Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32hiddenstart and PackageAdware will not leave me alone


  • This topic is locked This topic is locked
58 replies to this topic

#1 Momadice

Momadice

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ontario, Canada
  • Local time:10:31 AM

Posted 14 September 2014 - 08:13 AM

Is the second floor balcony too low for what I want to . . . . .

 

What I have done:

 

1) Reformatted my entire hard drive, all partitions, five times over the last several months.  Gone baby gone formatting. I have a genuine Win 7 CD and Key.

 

2) I try and follow the links on this site for the safe URL of various programs such as Anti malware and Firefox.

 

3) Maintain different Standard Accounts on my Win 7 system, and only use the Admin one when necessary. All have passwords.

 

4) I have not installed many programs, because I can't get this computer stable enough and quite frankly it is a pain in the (____) as I have to reset all my user preferences again etc. and I am just too (__ss__) off.

 

Obvious problems in the last two days include:

 

1)  The first symptom is Internet Explorer asking me to install EI11.  This is consistent.

 

2)  Adware has quarantined and removed "PackageAdware" twice now and it still comes back.  When I start Firefox the browser goes wild in the bottom left hand corner and is copying, transferring, connecting to a myriad of other sites.

 

3)  As of yesterday 13 September 2014 Eset was run three times in a row.  The first time it caught 2 PUP; both win32hiddenstart in different corners of my PC.  I selected remove threats.  I ran it a second time to ensure it didn't discover any more looming PUP, only to have it discover four PUP this time!  Again I had selected the remove threats option.  So. . .  I ran it a third time and this time it discovered six PUP's!  What is happening here?  I am truly lost at figuring out how to eliminate and prevent further issues.

 

4)  Another obvious symptom is Firefox taking an excessively long time to load sites, and resisting my attempt to log onto or even get to the BleepingComputer.com site.

 

5)  This AM I had to use EI to get to Bleeping after trying Firefox first.  Of course all the adwarepackage (__________) was going wild again.

 

6)  Changes I have made to my computer consist of reloading Family Tree Maker 2014, downloading the drivers for my printer Cannon MX452, Updating Microsoft Security Essentials (which has not caught a thing), installing Microsoft Office from my disc.

 

7)  I use one flash drive for schoolwork, my Memo Tablet, and I haven't installed my iPhone anything yet as it is a (____) to keep reinstalling.

 

8)  I want to use Malwarebytes, but I have no idea if I am getting a genuine download and the screen shots of what it looks like on this site do not match what I have on my screen, so I won't use it until I know I have a genuine download.  I do not know how I will know that.

 

I have the logs saved of the various reports generated and will not post them to this site until I have a genuine, qualified, cyber savvy expert to help me.  How do I know this?  Am I feeling a little paranoid?  Yes, with good reasons.  Is anyone willing to help me beat the (_______) out of these problems?



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,743 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:31 AM

Posted 19 September 2014 - 08:15 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/548237 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,743 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:31 AM

Posted 24 September 2014 - 08:20 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#4 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:10:31 PM

Posted 16 October 2014 - 02:30 AM

Hello Momadice and welcome to BleepingComputer!        :)

 

My name is Sirawit and I'm here to help you.

 

Please note that I'm currently in training and my fixes need to be check for approval first, that may delay our fix a bit, but I will normally reply back in 24 hours.

 

If I don't reply after 2 days, feel free to PM me.        :)

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================


Farbar Recovery Scan Tool (FRST)

  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop.
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should.
  • Double click the icon.
  • Click Yes to the disclaimer.
  • Make sure the Addition.txt box is checked.
  • Click Scan and allow the program to run.
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen.
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#5 Momadice

Momadice
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ontario, Canada
  • Local time:10:31 AM

Posted 18 October 2014 - 02:18 PM

Hello, and thank you.  I went to the top of the page and looked for the follow this topic, the button reads unfollow so I must have already used that option.



#6 Momadice

Momadice
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ontario, Canada
  • Local time:10:31 AM

Posted 18 October 2014 - 02:32 PM

4:58am

To log on my pc...

I am using the standard user login with password on my win7 operating system. I have an admin one with password too.

Using Firefox I went to bleeping computer

I signed into bleeping this morning and it did not take me to a sign in page that doesn't work.  I often get messages that say my username and or password is incorrect, and even when I use the forget password function it keeps presenting a warning that my username or email is invalid.  I experienced this problem yesterday trying to sign into bleeping and managed to sign in when I typed in the website using the full URL of http    ://www   dot bleepingcomoputer dot com Yesterday I thought I would try adware from your download page as I have used this before, and when I would click on the download button I would get a different bleeping page that didn't have downloads on it at all. I would click the browsers back button and do a control + click and it still was not at the download page.  I did finally manage to get a download, however for the purpose of this diary I cannot remember how I did that.  I am keeping this diary until I hear from bleeping again and have my topic reopened.

In the bottom left-hand corner of my screen, right above my taskbar I often find several sending, retrieving functions happening. They run so fast that I barely can see the names, however some names have been double click, analytics, and much more.  I do not know how to capture that information.

This morning I looked in 'my content' of the forum and decided to run the info you had posted for me before it was abandoned. I realized my post was abandoned, which I expected to happen, and I was okay with that as it take some time for you to respond as you were busy and decided to give emsisoft a try after reading a blurb on bleeping's blog about them.  Emisisft did catch two Trojans a couple days ago.

I have been working on my family tree and often use ancestry.ca and familysearch.org.  I am very familiar with these websites ass I have been using them for many years. So if something is out of whack I notice immediately.  Both these websites give me username and password errors a lot and in particular ancestry.ca takes me to a sign in page straight away that I do not recognize.  This is while having both Microsoft security essentials and emisoft running.  It is the same with my internet provider, although the page looks the same, I get a warning that my username and or password are incorrect.

This am 10th October 2014 I went to bleeping and tried to download the DDS.com using the CNTRL+click method and I was brought to this screen: 

I will play around a bit with full URL and see if I can get to the download page.  From here on forward I will try to log my actions.

    1)  On the bleeping page with Firefox.
    2)  Right clicked the hyperlink for DDS.com and ended up at this URL: 
    3)  Left clicked the button; Firefox is giving a warning of a redirect and asking me I will allow it.  I will select the link "if your download does not start immediately click here"

14/10/2014 problems with emsisoft


    4)  left clicked and I was asked if I want to save the file, and said yes and Firefox has the down-arrow in blue and I will open the containing folder and move it to my desk top and execute it.
    5(Executed DDS.com and it is running.
    6) Wondering how to zip this log. I’ve never zipped before.

Opened my computer and tried to log onto ancestry.ca and got the wrong sign in page again:  https :// secure dot ancestry dot ca/security/passwordlogin     dot      aspx?ti.si=0&ti=5543 I just copied the URL address out of the box.  Now I will type it in using the http before it.  Now I have this URL:  http://www DOT ancestry DOT ca/  this is what it is suppose to be. " a child on an old car "

3:29 PM 18/10/2014

I just received a response, and will continue to log my efforts from this point forward.
 


Edited by Momadice, 18 October 2014 - 02:46 PM.


#7 Momadice

Momadice
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ontario, Canada
  • Local time:10:31 AM

Posted 18 October 2014 - 03:33 PM

PLEASE KNOW I AM CURRENTLY LEARNING HOW TO ZIP A FILE AND WILL ATTACH IT ONCE I LEARN HOW.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17344
Run by TheyAreReal at 15:50:17 on 2014-10-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1527.614 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\StikyNot.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.jw.org/en/
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRunOnce: [Report] \AdwCleaner\AdwCleaner[S0].txt
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 24.226.1.93 24.226.10.193 24.226.10.194 24.226.1.94
TCP: Interfaces\{1FD3D185-CCE0-4156-9809-514294AD49DC} : DHCPNameServer = 24.226.1.93 24.226.10.193 24.226.10.194 24.226.1.94
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\theyarereal\appdata\roaming\mozilla\firefox\profiles\e0lo2dds.default\
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_179.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2014-9-14 22056]
R1 a2injectiondriver;a2injectiondriver;c:\program files\emsisoft anti-malware\a2dix86.sys [2014-9-14 38248]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\emsisoft anti-malware\a2util32.sys [2014-9-14 18552]
R1 MpKslc3bfc5f5;MpKslc3bfc5f5;c:\programdata\microsoft\microsoft antimalware\definition updates\{dab15a3d-8df2-469e-ba60-9d9a6182b08f}\MpKslc3bfc5f5.sys [2014-10-18 39464]
R2 a2AntiMalware;Emsisoft Protection Service;c:\program files\emsisoft anti-malware\a2service.exe [2014-9-14 4816568]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2014-3-11 104264]
R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2014-9-14 58200]
R3 cleanhlp;cleanhlp;c:\program files\emsisoft anti-malware\cleanhlp32.sys [2014-9-14 50200]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
RUnknown MpKsld80fe33e;MpKsld80fe33e; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 becldr3Service;BCL EasyConverter SDK 3 Loader;c:\program files\bcl technologies\easyconverter sdk 3\common\becldr.exe [2013-7-3 225280]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-10-16 108032]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-8-23 52224]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
.
=============== Created Last 30 ================
.
2014-10-18 09:47:37    62576    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{dab15a3d-8df2-469e-ba60-9d9a6182b08f}\offreg.dll
2014-10-18 09:47:37    39464    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{dab15a3d-8df2-469e-ba60-9d9a6182b08f}\MpKslc3bfc5f5.sys
2014-10-18 09:13:13    8806800    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{dab15a3d-8df2-469e-ba60-9d9a6182b08f}\mpengine.dll
2014-10-17 07:07:26    8806800    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-10-17 07:02:24    --------    d--h--w-    c:\programdata\CanonIJFAX
2014-10-16 06:29:52    3221504    ----a-w-    c:\windows\system32\mstscax.dll
2014-10-15 09:19:15    220784    ----a-w-    c:\program files\mozilla firefox\sandboxbroker.dll
2014-10-10 01:18:20    --------    d-----w-    C:\AdwCleaner
2014-10-06 05:11:01    317440    ----a-w-    c:\windows\system32\spoolsv.exe
2014-10-06 05:10:58    2616320    ----a-w-    c:\windows\explorer.exe
2014-10-05 21:21:51    258560    ----a-w-    c:\windows\system32\CNCALBN.DLL
2014-10-05 07:32:26    --------    d-----w-    c:\windows\Migration
2014-10-05 07:28:43    2285056    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2014-10-05 07:24:06    66560    ----a-w-    c:\windows\system32\drivers\WUDFPf.sys
2014-10-05 07:24:06    155136    ----a-w-    c:\windows\system32\drivers\WUDFRd.sys
2014-10-05 07:24:04    73216    ----a-w-    c:\windows\system32\WUDFSvc.dll
2014-10-05 07:24:04    172032    ----a-w-    c:\windows\system32\WUDFPlatform.dll
2014-10-05 07:24:01    38912    ----a-w-    c:\windows\system32\WUDFCoinstaller.dll
2014-10-05 07:23:56    196608    ----a-w-    c:\windows\system32\WUDFHost.exe
2014-10-05 07:23:55    613888    ----a-w-    c:\windows\system32\WUDFx.dll
2014-10-05 07:10:34    12625408    ----a-w-    c:\windows\system32\wmploc.DLL
2014-10-05 07:10:33    164864    ----a-w-    c:\program files\windows media player\wmplayer.exe
2014-10-04 13:50:47    908840    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{4b62aec3-d0d3-4e3a-a85a-035174776f7c}\gapaengine.dll
2014-10-04 13:48:52    712048    ----a-w-    c:\windows\system32\drivers\ndis.sys
2014-10-04 13:48:52    33280    ----a-w-    c:\windows\system32\drivers\RNDISMP.sys
2014-10-04 13:48:39    168960    ----a-w-    c:\windows\system32\credui.dll
2014-10-04 13:48:39    152576    ----a-w-    c:\windows\system32\SmartcardCredentialProvider.dll
2014-10-04 13:48:04    31232    ----a-w-    c:\windows\system32\prevhost.exe
2014-10-04 13:48:01    301568    ----a-w-    c:\windows\system32\msieftp.dll
2014-10-04 13:47:59    196328    ----a-w-    c:\windows\system32\drivers\fvevol.sys
2014-10-04 13:47:45    550912    ----a-w-    c:\windows\system32\kerberos.dll
2014-10-04 13:47:43    1059840    ----a-w-    c:\windows\system32\lsasrv.dll
2014-10-04 13:47:00    1699328    ----a-w-    c:\windows\system32\esent.dll
2014-10-04 13:46:59    332160    ----a-w-    c:\windows\system32\drivers\iaStorV.sys
2014-10-04 13:46:58    80256    ----a-w-    c:\windows\system32\drivers\amdsata.sys
2014-10-04 13:46:58    143744    ----a-w-    c:\windows\system32\drivers\nvstor.sys
2014-10-04 13:46:57    74240    ----a-w-    c:\windows\system32\fsutil.exe
2014-10-04 13:46:57    22400    ----a-w-    c:\windows\system32\drivers\amdxata.sys
2014-10-04 13:46:57    117120    ----a-w-    c:\windows\system32\drivers\nvraid.sys
2014-10-04 13:46:20    417792    ----a-w-    c:\windows\system32\WMPhoto.dll
2014-10-04 13:46:15    245760    ----a-w-    c:\windows\system32\OxpsConverter.exe
2014-10-04 13:45:54    478720    ----a-w-    c:\windows\system32\timedate.cpl
2014-10-04 13:45:40    24576    ----a-w-    c:\windows\system32\cryptdlg.dll
2014-10-04 13:43:22    185344    ----a-w-    c:\windows\system32\wwansvc.dll
2014-10-04 13:43:21    40960    ----a-w-    c:\windows\system32\wwanprotdim.dll
2014-10-04 13:43:09    499712    ----a-w-    c:\windows\system32\iphlpsvc.dll
2014-10-04 13:43:09    175104    ----a-w-    c:\windows\system32\netcorehc.dll
2014-10-04 13:43:09    156672    ----a-w-    c:\windows\system32\ncsi.dll
2014-10-04 13:43:08    52224    ----a-w-    c:\windows\system32\nlaapi.dll
2014-10-04 13:43:08    35328    ----a-w-    c:\windows\system32\drivers\tcpipreg.sys
2014-10-04 13:43:08    242176    ----a-w-    c:\windows\system32\nlasvc.dll
2014-10-04 13:43:07    18944    ----a-w-    c:\windows\system32\netevent.dll
2014-10-04 13:42:07    234432    ----a-w-    c:\windows\system32\drivers\msiscsi.sys
2014-10-04 13:42:07    149440    ----a-w-    c:\windows\system32\drivers\storport.sys
2014-10-04 13:42:06    27072    ----a-w-    c:\windows\system32\drivers\Diskdump.sys
2014-10-04 13:42:05    2048    ----a-w-    c:\windows\system32\iologmsg.dll
2014-10-04 13:41:36    434688    ----a-w-    c:\windows\system32\scavengeui.dll
2014-10-04 13:37:18    1401344    ----a-w-    c:\windows\system32\mssrch.dll
2014-10-04 13:37:17    1549312    ----a-w-    c:\windows\system32\tquery.dll
2014-10-04 13:37:16    427520    ----a-w-    c:\windows\system32\SearchIndexer.exe
2014-10-04 13:37:15    337408    ----a-w-    c:\windows\system32\mssph.dll
2014-10-04 13:37:15    164352    ----a-w-    c:\windows\system32\SearchProtocolHost.exe
2014-10-04 13:37:14    86528    ----a-w-    c:\windows\system32\SearchFilterHost.exe
2014-10-04 13:37:14    666624    ----a-w-    c:\windows\system32\mssvp.dll
2014-10-04 13:37:13    197120    ----a-w-    c:\windows\system32\mssphtb.dll
2014-10-04 13:37:11    59392    ----a-w-    c:\windows\system32\msscntrs.dll
2014-10-04 13:36:02    45568    ----a-w-    c:\windows\system32\oflc-nz.rs
2014-10-04 13:36:02    43520    ----a-w-    c:\windows\system32\csrr.rs
2014-10-04 13:36:01    46592    ----a-w-    c:\windows\system32\fpb.rs
2014-10-04 13:36:01    44544    ----a-w-    c:\windows\system32\pegibbfc.rs
2014-10-04 13:36:01    40960    ----a-w-    c:\windows\system32\cob-au.rs
2014-10-04 13:36:01    30720    ----a-w-    c:\windows\system32\usk.rs
2014-10-04 13:36:01    15360    ----a-w-    c:\windows\system32\djctq.rs
2014-10-04 13:36:00    2576384    ----a-w-    c:\windows\system32\gameux.dll
2014-10-04 13:36:00    21504    ----a-w-    c:\windows\system32\grb.rs
2014-10-04 13:36:00    20480    ----a-w-    c:\windows\system32\pegi.rs
2014-10-04 13:36:00    20480    ----a-w-    c:\windows\system32\pegi-pt.rs
2014-10-04 13:35:59    308736    ----a-w-    c:\windows\system32\Wpc.dll
2014-10-04 13:35:54    51712    ----a-w-    c:\windows\system32\esrb.rs
2014-10-04 13:35:53    55296    ----a-w-    c:\windows\system32\cero.rs
2014-10-04 13:35:53    23552    ----a-w-    c:\windows\system32\oflc.rs
2014-10-04 13:35:53    20480    ----a-w-    c:\windows\system32\pegi-fi.rs
2014-10-04 13:33:54    442880    ----a-w-    c:\windows\system32\ntshrui.dll
2014-10-04 13:33:45    519680    ----a-w-    c:\windows\system32\qdvd.dll
2014-10-04 13:33:37    1212352    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2014-10-04 13:32:47    400896    ----a-w-    c:\windows\system32\srcore.dll
2014-10-04 13:32:41    1230336    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2014-10-04 13:32:37    1987584    ----a-w-    c:\windows\system32\d3d10warp.dll
2014-10-04 13:32:24    793600    ----a-w-    c:\windows\system32\TSWorkspace.dll
2014-10-04 13:14:35    247808    ----a-w-    c:\windows\system32\schannel.dll
2014-10-04 13:14:31    259584    ----a-w-    c:\windows\system32\msv1_0.dll
2014-10-04 13:14:30    220160    ----a-w-    c:\windows\system32\ncrypt.dll
2014-10-04 13:14:29    172032    ----a-w-    c:\windows\system32\wdigest.dll
2014-10-04 13:12:48    205824    ----a-w-    c:\windows\system32\WebClnt.dll
2014-10-04 13:12:47    81920    ----a-w-    c:\windows\system32\davclnt.dll
2014-10-04 13:12:47    115712    ----a-w-    c:\windows\system32\drivers\mrxdav.sys
2014-10-04 13:12:44    164352    ----a-w-    c:\windows\system32\profsvc.dll
2014-10-04 13:12:40    133056    ----a-w-    c:\windows\system32\drivers\ataport.sys
2014-10-04 13:10:02    193536    ----a-w-    c:\windows\system32\dhcpcore6.dll
2014-10-04 13:10:01    44032    ----a-w-    c:\windows\system32\dhcpcsvc6.dll
2014-10-04 13:08:56    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-10-04 13:08:02    594944    ----a-w-    c:\windows\system32\RMActivate_isv.exe
2014-10-04 13:08:01    572416    ----a-w-    c:\windows\system32\RMActivate.exe
2014-10-04 13:08:01    508928    ----a-w-    c:\windows\system32\RMActivate_ssp_isv.exe
2014-10-04 13:08:00    510976    ----a-w-    c:\windows\system32\RMActivate_ssp.exe
2014-10-04 13:07:59    423936    ----a-w-    c:\windows\system32\secproc_isv.dll
2014-10-04 13:07:57    428032    ----a-w-    c:\windows\system32\secproc.dll
2014-10-04 13:07:55    87040    ----a-w-    c:\windows\system32\secproc_ssp.dll
2014-10-04 13:07:55    390144    ----a-w-    c:\windows\system32\msdrm.dll
2014-10-04 13:07:53    87040    ----a-w-    c:\windows\system32\secproc_ssp_isv.dll
2014-09-28 03:44:01    26840    ----a-w-    c:\windows\system32\drivers\GEARAspiWDM.sys
2014-09-28 03:41:44    --------    d-----w-    c:\program files\iPod
2014-09-28 03:41:42    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-28 03:41:42    --------    d-----w-    c:\program files\iTunes
2014-09-28 03:39:18    --------    d-----w-    c:\users\theyarereal\appdata\local\Apple
2014-09-28 03:38:28    --------    d-----w-    c:\program files\Bonjour
.
==================== Find3M  ====================
.
2014-09-29 00:41:36    2379264    ----a-w-    c:\windows\system32\win32k.sys
2014-09-25 22:32:04    2017280    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-09-22 06:41:56    231568    ------w-    c:\windows\system32\MpSigStub.exe
2014-09-19 01:25:12    4201472    ----a-w-    c:\windows\system32\jscript9.dll
2014-09-19 01:14:57    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-09-19 01:14:44    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-09-19 01:02:07    454656    ----a-w-    c:\windows\system32\vbscript.dll
2014-09-19 01:01:47    61952    ----a-w-    c:\windows\system32\iesetup.dll
2014-09-19 01:01:03    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-09-19 00:59:40    61952    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-09-19 00:50:16    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-09-19 00:50:15    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-09-19 00:49:31    597504    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-09-19 00:44:23    646144    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-09-19 00:36:23    60416    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-19 00:18:55    1068032    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-09-18 23:59:11    1810944    ----a-w-    c:\windows\system32\wininet.dll
2014-09-18 01:32:52    2363904    ----a-w-    c:\windows\system32\msi.dll
2014-09-13 01:40:05    67072    ----a-w-    c:\windows\system32\packager.dll
2014-09-04 05:04:15    372736    ----a-w-    c:\windows\system32\rastls.dll
2014-08-30 03:39:28    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-30 03:39:28    699568    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-08-26 07:35:30    69632    ----a-w-    c:\windows\system32\smss.exe
2014-08-26 07:35:30    640512    ----a-w-    c:\windows\system32\advapi32.dll
2014-08-26 07:35:30    619520    ----a-w-    c:\windows\system32\tdh.dll
2014-08-26 07:35:30    1289096    ----a-w-    c:\windows\system32\ntdll.dll
2014-08-26 07:35:29    38912    ----a-w-    c:\windows\system32\csrsrv.dll
2014-08-26 07:35:04    231424    ----a-w-    c:\windows\system32\mswsock.dll
2014-08-26 07:34:43    49152    ----a-w-    c:\windows\system32\taskhost.exe
2014-08-26 07:29:19    1505280    ----a-w-    c:\windows\system32\d3d11.dll
2014-08-24 07:18:32    152576    ----a-w-    c:\windows\system32\msclmd.dll
2014-08-23 01:46:55    305152    ----a-w-    c:\windows\system32\gdi32.dll
2014-07-28 18:52:00    6112072    ----a-w-    c:\windows\system32\usbaaplrc.dll
2014-07-28 18:52:00    45056    ----a-w-    c:\windows\system32\drivers\usbaapl.sys
2014-07-25 06:35:46    875688    ----a-w-    c:\windows\system32\msvcr120_clr0400.dll
.
============= FINISH: 15:56:56.25 ===============
 



#8 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:10:31 PM

Posted 18 October 2014 - 11:16 PM

Hi momadice.

 

No need to attach, just copy and paste here.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#9 Momadice

Momadice
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ontario, Canada
  • Local time:10:31 AM

Posted 20 October 2014 - 08:16 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 20/08/2014 4:41:48 PM
System Uptime: 20/10/2014 9:00:24 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | Lancaster8
Processor: Intel® Pentium® Dual  CPU  E2140  @ 1.60GHz | CPU 1 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 203 GiB total, 169.35 GiB free.
D: is FIXED (NTFS) - 94 GiB total, 93.984 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsla06d9459
Device ID: ROOT\LEGACY_MPKSLA06D9459\0000
Manufacturer:
Name: MpKsla06d9459
PNP Device ID: ROOT\LEGACY_MPKSLA06D9459\0000
Service: MpKsla06d9459
.
==== System Restore Points ===================
.
RP26: 01/10/2014 8:53:59 PM - Windows Update
RP27: 05/10/2014 3:00:52 AM - Windows Update
RP28: 06/10/2014 3:00:25 AM - Windows Update
RP29: 07/10/2014 5:15:30 PM - working ok
RP30: 09/10/2014 8:34:03 AM - Windows Update
RP31: 13/10/2014 8:16:19 PM - Windows Update
RP32: 14/10/2014 8:41:32 AM - before bleeping
RP33: 16/10/2014 3:00:36 AM - Windows Update
RP34: 17/10/2014 3:00:46 AM - Windows Update
RP35: 19/10/2014 1:58:59 AM - Windows Backup
.
==== Installed Programs ======================
.
Adobe Flash Player 14 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BCL easyConverter SDK 3 (Word Version)
Bonjour
Canon Easy-WebPrint EX
Canon MP450
Cisco Connect
Emsisoft Anti-Malware
Family Tree Maker 2014
Intel® Graphics Media Accelerator Driver
iTunes
Microsoft .NET Framework 4.5.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Mozilla Firefox 33.0 (x86 en-US)
Mozilla Maintenance Service
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition
.
==== Event Viewer Messages From Past Week ========
.
20/10/2014 9:02:10 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
20/10/2014 9:02:09 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
20/10/2014 6:12:00 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  and APPID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  to the user TheyAreReal-PC\Cindy SID (S-1-5-21-76898161-843101937-1811262288-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
20/10/2014 6:12:00 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  and APPID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  to the user TheyAreReal-PC\Cindy SID (S-1-5-21-76898161-843101937-1811262288-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
18/10/2014 2:33:01 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
18/10/2014 11:23:37 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
18/10/2014 1:21:33 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
17/10/2014 3:00:50 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk2\DR2.
14/10/2014 10:31:01 AM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
14/10/2014 10:31:01 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
14/10/2014 10:18:26 AM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
14/10/2014 10:17:18 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
14/10/2014 10:17:18 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
14/10/2014 10:17:17 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
14/10/2014 10:17:16 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
14/10/2014 10:17:10 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
14/10/2014 10:16:26 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  a2injectiondriver AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
14/10/2014 10:16:24 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
14/10/2014 10:16:24 AM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
14/10/2014 10:16:24 AM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
14/10/2014 10:16:24 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
14/10/2014 10:16:24 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
14/10/2014 10:16:24 AM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
14/10/2014 10:16:24 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
14/10/2014 10:16:24 AM, Error: Service Control Manager [7001]  - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
14/10/2014 10:16:24 AM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
14/10/2014 10:16:24 AM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
14/10/2014 10:16:24 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
13/10/2014 6:34:40 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.185.2908.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: http://www.microsoft.com      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.11005.0      Error code: 0x8024402c      Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
.
==== End Of File ===========================
 



#10 Momadice

Momadice
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ontario, Canada
  • Local time:10:31 AM

Posted 20 October 2014 - 08:17 PM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17344
Run by TheyAreReal at 21:08:43 on 2014-10-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1527.437 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.jw.org/en/
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRunOnce: [Report] \AdwCleaner\AdwCleaner[S0].txt
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 24.226.1.93 24.226.10.193 24.226.10.194 24.226.1.94
TCP: Interfaces\{1FD3D185-CCE0-4156-9809-514294AD49DC} : DHCPNameServer = 24.226.1.93 24.226.10.193 24.226.10.194 24.226.1.94
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\theyarereal\appdata\roaming\mozilla\firefox\profiles\e0lo2dds.default\
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_179.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2014-9-14 22056]
R1 a2injectiondriver;a2injectiondriver;c:\program files\emsisoft anti-malware\a2dix86.sys [2014-9-14 38248]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\emsisoft anti-malware\a2util32.sys [2014-9-14 18552]
R1 MpKsl07f21eb0;MpKsl07f21eb0;c:\programdata\microsoft\microsoft antimalware\definition updates\{ac776be1-7a01-470e-b11d-ce4578a3b4c0}\MpKsl07f21eb0.sys [2014-10-20 39464]
R2 a2AntiMalware;Emsisoft Protection Service;c:\program files\emsisoft anti-malware\a2service.exe [2014-9-14 4816568]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2014-3-11 104264]
R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2014-9-14 58200]
R3 cleanhlp;cleanhlp;c:\program files\emsisoft anti-malware\cleanhlp32.sys [2014-9-14 50200]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 becldr3Service;BCL EasyConverter SDK 3 Loader;c:\program files\bcl technologies\easyconverter sdk 3\common\becldr.exe [2013-7-3 225280]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-10-16 108032]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-8-23 52224]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
SUnknown MpKsla06d9459;MpKsla06d9459; [x]
.
=============== Created Last 30 ================
.
2014-10-21 01:01:46    39464    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{ac776be1-7a01-470e-b11d-ce4578a3b4c0}\MpKsl07f21eb0.sys
2014-10-20 05:50:43    8806800    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{ac776be1-7a01-470e-b11d-ce4578a3b4c0}\mpengine.dll
2014-10-18 09:13:13    8806800    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-10-17 07:02:24    --------    d--h--w-    c:\programdata\CanonIJFAX
2014-10-16 06:29:52    3221504    ----a-w-    c:\windows\system32\mstscax.dll
2014-10-15 09:19:15    220784    ----a-w-    c:\program files\mozilla firefox\sandboxbroker.dll
2014-10-10 01:18:20    --------    d-----w-    C:\AdwCleaner
2014-10-06 05:11:01    317440    ----a-w-    c:\windows\system32\spoolsv.exe
2014-10-06 05:10:58    2616320    ----a-w-    c:\windows\explorer.exe
2014-10-05 21:21:51    258560    ----a-w-    c:\windows\system32\CNCALBN.DLL
2014-10-05 07:32:26    --------    d-----w-    c:\windows\Migration
2014-10-05 07:28:43    2285056    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2014-10-05 07:24:06    66560    ----a-w-    c:\windows\system32\drivers\WUDFPf.sys
2014-10-05 07:24:06    155136    ----a-w-    c:\windows\system32\drivers\WUDFRd.sys
2014-10-05 07:24:04    73216    ----a-w-    c:\windows\system32\WUDFSvc.dll
2014-10-05 07:24:04    172032    ----a-w-    c:\windows\system32\WUDFPlatform.dll
2014-10-05 07:24:01    38912    ----a-w-    c:\windows\system32\WUDFCoinstaller.dll
2014-10-05 07:23:56    196608    ----a-w-    c:\windows\system32\WUDFHost.exe
2014-10-05 07:23:55    613888    ----a-w-    c:\windows\system32\WUDFx.dll
2014-10-05 07:10:34    12625408    ----a-w-    c:\windows\system32\wmploc.DLL
2014-10-05 07:10:33    164864    ----a-w-    c:\program files\windows media player\wmplayer.exe
2014-10-04 13:50:47    908840    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{4b62aec3-d0d3-4e3a-a85a-035174776f7c}\gapaengine.dll
2014-10-04 13:48:52    712048    ----a-w-    c:\windows\system32\drivers\ndis.sys
2014-10-04 13:48:52    33280    ----a-w-    c:\windows\system32\drivers\RNDISMP.sys
2014-10-04 13:48:39    168960    ----a-w-    c:\windows\system32\credui.dll
2014-10-04 13:48:39    152576    ----a-w-    c:\windows\system32\SmartcardCredentialProvider.dll
2014-10-04 13:48:04    31232    ----a-w-    c:\windows\system32\prevhost.exe
2014-10-04 13:48:01    301568    ----a-w-    c:\windows\system32\msieftp.dll
2014-10-04 13:47:59    196328    ----a-w-    c:\windows\system32\drivers\fvevol.sys
2014-10-04 13:47:45    550912    ----a-w-    c:\windows\system32\kerberos.dll
2014-10-04 13:47:43    1059840    ----a-w-    c:\windows\system32\lsasrv.dll
2014-10-04 13:47:00    1699328    ----a-w-    c:\windows\system32\esent.dll
2014-10-04 13:46:59    332160    ----a-w-    c:\windows\system32\drivers\iaStorV.sys
2014-10-04 13:46:58    80256    ----a-w-    c:\windows\system32\drivers\amdsata.sys
2014-10-04 13:46:58    143744    ----a-w-    c:\windows\system32\drivers\nvstor.sys
2014-10-04 13:46:57    74240    ----a-w-    c:\windows\system32\fsutil.exe
2014-10-04 13:46:57    22400    ----a-w-    c:\windows\system32\drivers\amdxata.sys
2014-10-04 13:46:57    117120    ----a-w-    c:\windows\system32\drivers\nvraid.sys
2014-10-04 13:46:20    417792    ----a-w-    c:\windows\system32\WMPhoto.dll
2014-10-04 13:46:15    245760    ----a-w-    c:\windows\system32\OxpsConverter.exe
2014-10-04 13:45:54    478720    ----a-w-    c:\windows\system32\timedate.cpl
2014-10-04 13:45:40    24576    ----a-w-    c:\windows\system32\cryptdlg.dll
2014-10-04 13:43:22    185344    ----a-w-    c:\windows\system32\wwansvc.dll
2014-10-04 13:43:21    40960    ----a-w-    c:\windows\system32\wwanprotdim.dll
2014-10-04 13:43:09    499712    ----a-w-    c:\windows\system32\iphlpsvc.dll
2014-10-04 13:43:09    175104    ----a-w-    c:\windows\system32\netcorehc.dll
2014-10-04 13:43:09    156672    ----a-w-    c:\windows\system32\ncsi.dll
2014-10-04 13:43:08    52224    ----a-w-    c:\windows\system32\nlaapi.dll
2014-10-04 13:43:08    35328    ----a-w-    c:\windows\system32\drivers\tcpipreg.sys
2014-10-04 13:43:08    242176    ----a-w-    c:\windows\system32\nlasvc.dll
2014-10-04 13:43:07    18944    ----a-w-    c:\windows\system32\netevent.dll
2014-10-04 13:42:07    234432    ----a-w-    c:\windows\system32\drivers\msiscsi.sys
2014-10-04 13:42:07    149440    ----a-w-    c:\windows\system32\drivers\storport.sys
2014-10-04 13:42:06    27072    ----a-w-    c:\windows\system32\drivers\Diskdump.sys
2014-10-04 13:42:05    2048    ----a-w-    c:\windows\system32\iologmsg.dll
2014-10-04 13:41:36    434688    ----a-w-    c:\windows\system32\scavengeui.dll
2014-10-04 13:37:18    1401344    ----a-w-    c:\windows\system32\mssrch.dll
2014-10-04 13:37:17    1549312    ----a-w-    c:\windows\system32\tquery.dll
2014-10-04 13:37:16    427520    ----a-w-    c:\windows\system32\SearchIndexer.exe
2014-10-04 13:37:15    337408    ----a-w-    c:\windows\system32\mssph.dll
2014-10-04 13:37:15    164352    ----a-w-    c:\windows\system32\SearchProtocolHost.exe
2014-10-04 13:37:14    86528    ----a-w-    c:\windows\system32\SearchFilterHost.exe
2014-10-04 13:37:14    666624    ----a-w-    c:\windows\system32\mssvp.dll
2014-10-04 13:37:13    197120    ----a-w-    c:\windows\system32\mssphtb.dll
2014-10-04 13:37:11    59392    ----a-w-    c:\windows\system32\msscntrs.dll
2014-10-04 13:36:02    45568    ----a-w-    c:\windows\system32\oflc-nz.rs
2014-10-04 13:36:02    43520    ----a-w-    c:\windows\system32\csrr.rs
2014-10-04 13:36:01    46592    ----a-w-    c:\windows\system32\fpb.rs
2014-10-04 13:36:01    44544    ----a-w-    c:\windows\system32\pegibbfc.rs
2014-10-04 13:36:01    40960    ----a-w-    c:\windows\system32\cob-au.rs
2014-10-04 13:36:01    30720    ----a-w-    c:\windows\system32\usk.rs
2014-10-04 13:36:01    15360    ----a-w-    c:\windows\system32\djctq.rs
2014-10-04 13:36:00    2576384    ----a-w-    c:\windows\system32\gameux.dll
2014-10-04 13:36:00    21504    ----a-w-    c:\windows\system32\grb.rs
2014-10-04 13:36:00    20480    ----a-w-    c:\windows\system32\pegi.rs
2014-10-04 13:36:00    20480    ----a-w-    c:\windows\system32\pegi-pt.rs
2014-10-04 13:35:59    308736    ----a-w-    c:\windows\system32\Wpc.dll
2014-10-04 13:35:54    51712    ----a-w-    c:\windows\system32\esrb.rs
2014-10-04 13:35:53    55296    ----a-w-    c:\windows\system32\cero.rs
2014-10-04 13:35:53    23552    ----a-w-    c:\windows\system32\oflc.rs
2014-10-04 13:35:53    20480    ----a-w-    c:\windows\system32\pegi-fi.rs
2014-10-04 13:33:54    442880    ----a-w-    c:\windows\system32\ntshrui.dll
2014-10-04 13:33:45    519680    ----a-w-    c:\windows\system32\qdvd.dll
2014-10-04 13:33:37    1212352    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2014-10-04 13:32:47    400896    ----a-w-    c:\windows\system32\srcore.dll
2014-10-04 13:32:41    1230336    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2014-10-04 13:32:37    1987584    ----a-w-    c:\windows\system32\d3d10warp.dll
2014-10-04 13:32:24    793600    ----a-w-    c:\windows\system32\TSWorkspace.dll
2014-10-04 13:14:35    247808    ----a-w-    c:\windows\system32\schannel.dll
2014-10-04 13:14:31    259584    ----a-w-    c:\windows\system32\msv1_0.dll
2014-10-04 13:14:30    220160    ----a-w-    c:\windows\system32\ncrypt.dll
2014-10-04 13:14:29    172032    ----a-w-    c:\windows\system32\wdigest.dll
2014-10-04 13:12:48    205824    ----a-w-    c:\windows\system32\WebClnt.dll
2014-10-04 13:12:47    81920    ----a-w-    c:\windows\system32\davclnt.dll
2014-10-04 13:12:47    115712    ----a-w-    c:\windows\system32\drivers\mrxdav.sys
2014-10-04 13:12:44    164352    ----a-w-    c:\windows\system32\profsvc.dll
2014-10-04 13:12:40    133056    ----a-w-    c:\windows\system32\drivers\ataport.sys
2014-10-04 13:10:02    193536    ----a-w-    c:\windows\system32\dhcpcore6.dll
2014-10-04 13:10:01    44032    ----a-w-    c:\windows\system32\dhcpcsvc6.dll
2014-10-04 13:08:56    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-10-04 13:08:02    594944    ----a-w-    c:\windows\system32\RMActivate_isv.exe
2014-10-04 13:08:01    572416    ----a-w-    c:\windows\system32\RMActivate.exe
2014-10-04 13:08:01    508928    ----a-w-    c:\windows\system32\RMActivate_ssp_isv.exe
2014-10-04 13:08:00    510976    ----a-w-    c:\windows\system32\RMActivate_ssp.exe
2014-10-04 13:07:59    423936    ----a-w-    c:\windows\system32\secproc_isv.dll
2014-10-04 13:07:57    428032    ----a-w-    c:\windows\system32\secproc.dll
2014-10-04 13:07:55    87040    ----a-w-    c:\windows\system32\secproc_ssp.dll
2014-10-04 13:07:55    390144    ----a-w-    c:\windows\system32\msdrm.dll
2014-10-04 13:07:53    87040    ----a-w-    c:\windows\system32\secproc_ssp_isv.dll
2014-09-28 03:44:01    26840    ----a-w-    c:\windows\system32\drivers\GEARAspiWDM.sys
2014-09-28 03:41:44    --------    d-----w-    c:\program files\iPod
2014-09-28 03:41:42    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-28 03:41:42    --------    d-----w-    c:\program files\iTunes
2014-09-28 03:39:18    --------    d-----w-    c:\users\theyarereal\appdata\local\Apple
2014-09-28 03:38:28    --------    d-----w-    c:\program files\Bonjour
.
==================== Find3M  ====================
.
2014-09-29 00:41:36    2379264    ----a-w-    c:\windows\system32\win32k.sys
2014-09-25 22:32:04    2017280    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-09-22 06:41:56    231568    ------w-    c:\windows\system32\MpSigStub.exe
2014-09-19 01:25:12    4201472    ----a-w-    c:\windows\system32\jscript9.dll
2014-09-19 01:14:57    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-09-19 01:14:44    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-09-19 01:02:07    454656    ----a-w-    c:\windows\system32\vbscript.dll
2014-09-19 01:01:47    61952    ----a-w-    c:\windows\system32\iesetup.dll
2014-09-19 01:01:03    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-09-19 00:59:40    61952    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-09-19 00:50:16    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-09-19 00:50:15    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-09-19 00:49:31    597504    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-09-19 00:44:23    646144    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-09-19 00:36:23    60416    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-19 00:18:55    1068032    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-09-18 23:59:11    1810944    ----a-w-    c:\windows\system32\wininet.dll
2014-09-18 01:32:52    2363904    ----a-w-    c:\windows\system32\msi.dll
2014-09-13 01:40:05    67072    ----a-w-    c:\windows\system32\packager.dll
2014-09-04 05:04:15    372736    ----a-w-    c:\windows\system32\rastls.dll
2014-08-30 03:39:28    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-30 03:39:28    699568    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-08-26 07:35:30    69632    ----a-w-    c:\windows\system32\smss.exe
2014-08-26 07:35:30    640512    ----a-w-    c:\windows\system32\advapi32.dll
2014-08-26 07:35:30    619520    ----a-w-    c:\windows\system32\tdh.dll
2014-08-26 07:35:30    1289096    ----a-w-    c:\windows\system32\ntdll.dll
2014-08-26 07:35:29    38912    ----a-w-    c:\windows\system32\csrsrv.dll
2014-08-26 07:35:04    231424    ----a-w-    c:\windows\system32\mswsock.dll
2014-08-26 07:34:43    49152    ----a-w-    c:\windows\system32\taskhost.exe
2014-08-26 07:29:19    1505280    ----a-w-    c:\windows\system32\d3d11.dll
2014-08-24 07:18:32    152576    ----a-w-    c:\windows\system32\msclmd.dll
2014-08-23 01:46:55    305152    ----a-w-    c:\windows\system32\gdi32.dll
2014-07-28 18:52:00    6112072    ----a-w-    c:\windows\system32\usbaaplrc.dll
2014-07-28 18:52:00    45056    ----a-w-    c:\windows\system32\drivers\usbaapl.sys
2014-07-25 06:35:46    875688    ----a-w-    c:\windows\system32\msvcr120_clr0400.dll
.
============= FINISH: 21:10:19.46 ===============
 



#11 Momadice

Momadice
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ontario, Canada
  • Local time:10:31 AM

Posted 20 October 2014 - 08:24 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-10-2014 01
Ran by Cindy at 2014-10-20 21:21:57
Running from C:\Users\Cindy\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Emsisoft Anti-Malware (Disabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Disabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BCL easyConverter SDK 3 (Word Version) (HKLM\...\{A932ABFB-1AC4-4FBF-9954-B710CABE3482}) (Version: 3.0.64 - BCL Technologies)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon MP450 (HKLM\...\{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD}) (Version:  - )
Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.2.10148.2 - Cisco Consumer Products LLC)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
Family Tree Maker 2014 (Version: 22.0.207 - Ancestry.com, Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Mozilla Firefox 33.0 (x86 en-US) (HKLM\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) =============

2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-13 13:43 - 2014-10-15 05:19 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-76898161-843101937-1811262288-500 - Administrator - Disabled)
Cindy (S-1-5-21-76898161-843101937-1811262288-1003 - Limited - Enabled) => C:\Users\Cindy
Dyllan (S-1-5-21-76898161-843101937-1811262288-1004 - Limited - Enabled)
Guest (S-1-5-21-76898161-843101937-1811262288-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-76898161-843101937-1811262288-1002 - Limited - Enabled)
TheyAreReal (S-1-5-21-76898161-843101937-1811262288-1001 - Administrator - Enabled) => C:\Users\TheyAreReal

==================== Faulty Device Manager Devices =============

Name: MpKsla06d9459
Description: MpKsla06d9459
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsla06d9459
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/18/2014 01:56:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8066

Error: (10/18/2014 01:56:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8066

Error: (10/18/2014 01:56:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/18/2014 01:56:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7067

Error: (10/18/2014 01:56:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7067

Error: (10/18/2014 01:56:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/18/2014 01:56:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6069

Error: (10/18/2014 01:56:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6069

Error: (10/18/2014 01:56:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/18/2014 01:56:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5070


System errors:
=============
Error: (10/20/2014 09:02:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/20/2014 09:02:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (10/20/2014 06:12:00 AM) (Source: DCOM) (EventID: 10016) (User: TheyAreReal-PC)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}TheyAreReal-PCCindyS-1-5-21-76898161-843101937-1811262288-1003LocalHost (Using LRPC)

Error: (10/20/2014 06:12:00 AM) (Source: DCOM) (EventID: 10016) (User: TheyAreReal-PC)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}TheyAreReal-PCCindyS-1-5-21-76898161-843101937-1811262288-1003LocalHost (Using LRPC)

Error: (10/20/2014 05:45:40 AM) (Source: DCOM) (EventID: 10016) (User: TheyAreReal-PC)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}TheyAreReal-PCCindyS-1-5-21-76898161-843101937-1811262288-1003LocalHost (Using LRPC)

Error: (10/20/2014 05:45:40 AM) (Source: DCOM) (EventID: 10016) (User: TheyAreReal-PC)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}TheyAreReal-PCCindyS-1-5-21-76898161-843101937-1811262288-1003LocalHost (Using LRPC)

Error: (10/19/2014 01:48:22 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/19/2014 01:48:18 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (10/18/2014 02:33:01 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

Error: (10/18/2014 01:21:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.


Microsoft Office Sessions:
=========================
Error: (09/06/2014 07:03:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 22372 seconds with 240 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU E2140 @ 1.60GHz
Percentage of memory in use: 64%
Total physical RAM: 1527.37 MB
Available physical RAM: 548.06 MB
Total Pagefile: 3054.73 MB
Available Pagefile: 1487.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.25 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:203.43 GB) (Free:169.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: () (Fixed) (Total:94.07 GB) (Free:93.98 GB) NTFS
Drive j: (Terabyte) (Fixed) (Total:931.48 GB) (Free:746.07 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-10-2014 01
Ran by Cindy (ATTENTION: The logged in user is not administrator) on THEYAREREAL-PC on 20-10-2014 21:21:09
Running from C:\Users\Cindy\Downloads
Loaded Profiles: TheyAreReal & Cindy (Available profiles: TheyAreReal & Cindy)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKU\S-1-5-21-76898161-843101937-1811262288-1003\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-76898161-843101937-1811262288-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-76898161-843101937-1811262288-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-08-24] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jw.org/en/
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.niagaracollege.ca/content/
https://www.gmail.com/intl/en/mail/help/about.html
https://www.cogeco.ca/web/on/en/my_cogeco/
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 24.226.1.93 24.226.10.193 24.226.10.194 24.226.1.94

FireFox:
========
FF ProfilePath: C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\yweorc15.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4816568 2014-10-14] (Emsisoft GmbH)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [225280 2013-07-03] () [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)
R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsl07f21eb0; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AC776BE1-7A01-470E-B11D-CE4578A3B4C0}\MpKsl07f21eb0.sys [39464 2014-10-20] (Microsoft Corporation)
U3 mbr; \??\C:\Users\THEYAR~1\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 21:21 - 2014-10-20 21:21 - 00006414 _____ () C:\Users\Cindy\Downloads\FRST.txt
2014-10-20 21:20 - 2014-10-20 21:21 - 00000000 ____D () C:\FRST
2014-10-20 21:09 - 2014-10-20 21:09 - 01102336 _____ (Farbar) C:\Users\Cindy\Downloads\FRST.exe
2014-10-20 21:08 - 2014-10-20 21:08 - 00688992 ____R (Swearware) C:\Users\Cindy\Downloads\dds.com
2014-10-19 01:49 - 2014-10-19 01:54 - 00000000 __RHD () C:\Users\Cindy\Desktop\MoreChainmailleInspiration
2014-10-17 17:53 - 2014-10-20 06:00 - 00124684 _____ () C:\Users\Cindy\Desktop\1851 PORTLAND CENSUS INDEX.xlsx
2014-10-17 03:02 - 2014-10-17 03:02 - 00000000 ___HD () C:\ProgramData\CanonIJFAX
2014-10-16 02:30 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 02:30 - 2014-09-28 20:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 02:30 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 02:30 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 02:30 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 02:30 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 02:30 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 02:30 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 02:30 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 02:30 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 02:30 - 2014-09-18 21:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 02:30 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 02:30 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 02:30 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 02:30 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 02:30 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 02:30 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 02:30 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 02:30 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 02:30 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 02:30 - 2014-09-18 20:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 02:30 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 02:30 - 2014-09-18 20:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 02:30 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 02:30 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 02:30 - 2014-09-18 20:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 02:30 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 02:30 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 02:30 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 02:30 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 02:30 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 02:30 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 02:30 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 02:30 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 02:30 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 02:30 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 02:29 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 02:29 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 02:29 - 2014-07-16 21:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 02:29 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 02:29 - 2014-07-16 21:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 02:29 - 2014-07-16 21:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 02:29 - 2014-07-16 21:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-16 02:29 - 2014-07-16 21:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 02:29 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 02:29 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 02:29 - 2014-07-16 21:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 02:29 - 2014-07-16 21:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 02:29 - 2014-07-08 21:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-16 02:29 - 2014-07-08 21:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-16 02:29 - 2014-07-08 21:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-16 02:29 - 2014-07-08 21:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-16 02:29 - 2014-07-08 21:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-16 02:29 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-14 13:34 - 2014-10-14 13:34 - 04137408 _____ () C:\Users\Cindy\Desktop\14oct2014 FreitagClarkBartonMontgomeryBo.ged
2014-10-14 09:05 - 2014-10-14 09:05 - 00001217 _____ () C:\Users\Cindy\Desktop\bb_141014-090535.txt
2014-10-14 09:03 - 2014-10-14 09:03 - 00000209 _____ () C:\Users\Cindy\Desktop\fg_141014-090258.txt
2014-10-10 06:02 - 2014-10-20 21:10 - 00018638 _____ () C:\Users\TheyAreReal\Desktop\dds.txt
2014-10-10 06:02 - 2014-10-20 21:10 - 00014282 _____ () C:\Users\TheyAreReal\Desktop\attach.txt
2014-10-10 05:45 - 2014-10-10 05:45 - 00688992 ____R (Swearware) C:\Users\Cindy\Desktop\dds.com
2014-10-09 21:25 - 2014-10-09 21:25 - 00000930 _____ () C:\Users\TheyAreReal\Desktop\AdwCleaner[R0].txt
2014-10-09 21:21 - 2014-10-09 21:21 - 00095896 _____ () C:\Users\Cindy\Desktop\rkill .txt
2014-10-09 21:20 - 2014-10-09 21:20 - 00095899 _____ () C:\Users\Cindy\Desktop\tds.txt
2014-10-09 21:18 - 2014-10-09 21:25 - 00000000 ____D () C:\AdwCleaner
2014-10-09 21:17 - 2014-10-09 21:17 - 01375089 _____ () C:\Users\Cindy\Downloads\AdwCleaner.exe
2014-10-09 21:06 - 2014-10-09 21:06 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Cindy\Downloads\tdsskiller.exe
2014-10-09 20:57 - 2014-10-09 20:58 - 00021861 _____ () C:\Users\Cindy\Downloads\Result.txt
2014-10-09 20:56 - 2014-10-09 20:56 - 00401920 _____ (Farbar) C:\Users\Cindy\Downloads\MiniToolBox.exe
2014-10-09 20:54 - 2014-10-09 20:54 - 00015576 _____ () C:\Users\Cindy\Desktop\adwre.htm
2014-10-09 20:53 - 2014-10-09 20:53 - 00015433 _____ () C:\Users\Cindy\Desktop\minitoolbox.htm
2014-10-07 17:32 - 2014-10-07 17:32 - 04087844 _____ () C:\Users\Cindy\Downloads\FreitagClarkBartonMontgomeryBo.ged
2014-10-06 01:11 - 2012-02-11 01:37 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-10-06 01:10 - 2011-02-25 01:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-10-05 17:21 - 2012-09-21 05:00 - 00258560 _____ (CANON INC.) C:\Windows\system32\CNCALBN.DLL
2014-10-05 13:22 - 2014-10-05 13:22 - 00000706 _____ () C:\Users\TheyAreReal\Desktop\quarantine.txt
2014-10-05 12:59 - 2014-10-05 12:59 - 00009467 _____ () C:\Users\Cindy\Desktop\resume.txt
2014-10-05 12:26 - 2014-10-05 12:26 - 00001095 _____ () C:\Users\Cindy\Desktop\bb_141005-122637.txt
2014-10-05 03:28 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-10-05 03:24 - 2012-07-25 23:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-10-05 03:24 - 2012-07-25 23:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-10-05 03:24 - 2012-07-25 23:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-10-05 03:24 - 2012-07-25 22:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-10-05 03:24 - 2012-07-25 22:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-10-05 03:23 - 2012-07-25 23:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-10-05 03:23 - 2012-07-25 23:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-10-05 03:23 - 2012-06-02 10:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-10-05 03:10 - 2013-05-10 00:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-05 03:10 - 2013-05-10 00:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-04 09:48 - 2013-10-29 22:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-10-04 09:48 - 2013-10-03 21:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-10-04 09:48 - 2013-10-03 21:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-10-04 09:48 - 2012-08-22 13:16 - 00712048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-10-04 09:48 - 2012-07-04 15:45 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2014-10-04 09:48 - 2011-06-16 00:33 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2014-10-04 09:48 - 2011-02-18 01:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2014-10-04 09:47 - 2014-07-06 21:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-10-04 09:47 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-10-04 09:47 - 2013-01-24 00:47 - 00196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-10-04 09:47 - 2011-03-11 01:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2014-10-04 09:46 - 2013-11-23 14:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-10-04 09:46 - 2012-08-21 16:12 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2014-10-04 09:46 - 2011-03-11 01:39 - 00143744 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2014-10-04 09:46 - 2011-03-11 01:39 - 00117120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2014-10-04 09:46 - 2011-03-11 01:38 - 00332160 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2014-10-04 09:46 - 2011-03-11 01:38 - 00080256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2014-10-04 09:46 - 2011-03-11 01:38 - 00022400 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2014-10-04 09:46 - 2011-03-11 01:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2014-10-04 09:46 - 2011-03-11 00:01 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-10-04 09:45 - 2013-05-09 23:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-10-04 09:45 - 2011-12-30 01:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2014-10-04 09:43 - 2014-01-27 22:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-10-04 09:43 - 2013-03-18 23:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2014-10-04 09:43 - 2012-10-03 12:42 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2014-10-04 09:43 - 2012-10-03 12:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2014-10-04 09:43 - 2012-10-03 12:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2014-10-04 09:43 - 2012-10-03 12:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2014-10-04 09:43 - 2012-10-03 12:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2014-10-04 09:43 - 2012-10-03 12:40 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-10-04 09:43 - 2012-10-03 11:21 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-10-04 09:42 - 2014-02-03 22:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-10-04 09:42 - 2014-02-03 22:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-10-04 09:42 - 2014-02-03 22:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-10-04 09:42 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-10-04 09:41 - 2013-08-27 20:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-10-04 09:37 - 2011-05-04 00:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2014-10-04 09:37 - 2011-05-04 00:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2014-10-04 09:37 - 2011-05-04 00:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2014-10-04 09:37 - 2011-05-04 00:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2014-10-04 09:37 - 2011-05-04 00:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2014-10-04 09:37 - 2011-05-04 00:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2014-10-04 09:37 - 2011-05-04 00:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2014-10-04 09:37 - 2011-05-04 00:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2014-10-04 09:37 - 2011-05-04 00:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2014-10-04 09:36 - 2012-12-07 08:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-10-04 09:36 - 2012-12-07 06:46 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2014-10-04 09:36 - 2012-12-07 06:46 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2014-10-04 09:36 - 2012-12-07 06:46 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2014-10-04 09:36 - 2012-12-07 06:46 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2014-10-04 09:36 - 2012-12-07 06:46 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2014-10-04 09:36 - 2012-12-07 06:46 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2014-10-04 09:36 - 2012-12-07 06:46 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2014-10-04 09:36 - 2012-12-07 06:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2014-10-04 09:36 - 2012-12-07 06:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2014-10-04 09:36 - 2012-12-07 06:46 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2014-10-04 09:35 - 2012-12-07 08:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-10-04 09:35 - 2012-12-07 06:46 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2014-10-04 09:35 - 2012-12-07 06:46 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2014-10-04 09:35 - 2012-12-07 06:46 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2014-10-04 09:35 - 2012-12-07 06:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2014-10-04 09:33 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-04 09:33 - 2014-01-23 22:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-10-04 09:33 - 2012-01-04 04:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2014-10-04 09:32 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-10-04 09:32 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-10-04 09:32 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-10-04 09:32 - 2012-05-05 03:46 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-04 09:14 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-10-04 09:14 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-04 09:14 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-10-04 09:14 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-10-04 09:12 - 2013-08-04 21:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-10-04 09:12 - 2013-07-04 07:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-10-04 09:12 - 2013-07-04 07:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-10-04 09:12 - 2013-07-04 05:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-10-04 09:12 - 2012-05-01 00:44 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-10-04 09:10 - 2012-10-09 13:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-10-04 09:10 - 2012-10-09 13:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-10-04 09:09 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-04 09:08 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-04 09:08 - 2013-12-03 21:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-10-04 09:08 - 2013-12-03 21:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-10-04 09:08 - 2013-12-03 21:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-10-04 09:08 - 2013-12-03 21:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-10-04 09:07 - 2013-12-03 22:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-10-04 09:07 - 2013-12-03 22:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-10-04 09:07 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-10-04 09:07 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-10-04 09:07 - 2013-12-03 22:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-10-04 08:12 - 2014-10-04 08:12 - 00000860 _____ () C:\Users\TheyAreReal\Desktop\bb_141004-081242.txt
2014-10-04 08:11 - 2014-10-04 08:11 - 00126427 _____ () C:\Users\TheyAreReal\Desktop\sp_141004-081121.txt
2014-09-30 15:29 - 2014-09-30 15:29 - 04001159 _____ () C:\Users\TheyAreReal\Desktop\FreitagClarkBartonMontgomeryBoyceMcConnell 30September2014.ged
2014-09-30 14:36 - 2014-10-16 13:53 - 00046647 _____ () C:\Users\Cindy\Documents\Census Tracker.xlsx
2014-09-30 08:38 - 2014-09-30 08:38 - 00000000 ____D () C:\Users\Cindy\AppData\Local\Apple
2014-09-27 23:44 - 2014-09-28 00:47 - 00000000 ____D () C:\Users\Cindy\AppData\Roaming\Apple Computer
2014-09-27 23:44 - 2014-09-27 23:44 - 00000000 ____D () C:\Users\Cindy\AppData\Local\Apple Computer
2014-09-27 23:44 - 2014-09-27 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-27 23:44 - 2012-08-21 13:01 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-09-27 23:41 - 2014-09-27 23:43 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-27 23:41 - 2014-09-27 23:43 - 00000000 ____D () C:\Program Files\iTunes
2014-09-27 23:41 - 2014-09-27 23:41 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-09-27 23:41 - 2014-09-27 23:41 - 00000000 ____D () C:\Program Files\iPod
2014-09-27 23:39 - 2014-09-27 23:39 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-09-27 23:39 - 2014-09-27 23:39 - 00000000 ____D () C:\Users\TheyAreReal\AppData\Local\Apple
2014-09-27 23:39 - 2014-09-27 23:39 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-09-27 23:38 - 2014-09-27 23:38 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-27 23:37 - 2014-09-27 23:41 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-27 23:37 - 2014-09-27 23:39 - 00000000 ____D () C:\ProgramData\Apple
2014-09-27 22:45 - 2014-09-27 22:46 - 111264592 _____ (Apple Inc.) C:\Users\Cindy\Downloads\iTunesSetup.exe
2014-09-21 22:42 - 2014-09-21 22:42 - 02347384 _____ (ESET) C:\Users\Cindy\Downloads\esetsmartinstaller_enu.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 21:08 - 2014-08-20 16:41 - 00000000 ____D () C:\Users\TheyAreReal
2014-10-20 21:08 - 2009-07-14 00:34 - 00013216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-20 21:08 - 2009-07-14 00:34 - 00013216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-20 21:05 - 2014-08-20 16:41 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-20 21:05 - 2014-08-20 16:32 - 01099187 _____ () C:\Windows\WindowsUpdate.log
2014-10-20 21:01 - 2014-09-14 21:29 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-10-20 21:01 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-20 21:00 - 2009-07-14 00:39 - 00029716 _____ () C:\Windows\setupact.log
2014-10-16 06:57 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-10-16 03:37 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-16 03:25 - 2009-07-14 00:33 - 00405992 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 17:47 - 2014-08-20 18:22 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-15 05:19 - 2014-09-13 13:43 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-13 18:41 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-09 21:26 - 2014-08-24 03:44 - 00027392 _____ () C:\Windows\PFRO.log
2014-10-06 20:36 - 2014-08-23 16:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-06 20:10 - 2014-09-07 22:42 - 00000000 ____D () C:\Users\Cindy\Desktop\Trees
2014-10-05 15:34 - 2014-08-24 08:51 - 00000000 ____D () C:\Program Files\Family Tree Maker 2014
2014-10-05 12:50 - 2014-08-25 18:33 - 00000000 ____D () C:\Users\Cindy\Documents\Family Tree Maker
2014-10-05 09:12 - 2014-08-20 18:17 - 00109280 _____ () C:\Users\Cindy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-02 10:24 - 2014-09-06 13:11 - 00338817 _____ () C:\Users\Cindy\Documents\Methodist Baptisms.xlsx
2014-09-27 16:47 - 2014-09-12 16:33 - 00000000 ____D () C:\Users\Cindy\AppData\Local\Microsoft Games
2014-09-27 16:32 - 2014-09-18 07:19 - 00010242 _____ () C:\Users\Cindy\Desktop\Journal.xlsx
2014-09-22 02:41 - 2014-08-20 17:04 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\TheyAreReal\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD, see Addition.txt for additional information.

==================== End Of Log ============================



#12 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:10:31 PM

Posted 21 October 2014 - 03:52 AM

Hi momadice.

 

You said that you have saved log file for tools you had ran before. Can you post them here please?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#13 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:10:31 PM

Posted 23 October 2014 - 01:27 PM

It had been three days since my last reply, are you still there?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#14 Momadice

Momadice
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ontario, Canada
  • Local time:10:31 AM

Posted 25 October 2014 - 11:54 AM

Yes, I am still here.  I had some important things to do and did not check emails, voice-mails, etc., until I was finished.  I am not abandoning this help, I have family with special health issues and that sometimes keeps me away from my computer for three or more days.

 

Regarding the last post, I have looked for the older logs, and I must have deleted them.  I've been looking over the files I want to backup as per your suggestions earlier, I do not have much as It's been so long since I have felt comfortable with my computer that I barely use it anymore for anything remotely fun that I like to do.

 

I will wait for your response...  Would you like me to rerun any of the reports?   And which program and or reports shall I run?


Edited by Momadice, 25 October 2014 - 11:57 AM.


#15 Momadice

Momadice
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ontario, Canada
  • Local time:10:31 AM

Posted 25 October 2014 - 03:53 PM

I ran mini tool bar.  Is it possible for others to see or use my information from this log? Please advise the safe way to send you the info.


Edited by Momadice, 25 October 2014 - 03:57 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users