - 01342659 _____ () C:\Users\Nomz\Downloads\adwcleaner_3.213.exe
2014-06-25 01:28 - 2014-06-25 01:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nomz\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-23 20:43 - 2014-06-23 20:43 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4015364815-4253602215-15868191-1001Core1cf8f4549ef1d32.job
2014-06-20 01:33 - 2014-06-20 01:46 - 00024256 _____ () C:\Users\Nomz\Desktop\dds.txt
2014-06-20 01:33 - 2014-06-20 01:33 - 00016516 _____ () C:\Users\Nomz\Desktop\attach.txt
2014-06-20 01:31 - 2014-06-20 01:31 - 00688992 ____R (Swearware) C:\Users\Nomz\Downloads\dds.com
2014-06-20 00:57 - 2014-06-20 13:32 - 00000000 ____D () C:\Users\Nomz\Desktop\mbar
2014-06-20 00:57 - 2014-06-20 13:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-20 00:56 - 2014-06-20 00:56 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Nomz\Downloads\mbar-1.07.0.1012.exe
2014-06-20 00:31 - 2014-06-20 00:31 - 00206432 _____ () C:\ProgramData\1403238490.bdinstall.bin
2014-06-20 00:31 - 2014-06-20 00:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2014-06-20 00:31 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2014-06-20 00:31 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2014-06-20 00:31 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-06-20 00:28 - 2014-06-20 00:31 - 00000000 ____D () C:\Program Files\Bitdefender
2014-06-20 00:28 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-06-20 00:28 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2014-06-20 00:26 - 2014-06-20 00:26 - 00043726 _____ () C:\ProgramData\1403238395.bdinstall.bin
2014-06-20 00:25 - 2014-06-20 00:25 - 00044039 _____ () C:\ProgramData\1403238319.bdinstall.bin
2014-06-20 00:24 - 2014-06-20 00:24 - 00044171 _____ () C:\ProgramData\1403238222.bdinstall.bin
2014-06-20 00:23 - 2014-06-20 00:28 - 00000000 ____D () C:\Users\Nomz\AppData\Roaming\QuickScan
2014-06-20 00:23 - 2014-06-20 00:26 - 10447328 _____ () C:\Users\Nomz\Downloads\Antivirus_Free_Edition_x64.exe
2014-06-20 00:22 - 2014-06-20 00:22 - 00162208 _____ () C:\Users\Nomz\Downloads\Antivirus_Free_Edition.exe
2014-06-20 00:05 - 2014-06-20 00:13 - 00000003 _____ () C:\Users\Nomz\AppData\Local\proxy.log
2014-06-20 00:02 - 2014-06-20 00:05 - 00000000 ____D () C:\Users\Nomz\AppData\Local\Browser Guardian
2014-06-19 12:14 - 2014-06-19 12:22 - 1658096369 _____ () C:\Users\Nomz\Desktop\Things of mine.zip
2014-06-19 10:32 - 2014-06-19 10:32 - 00487960 _____ () C:\Windows\Minidump\061914-29889-01.dmp
2014-06-11 14:08 - 2014-06-11 14:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-10 23:20 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-10 23:20 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-10 23:20 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-10 23:20 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-10 23:20 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-10 23:20 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-10 23:20 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-10 23:20 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-10 23:20 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-10 23:20 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-10 23:20 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-10 23:20 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-10 23:20 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-10 23:20 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-10 23:20 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-10 23:20 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-10 23:20 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-10 23:20 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-10 23:20 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-10 23:20 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-10 23:20 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-10 23:20 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-10 23:20 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-10 23:20 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-10 23:20 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-10 23:20 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-10 23:20 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-10 23:20 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-10 23:20 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-10 23:20 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-10 23:20 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-10 23:20 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-10 23:20 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-10 23:20 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-10 23:20 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-10 23:20 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-10 23:20 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-10 23:20 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-10 23:20 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-10 23:20 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-10 23:20 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-10 23:20 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-10 23:20 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-10 23:20 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-10 23:20 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-10 23:20 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-10 23:20 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-10 23:20 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-10 23:20 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-10 23:20 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-10 23:20 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-10 23:20 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-10 23:20 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-10 23:20 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 23:20 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 23:20 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-10 23:20 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-10 23:20 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-10 23:20 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-10 23:20 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-10 23:20 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-10 23:20 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-10 23:20 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-10 23:19 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-10 23:19 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-10 23:19 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-10 23:17 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-10 23:17 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-31 18:22 - 2014-06-20 00:05 - 00000000 ____D () C:\temp
2014-05-31 04:02 - 2014-05-31 04:02 - 00000000 ____D () C:\Users\Nomz\.android
2014-05-31 03:52 - 2014-06-18 22:50 - 00000000 ____D () C:\Users\Nomz\AppData\Local\Genymobile
2014-05-31 03:52 - 2014-05-31 13:40 - 00000000 ____D () C:\Users\Nomz\.VirtualBox
2014-05-31 03:51 - 2014-06-18 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2014-05-31 03:51 - 2013-04-12 11:41 - 00237840 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-05-31 03:50 - 2014-05-31 03:50 - 00000000 ____D () C:\Program Files\Oracle
2014-05-31 03:50 - 2013-04-12 11:40 - 00120080 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-05-31 02:35 - 2014-06-25 12:23 - 00000370 _____ () C:\Windows\Tasks\CIMT_S-1-5-21-4015364815-4253602215-15868191-1001.job
2014-05-31 02:35 - 2014-05-31 02:35 - 00003294 _____ () C:\Windows\System32\Tasks\CIMT_S-1-5-21-4015364815-4253602215-15868191-1001
2014-05-31 02:34 - 2014-06-23 21:23 - 00000000 ____D () C:\Program Files\pcmax
2014-05-31 02:34 - 2014-05-31 02:34 - 00003708 _____ () C:\Windows\System32\Tasks\pcreg
2014-05-31 02:29 - 2014-05-31 02:29 - 00000000 __SHD () C:\Users\Nomz\AppData\Local\EmieUserList
2014-05-31 02:29 - 2014-05-31 02:29 - 00000000 __SHD () C:\Users\Nomz\AppData\Local\EmieSiteList
 
==================== One Month Modified Files and Folders =======
 
2014-06-25 12:23 - 2014-06-25 12:22 - 00023013 _____ () C:\Users\Nomz\Downloads\FRST.txt
2014-06-25 12:23 - 2014-05-31 02:35 - 00000370 _____ () C:\Windows\Tasks\CIMT_S-1-5-21-4015364815-4253602215-15868191-1001.job
2014-06-25 12:22 - 2014-06-25 12:21 - 00000000 ____D () C:\Users\Nomz\Desktop\Bug Stuff
2014-06-25 12:22 - 2014-06-25 12:21 - 00000000 ____D () C:\FRST
2014-06-25 12:14 - 2014-06-25 11:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-25 12:14 - 2014-06-25 11:23 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-25 12:00 - 2012-08-16 01:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-25 11:42 - 2011-06-06 12:51 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4015364815-4253602215-15868191-1001UA.job
2014-06-25 11:28 - 2011-03-04 07:52 - 01652027 _____ () C:\Windows\WindowsUpdate.log
2014-06-25 11:23 - 2014-06-25 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-25 11:23 - 2014-06-25 11:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-25 11:23 - 2012-05-08 18:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-25 11:21 - 2014-06-25 11:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nomz\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-25 11:18 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-25 11:18 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-25 11:14 - 2011-06-06 12:21 - 00000000 ____D () C:\ProgramData\clear.fi
2014-06-25 11:13 - 2011-03-04 08:23 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-06-25 11:11 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-25 11:11 - 2009-07-14 00:51 - 00287948 _____ () C:\Windows\setupact.log
2014-06-25 11:10 - 2011-03-04 07:48 - 00259546 _____ () C:\Windows\PFRO.log
2014-06-25 11:09 - 2014-06-25 01:33 - 00000000 ____D () C:\AdwCleaner
2014-06-25 11:01 - 2009-07-14 01:13 - 00794898 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-25 01:31 - 2014-06-25 01:31 - 01342659 _____ () C:\Users\Nomz\Downloads\adwcleaner_3.213.exe
2014-06-25 01:29 - 2014-06-25 01:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nomz\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-23 21:23 - 2014-05-31 02:34 - 00000000 ____D () C:\Program Files\pcmax
2014-06-23 20:43 - 2014-06-23 20:43 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4015364815-4253602215-15868191-1001Core1cf8f4549ef1d32.job
2014-06-20 13:32 - 2014-06-20 00:57 - 00000000 ____D () C:\Users\Nomz\Desktop\mbar
2014-06-20 13:32 - 2014-06-20 00:57 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-20 12:48 - 2012-01-03 17:25 - 00000948 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4015364815-4253602215-15868191-1001UA.job
2014-06-20 01:46 - 2014-06-20 01:33 - 00024256 _____ () C:\Users\Nomz\Desktop\dds.txt
2014-06-20 01:33 - 2014-06-20 01:33 - 00016516 _____ () C:\Users\Nomz\Desktop\attach.txt
2014-06-20 01:31 - 2014-06-20 01:31 - 00688992 ____R (Swearware) C:\Users\Nomz\Downloads\dds.com
2014-06-20 00:56 - 2014-06-20 00:56 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Nomz\Downloads\mbar-1.07.0.1012.exe
2014-06-20 00:31 - 2014-06-20 00:31 - 00206432 _____ () C:\ProgramData\1403238490.bdinstall.bin
2014-06-20 00:31 - 2014-06-20 00:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2014-06-20 00:31 - 2014-06-20 00:28 - 00000000 ____D () C:\Program Files\Bitdefender
2014-06-20 00:28 - 2014-06-20 00:23 - 00000000 ____D () C:\Users\Nomz\AppData\Roaming\QuickScan
2014-06-20 00:26 - 2014-06-20 00:26 - 00043726 _____ () C:\ProgramData\1403238395.bdinstall.bin
2014-06-20 00:26 - 2014-06-20 00:23 - 10447328 _____ () C:\Users\Nomz\Downloads\Antivirus_Free_Edition_x64.exe
2014-06-20 00:26 - 2011-06-06 12:22 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-06-20 00:25 - 2014-06-20 00:25 - 00044039 _____ () C:\ProgramData\1403238319.bdinstall.bin
2014-06-20 00:25 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-20 00:24 - 2014-06-20 00:24 - 00044171 _____ () C:\ProgramData\1403238222.bdinstall.bin
2014-06-20 00:22 - 2014-06-20 00:22 - 00162208 _____ () C:\Users\Nomz\Downloads\Antivirus_Free_Edition.exe
2014-06-20 00:13 - 2014-06-20 00:05 - 00000003 _____ () C:\Users\Nomz\AppData\Local\proxy.log
2014-06-20 00:05 - 2014-06-20 00:02 - 00000000 ____D () C:\Users\Nomz\AppData\Local\Browser Guardian
2014-06-20 00:05 - 2014-05-31 18:22 - 00000000 ____D () C:\temp
2014-06-19 18:48 - 2012-01-03 17:25 - 00000926 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4015364815-4253602215-15868191-1001Core.job
2014-06-19 14:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-19 12:22 - 2014-06-19 12:14 - 1658096369 _____ () C:\Users\Nomz\Desktop\Things of mine.zip
2014-06-19 12:13 - 2014-04-04 10:15 - 00000000 ____D () C:\Users\Nomz\Desktop\Video Game Things
2014-06-19 12:00 - 2012-09-01 11:36 - 00000000 ____D () C:\Users\Nomz\Desktop\Random Photos
2014-06-19 10:32 - 2014-06-19 10:32 - 00487960 _____ () C:\Windows\Minidump\061914-29889-01.dmp
2014-06-19 10:32 - 2012-07-10 00:25 - 458112799 _____ () C:\Windows\MEMORY.DMP
2014-06-19 10:32 - 2012-07-10 00:25 - 00000000 ____D () C:\Windows\Minidump
2014-06-18 23:37 - 2014-05-31 03:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2014-06-18 22:50 - 2014-05-31 03:52 - 00000000 ____D () C:\Users\Nomz\AppData\Local\Genymobile
2014-06-16 23:16 - 2012-12-28 12:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-16 13:08 - 2014-04-07 13:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-06-16 12:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-06-15 00:01 - 2014-05-21 14:27 - 00000000 ____D () C:\Users\Nomz\Desktop\Wallpapers
2014-06-11 14:09 - 2014-06-11 14:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-11 02:03 - 2013-08-14 01:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 02:01 - 2011-06-08 12:39 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 02:00 - 2011-06-06 12:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-11 01:58 - 2014-04-29 19:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-08 17:20 - 2011-09-21 02:41 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-06-08 05:13 - 2014-06-10 23:17 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 05:08 - 2014-06-10 23:17 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-05 10:53 - 2014-04-06 18:13 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-31 13:40 - 2014-05-31 03:52 - 00000000 ____D () C:\Users\Nomz\.VirtualBox
2014-05-31 04:02 - 2014-05-31 04:02 - 00000000 ____D () C:\Users\Nomz\.android
2014-05-31 04:02 - 2011-06-06 12:14 - 00000000 ____D () C:\Users\Nomz
2014-05-31 03:50 - 2014-05-31 03:50 - 00000000 ____D () C:\Program Files\Oracle
2014-05-31 02:35 - 2014-05-31 02:35 - 00003294 _____ () C:\Windows\System32\Tasks\CIMT_S-1-5-21-4015364815-4253602215-15868191-1001
2014-05-31 02:34 - 2014-05-31 02:34 - 00003708 _____ () C:\Windows\System32\Tasks\pcreg
2014-05-31 02:29 - 2014-05-31 02:29 - 00000000 __SHD () C:\Users\Nomz\AppData\Local\EmieUserList
2014-05-31 02:29 - 2014-05-31 02:29 - 00000000 __SHD () C:\Users\Nomz\AppData\Local\EmieSiteList
2014-05-30 06:21 - 2014-06-10 23:19 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 06:02 - 2014-06-10 23:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 06:02 - 2014-06-10 23:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 05:45 - 2014-06-10 23:20 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 05:39 - 2014-06-10 23:20 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 05:39 - 2014-06-10 23:20 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 05:38 - 2014-06-10 23:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 05:28 - 2014-06-10 23:20 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 05:27 - 2014-06-10 23:20 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 05:24 - 2014-06-10 23:20 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 05:21 - 2014-06-10 23:20 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 05:21 - 2014-06-10 23:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 05:20 - 2014-06-10 23:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 05:18 - 2014-06-10 23:20 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 05:11 - 2014-06-10 23:19 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 05:08 - 2014-06-10 23:20 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 05:06 - 2014-06-10 23:20 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 05:02 - 2014-06-10 23:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 04:55 - 2014-06-10 23:20 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 04:49 - 2014-06-10 23:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 04:46 - 2014-06-10 23:20 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 04:44 - 2014-06-10 23:20 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 04:44 - 2014-06-10 23:20 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 04:43 - 2014-06-10 23:20 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 04:42 - 2014-06-10 23:20 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 04:38 - 2014-06-10 23:20 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 04:35 - 2014-06-10 23:20 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 04:34 - 2014-06-10 23:20 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 04:33 - 2014-06-10 23:20 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 04:30 - 2014-06-10 23:20 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 04:29 - 2014-06-10 23:20 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 04:28 - 2014-06-10 23:20 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 04:27 - 2014-06-10 23:20 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 04:24 - 2014-06-10 23:20 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 04:23 - 2014-06-10 23:20 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 04:16 - 2014-06-10 23:20 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 04:10 - 2014-06-10 23:20 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 04:06 - 2014-06-10 23:20 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 04:04 - 2014-06-10 23:20 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 04:02 - 2014-06-10 23:20 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 03:56 - 2014-06-10 23:20 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 03:56 - 2014-06-10 23:20 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 03:54 - 2014-06-10 23:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 03:50 - 2014-06-10 23:20 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 03:49 - 2014-06-10 23:20 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 03:43 - 2014-06-10 23:20 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 03:40 - 2014-06-10 23:20 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 03:30 - 2014-06-10 23:20 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 03:21 - 2014-06-10 23:20 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 03:15 - 2014-06-10 23:20 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 03:13 - 2014-06-10 23:20 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 03:13 - 2014-06-10 23:20 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
 
Some content of TEMP:
====================
C:\Users\Nomz\AppData\Local\Temp\1ED9.exe
C:\Users\Nomz\AppData\Local\Temp\3F32.exe
C:\Users\Nomz\AppData\Local\Temp\AskSLib.dll
C:\Users\Nomz\AppData\Local\Temp\COMAP.EXE
C:\Users\Nomz\AppData\Local\Temp\file_to_run55112.exe
C:\Users\Nomz\AppData\Local\Temp\file_to_run55563.exe
C:\Users\Nomz\AppData\Local\Temp\installhelper.dll
C:\Users\Nomz\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Nomz\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Nomz\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Nomz\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Nomz\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Nomz\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Nomz\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Nomz\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Nomz\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Nomz\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Nomz\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Nomz\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Nomz\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Nomz\AppData\Local\Temp\MSNFCA8.exe
C:\Users\Nomz\AppData\Local\Temp\nsu1043.tmp.exe
C:\Users\Nomz\AppData\Local\Temp\p25cli.exe
C:\Users\Nomz\AppData\Local\Temp\SetupDataMngr_jZip.exe
C:\Users\Nomz\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Nomz\AppData\Local\Temp\speedmax_28867.exe
C:\Users\Nomz\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Nomz\AppData\Local\Temp\SRLDetectionLibrary5149651630296634494.dll
C:\Users\Nomz\AppData\Local\Temp\updater_159962.exe
C:\Users\Nomz\AppData\Local\Temp\wmpfirefoxplugin.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-18 09:56
 
==================== End Of Log ============================
 
And attached as you requested is the Addition.txt from the FRST64.exe run.
 
Malwarebytes still will not update and gives me the same error inside Chameleon and outside of it after running FRST and AdwCleaner.
 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:35 PM

Posted 25 June 2014 - 01:29 PM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

HKLM\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()
HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()
HKU\S-1-5-21-4015364815-4253602215-15868191-1001\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF HKCU\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12171.xpi
CHR Plugin: (Google Update) - C:\Users\Nomz\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
S1 MpKsl5aedc6de; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4CF3249E-00A1-4690-A4F4-823764D10193}\MpKsl5aedc6de.sys [X]
C:\Users\Nomz\AppData\Local\Temp\1ED9.exe
C:\Users\Nomz\AppData\Local\Temp\3F32.exe
C:\Users\Nomz\AppData\Local\Temp\AskSLib.dll
C:\Users\Nomz\AppData\Local\Temp\COMAP.EXE
C:\Users\Nomz\AppData\Local\Temp\file_to_run55112.exe
C:\Users\Nomz\AppData\Local\Temp\file_to_run55563.exe
C:\Users\Nomz\AppData\Local\Temp\installhelper.dll
C:\Users\Nomz\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Nomz\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Nomz\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Nomz\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Nomz\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Nomz\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Nomz\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Nomz\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Nomz\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Nomz\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Nomz\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Nomz\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Nomz\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Nomz\AppData\Local\Temp\MSNFCA8.exe
C:\Users\Nomz\AppData\Local\Temp\nsu1043.tmp.exe
C:\Users\Nomz\AppData\Local\Temp\p25cli.exe
C:\Users\Nomz\AppData\Local\Temp\SetupDataMngr_jZip.exe
C:\Users\Nomz\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Nomz\AppData\Local\Temp\speedmax_28867.exe
C:\Users\Nomz\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Nomz\AppData\Local\Temp\SRLDetectionLibrary5149651630296634494.dll
C:\Users\Nomz\AppData\Local\Temp\updater_159962.exe
C:\Users\Nomz\AppData\Local\Temp\wmpfirefoxplugin.exe
Task: {0BEC4A84-EDA4-42AC-BA70-CECC7064F1D3} - System32\Tasks\pcreg => C:\Program Files\pcmax\service.exe [2014-05-29] () <==== ATTENTION
Task: {97E0F36E-B6FE-442A-BEB0-062E97BDF31F} - \PC Speed Maximizer Schedule No Task File <==== ATTENTION
AlternateDataStreams: C:\Users\Zack Riggs\Desktop\mbam-setup-2.0.2.1012.exe:BDU
AlternateDataStreams: C:\Users\Zack Riggs\Downloads\adwcleaner_3.213.exe:BDU
AlternateDataStreams: C:\Users\Zack Riggs\Downloads\mbam-setup-2.0.2.1012.exe:BDU

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

Download and install this Microsoft Visual C++ library.
Microsoft Visual C++ 2010 Redistributable Package
http://www.microsoft.com/en-ca/download/details.aspx?id=5555

When installed restart the computer normally and see if you can update MBAM.

#5 Nomz

Nomz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 25 June 2014 - 02:17 PM

The fixlog that came up was the following. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-06-2014

Ran by Zack Riggs at 2014-06-25 14:42:10 Run:1
Running from C:\Users\Zack Riggs\Desktop\Bug Stuff
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
HKLM\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()
HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()
HKU\S-1-5-21-4015364815-4253602215-15868191-1001\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF HKCU\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12171.xpi
CHR Plugin: (Google Update) - C:\Users\ZackRiggs\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
S1 MpKsl5aedc6de; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4CF3249E-00A1-4690-A4F4-823764D10193}\MpKsl5aedc6de.sys [X]
C:\Users\ZackRiggs\AppData\Local\Temp\1ED9.exe
C:\Users\ZackRiggs\AppData\Local\Temp\3F32.exe
C:\Users\ZackRiggs\AppData\Local\Temp\AskSLib.dll
C:\Users\ZackRiggs\AppData\Local\Temp\COMAP.EXE
C:\Users\ZackRiggs\AppData\Local\Temp\file_to_run55112.exe
C:\Users\ZackRiggs\AppData\Local\Temp\file_to_run55563.exe
C:\Users\ZackRiggs\AppData\Local\Temp\installhelper.dll
C:\Users\ZackRiggs\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\ZackRiggs\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\ZackRiggs\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\ZackRiggs\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\ZackRiggs\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\ZackRiggs\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\ZackRiggs\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\ZackRiggs\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\ZackRiggs\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\ZackRiggs\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\ZackRiggs\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\ZackRiggs\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\ZackRiggs\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\ZackRiggs\AppData\Local\Temp\MSNFCA8.exe
C:\Users\ZackRiggs\AppData\Local\Temp\nsu1043.tmp.exe
C:\Users\ZackRiggs\AppData\Local\Temp\p25cli.exe
C:\Users\ZackRiggs\AppData\Local\Temp\SetupDataMngr_jZip.exe
C:\Users\ZackRiggs\AppData\Local\Temp\SkypeSetup.exe
C:\Users\ZackRiggs\AppData\Local\Temp\speedmax_28867.exe
C:\Users\ZackRiggs\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\ZackRiggs\AppData\Local\Temp\SRLDetectionLibrary5149651630296634494.dll
C:\Users\ZackRiggs\AppData\Local\Temp\updater_159962.exe
C:\Users\ZackRiggs\AppData\Local\Temp\wmpfirefoxplugin.exe
Task: {0BEC4A84-EDA4-42AC-BA70-CECC7064F1D3} - System32\Tasks\pcreg => C:\Program Files\pcmax\service.exe [2014-05-29] () <==== ATTENTION
Task: {97E0F36E-B6FE-442A-BEB0-062E97BDF31F} - \PC Speed Maximizer Schedule No Task File <==== ATTENTION
AlternateDataStreams: C:\Users\Zack Riggs\Desktop\mbam-setup-2.0.2.1012.exe:BDU
AlternateDataStreams: C:\Users\Zack Riggs\Downloads\adwcleaner_3.213.exe:BDU
AlternateDataStreams: C:\Users\Zack Riggs\Downloads\mbam-setup-2.0.2.1012.exe:BDU
 
End
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\pcreg => value deleted successfully.
HKU\S-1-5-21-4015364815-4253602215-15868191-1001\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg => value deleted successfully.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File'=> Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File'=> Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
HKCU\Software\Mozilla\Firefox\Extensions\\ConsumerInput@Compete => value deleted successfully.
C:\Users\ZackRiggs\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll not found.
MpKsl5aedc6de => Service deleted successfully.
"C:\Users\ZackRiggs\AppData\Local\Temp\1ED9.exe" => File/Directory not found.
"C:\Users\ZackRiggs\AppData\Local\Temp\3F32.exe" => File/Directory not found.
"C:\Users\ZackRiggs\AppData\Local\Temp\AskSLib.dll" => File/Directory not found.
"C:\Users\ZackRiggs\AppData\Local\Temp\COMAP.EXE" => File/Directory not found.
"C:\Users\ZackRiggs\AppData\Local\Temp\file_to_run55112.exe" => File/Directory not found.
"C:\Users\ZackRiggs\AppData\Local\Temp\file_to_run55563.exe" => File/Directory not found.
"C:\Users\ZackRiggs\AppData\Local\Temp\installhelper.dll" => File/Directory not found.
"C:\Users\ZackRiggs\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe" => File/Directory not found.
"C:\Users\ZackRiggs\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe" => File/Directory not found.
"C:\Users\ZackRiggs\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\ZackRiggs\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\ZackRiggs\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\ZackRiggs\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\ZackRiggs\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\ZackRiggs\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\ZackRiggs\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\ZackRiggs\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\ZackRiggs\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\ZackRiggs\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\ZackRiggs\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\ZackRiggs\AppData\Local\Temp\MSNFCA8.exe" => File/Directory not found.
"C:\Users\ZackRiggs\AppData\Local\Temp\nsu1043.tmp.exe" => File/Directory not found.
"C:\Users\ZackRiggs\AppData\Local\Temp\p25cli.exe" => File/Directory not found.
"C:\Users\ZackRiggs\AppData\Local\Temp\SetupDataMngr_jZip.exe" => File/Directory not found.
"C:\Users\ZackRiggs\AppData\Local\Temp\SkypeSetup.exe" => File/Directory not found.
"C:\Users\ZackRiggs\AppData\Local\Temp\speedmax_28867.exe" => File/Directory not found.
"C:\Users\ZackRiggs\AppData\Local\Temp\SRAssetsHelper.dll" => File/Directory not found.
"C:\Users\ZackRiggs\AppData\Local\Temp\SRLDetectionLibrary5149651630296634494.dll" => File/Directory not found.
"C:\Users\ZackRiggs\AppData\Local\Temp\updater_159962.exe" => File/Directory not found.
"C:\Users\ZackRiggs\AppData\Local\Temp\wmpfirefoxplugin.exe" => File/Directory not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0BEC4A84-EDA4-42AC-BA70-CECC7064F1D3}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BEC4A84-EDA4-42AC-BA70-CECC7064F1D3}' => Key deleted successfully.
C:\Windows\System32\Tasks\pcreg => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{97E0F36E-B6FE-442A-BEB0-062E97BDF31F}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97E0F36E-B6FE-442A-BEB0-062E97BDF31F}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Speed Maximizer Schedule' => Key deleted successfully.
C:\Users\Zack Riggs\Desktop\mbam-setup-2.0.2.1012.exe => ":BDU" ADS removed successfully.
C:\Users\Zack Riggs\Downloads\adwcleaner_3.213.exe => ":BDU" ADS removed successfully.
C:\Users\Zack Riggs\Downloads\mbam-setup-2.0.2.1012.exe => ":BDU" ADS removed successfully.
 
==== End of Fixlog ====
 
SecurityCheck.exe
 

 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Bitdefender Antivirus Free Edition   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 55  
 Java version out of Date! 
  Adobe Flash Player 13.0.0.214 Flash Player out of Date!  
 Adobe Reader 10.1.10 Adobe Reader out of Date!  
 Mozilla Firefox 29.0.1 Firefox out of Date!  
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Bitdefender Antivirus Free Edition gzserv.exe  
 Bitdefender Antivirus Free Edition gziface.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 
 
When I tried updating MBAM after installing the C++ package, it just freezes on me and when I run it in chameleon mode it now says 'Failed to copy the master.conf file on Chameleon #1. #2 said 'Failed to determine update state - press a key when the update is complete.'
#3 said 'Failed to start MBAM'
#4 Failed to start as well, the MBAM-Killer stopped on 1743: C:\WINDOWS\SYSWOW64\DEVOBJ.DLL
#5 Failed to start, MBAM-Killer stopped on 1743: C:\WINDOWS\SYSWOW64\CFGMGR32.DLL this time, each time it stops on a different file name as well.
#6 went back to 'Failed to determine update state- press a key when the update is complete.' MBAM-Killer stopped on 1750: C:\WINDOWS\SYSTEM32\TASKHOST.EXE Then after scan is completed it says MBAM has terminated - unableto start the scan. Press any key to continue. 
#7 'Failed to determine update...' MBAM-Killer stopped on 1764: C;\WINDOWS\SYSWOW64\DEVOBJ.DLL again. After the scan completed it says MBAM has terminated - unable to start the scan.
#8 Same as result 7, stopped on the same file name and number as well.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:35 PM

Posted 26 June 2014 - 07:06 AM

Download the Malwarebytes' removal Tool from the link below and run it. This will uninstall MBAM.
http://www.malwarebytes.org/mbam-clean.exe

Restart the computer normally and re-install the application.

How is it now?

#7 Nomz

Nomz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 26 June 2014 - 11:35 PM

After uninstalling and reinstalling MBAM, I still am unable to scan or update it. Each time it freezes on me.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:35 PM

Posted 27 June 2014 - 07:43 AM

Lets try this.

rename the mbam.exe file in the MBAM folder to

iexplorer.exe

Run it can you now run/update it?

#9 Nomz

Nomz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 27 June 2014 - 11:17 PM

It opens but crashes whenever I try to update it or run a scan of any type. It does that before renaming the .exe as well.

 

 

I just tried to download MBAM through a chameleon link and still get the same results.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:35 PM

Posted 28 June 2014 - 06:40 AM

Time to get help from the Malwarebytes forum.
I'm out of ideas.

https://forums.malwarebytes.org/

#11 Nomz

Nomz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 29 June 2014 - 12:02 AM

Well, I appreciate you trying to help me out!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users