Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 infected with virus Viknok.A - unable to remove with MS Security Essen


  • This topic is locked This topic is locked
21 replies to this topic

#1 Kevin_R

Kevin_R

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 20 September 2014 - 01:44 PM

Hi most excellent volunteers,

 

I'm working on a Lenovo laptop running Windows 7.  When I received it it failed to boot.  Using a restore point got it to boot again.

 

After booting Microsoft Security Essentials reported finding Virus:Win64/Viknok.A but was unable to remove it. 

The following error was reported: Error code 0x800704ec.  This program is blocked by group policy.  For more information, contact your system administrator.

 

RKill was then run followed with Malwarebytes.  Malwarebytes didn't report finding Viknok.A.  Malwarebytes now fails to run after a normal restart of the computer.

 

Norton Power Eraser also reported virus found and was unable to remove it.

 

I've made a full backup of all data on all partitions of the drive and will await instructions.

 

DDS log below.  Attach.txt is attached.

 

Thanks,

 

Kevin

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.17267
Run by michael at 10:39:35 on 2014-09-20
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3895.2217 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\ProgramData\GameXN\GameXNGO.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k HPService
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\SysWOW64\svchost.exe
C:\windows\SysWOW64\svchost.exe
C:\windows\SysWOW64\svchost.exe
C:\windows\SysWOW64\svchost.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mail.aol.com/38430-111/aol-6/en-us/suite.aspx
uDefault_Page_URL = hxxp://www.bing.com/?pc=MRSLD
mStart Page = hxxp://lenovo.msn.com
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} - file:///E:/tools/EN/bin/npseatools.cab
TCP: NameServer = 10.0.1.1
TCP: Interfaces\{2D98629E-8932-4F33-8E3C-56F656DEE8BF} : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{2D98629E-8932-4F33-8E3C-56F656DEE8BF}\2375942554835383 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{2D98629E-8932-4F33-8E3C-56F656DEE8BF}\25354456D6F6 : DHCPNameServer = 139.60.220.225 139.60.220.226
TCP: Interfaces\{2D98629E-8932-4F33-8E3C-56F656DEE8BF}\3586162796370274575637470275966496 : DHCPNameServer = 8.8.8.8 8.8.4.4
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://lenovo.msn.com
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R1 SMR430;Symantec SMR Utility Service 4.3.0;C:\windows\System32\drivers\SMR430.SYS [2014-9-20 108216]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-13 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-9-12 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-9-12 860472]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2010-10-24 125584]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-13 2320920]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-11-13 28176]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-11-13 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-11-13 158976]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-11-13 271872]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2011-5-14 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-9-12 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-9-12 63704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 vm332avs;Lenovo Camera2;C:\windows\System32\drivers\vm332avs.sys [2010-11-13 229456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-6-29 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-11-13 242720]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-12-29 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-09-20 17:38:31    108216    ----a-w-    C:\windows\System32\drivers\SMR430.SYS
2014-09-20 17:31:12    75888    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E1AFD0F-DD70-46B0-9340-17EDF2500394}\offreg.dll
2014-09-19 00:31:52    --------    d-----w-    C:\Users\michael\AppData\Local\CrashDumps
2014-09-18 19:26:35    119808    ----a-r-    C:\Users\michael\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2014-09-18 17:22:00    --------    d-----w-    C:\NPE
2014-09-18 17:17:59    --------    d-----w-    C:\Users\michael\AppData\Local\NPE
2014-09-18 17:17:59    --------    d-----w-    C:\ProgramData\Norton
2014-09-17 20:52:06    1188440    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9B80C1BE-9A26-4FEB-B89E-404E48DC631E}\gapaengine.dll
2014-09-17 20:51:25    11578928    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E1AFD0F-DD70-46B0-9340-17EDF2500394}\mpengine.dll
2014-09-13 16:05:57    11319192    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-13 16:03:37    --------    d-----w-    C:\Program Files\iPod
2014-09-13 16:03:36    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-13 16:03:36    --------    d-----w-    C:\Program Files\iTunes
2014-09-13 16:03:36    --------    d-----w-    C:\Program Files (x86)\iTunes
2014-09-12 20:41:17    --------    d-----w-    C:\ab28b79a3278eabcdfc9dcf2
2014-09-12 20:22:10    122584    ----a-w-    C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-09-12 20:21:46    91352    ----a-w-    C:\windows\System32\drivers\mbamchameleon.sys
2014-09-12 20:21:46    63704    ----a-w-    C:\windows\System32\drivers\mwac.sys
2014-09-12 20:21:46    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-04 12:50:16    188304    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2014-09-12 20:59:09    71344    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-12 20:59:09    701104    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2014-07-18 01:05:06    269008    ----a-w-    C:\windows\System32\drivers\MpFilter.sys
2014-07-18 01:05:06    125584    ----a-w-    C:\windows\System32\drivers\NisDrvWFP.sys
.
============= FINISH: 10:40:15.88 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:21 PM

Posted 22 September 2014 - 06:43 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Kevin_R

Kevin_R
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 22 September 2014 - 08:12 AM

Hi Marius,

Logs below as requested.

TDSSKiller log attached as requested.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by michael (administrator) on MICHAEL-WIN7 on 22-09-2014 05:37:40
Running from C:\Users\michael\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(GameXN AS) C:\ProgramData\GameXN\GameXNGO.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(GameXN AS) C:\ProgramData\GameXN\GameXNGO.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-27] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-21] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2176296 2010-06-10] (Synaptics Incorporated)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4367808 2009-12-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [6988736 2009-12-16] (Lenovo (Beijing) Limited)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-156623571-785845423-2841114081-1000\...\Run: [Google Update] => C:\Users\michael\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-07-08] (Google Inc.)
HKU\S-1-5-21-156623571-785845423-2841114081-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-07-08] (Google Inc.)
HKU\S-1-5-21-156623571-785845423-2841114081-1000\...\Run: [GameXN GO] => C:\ProgramData\GameXN\GameXNGO.exe [347144 2014-09-12] (GameXN AS)
HKU\S-1-5-21-156623571-785845423-2841114081-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-156623571-785845423-2841114081-1000\...\MountPoints2: {2fe4a209-683f-11e0-a2ea-88ae1de492a8} - G:\TLBootstrap_WPP.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.aol.com/38430-111/aol-6/en-us/suite.aspx
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MRSLD
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=UXxdm011YYus&ptnrS=UXxdm011YYus&si=maps4pc&ptb=22036284-C447-42B5-B5C6-28A699D75160&ind=2012050612&n=77ed74b4&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=UXxdm011YYus&ptnrS=UXxdm011YYus&si=maps4pc&ptb=22036284-C447-42B5-B5C6-28A699D75160&ind=2012050612&n=77ed74b4&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredimail.com/mb95/?search={searchTerms}&loc=search_box&a=ICf2BZz3n7
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {E36C5562-C4E0-4220-BCB2-1C671E3A5916} file:///E:/tools/EN/bin/npseatools.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\michael\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\michael\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-02-28]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP", "", "hxxp://mail.aol.com/37252-111/aol-6/en-us/suite.aspx"
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSearchProvider: Default -> Bing
CHR DefaultSearchURL: Default -> https://www.bing.com/search?setmkt=en-US&q={searchTerms}
CHR DefaultNewTabURL: Default -> https://www.bing.com/chrome/newtab?setmkt=en-US
CHR DefaultSuggestURL: Default -> http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
CHR Plugin: (Shockwave Flash) - C:\Users\michael\AppData\Local\Google\Chrome\Application\37.0.2062.120\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\michael\AppData\Local\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\michael\AppData\Local\Google\Chrome\Application\37.0.2062.120\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-21]
CHR Extension: (YouTube) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-29]
CHR Extension: (Adblock Plus) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-12-08]
CHR Extension: (Google Search) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-29]
CHR Extension: (Google Wallet) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR Extension: (OneClick Cleaner for Chrome) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\oncckmaelaecccmaniihojgeopkcajfh [2012-12-08]
CHR Extension: (Gmail) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR StartMenuInternet: Google Chrome - C:\Users\michael\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [514048 2009-07-13] () [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [514048 2009-07-13] () [File not signed]
S3 ZuneWlanCfgSvc; C:\windows\system32\ZuneWlanCfgSvc.exe [467696 2010-09-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-20] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-22 05:37 - 2014-09-22 05:38 - 00021922 _____ () C:\Users\michael\Desktop\FRST.txt
2014-09-22 05:37 - 2014-09-22 05:37 - 00000000 ____D () C:\FRST
2014-09-22 05:36 - 2014-09-22 08:31 - 04161313 _____ () C:\Users\michael\Desktop\tdsskiller.zip
2014-09-22 05:36 - 2014-09-22 08:30 - 00380416 _____ () C:\Users\michael\Desktop\szl9rm1y.exe
2014-09-22 05:36 - 2014-09-22 08:29 - 02105856 _____ (Farbar) C:\Users\michael\Desktop\FRST64.exe
2014-09-20 10:40 - 2014-09-20 10:40 - 00088539 _____ () C:\Users\michael\Desktop\attach.txt
2014-09-20 10:40 - 2014-09-20 10:40 - 00018559 _____ () C:\Users\michael\Desktop\dds.txt
2014-09-20 10:32 - 2014-09-20 13:28 - 00688992 ____R (Swearware) C:\Users\michael\Desktop\dds.com
2014-09-20 10:32 - 2014-09-18 13:16 - 03060320 ____N (Symantec Corporation) C:\Users\michael\Desktop\NPE.exe
2014-09-18 17:31 - 2014-09-20 11:39 - 00000000 ____D () C:\Users\michael\AppData\Local\CrashDumps
2014-09-18 12:26 - 2014-09-18 12:26 - 00000000 ____D () C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2014-09-18 12:26 - 2014-09-18 12:26 - 00000000 ____D () C:\Users\michael\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2014-09-18 10:22 - 2014-09-18 10:22 - 00000000 ____D () C:\NPE
2014-09-18 10:17 - 2014-09-20 10:39 - 00000000 ____D () C:\Users\michael\AppData\Local\NPE
2014-09-18 10:17 - 2014-09-18 10:18 - 00000000 ____D () C:\ProgramData\Norton
2014-09-17 13:28 - 2014-09-17 13:31 - 00002726 _____ () C:\Users\michael\Desktop\Rkill.txt
2014-09-13 09:05 - 2014-09-13 09:05 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-13 09:05 - 2014-09-13 09:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-13 09:03 - 2014-09-13 09:05 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-13 09:03 - 2014-09-13 09:05 - 00000000 ____D () C:\Program Files\iTunes
2014-09-13 09:03 - 2014-09-13 09:05 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-13 09:03 - 2014-09-13 09:03 - 00000000 ____D () C:\Program Files\iPod
2014-09-12 13:41 - 2014-09-12 13:41 - 00000000 ____D () C:\ab28b79a3278eabcdfc9dcf2
2014-09-12 13:22 - 2014-09-20 10:32 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-12 13:21 - 2014-09-12 13:21 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-12 13:21 - 2014-09-12 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-12 13:21 - 2014-09-12 13:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-12 13:21 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-12 13:21 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-22 08:31 - 2014-09-22 05:36 - 04161313 _____ () C:\Users\michael\Desktop\tdsskiller.zip
2014-09-22 08:30 - 2014-09-22 05:36 - 00380416 _____ () C:\Users\michael\Desktop\szl9rm1y.exe
2014-09-22 08:29 - 2014-09-22 05:36 - 02105856 _____ (Farbar) C:\Users\michael\Desktop\FRST64.exe
2014-09-22 05:38 - 2014-09-22 05:37 - 00021922 _____ () C:\Users\michael\Desktop\FRST.txt
2014-09-22 05:38 - 2011-02-11 11:55 - 00000000 ____D () C:\Users\michael\AppData\Roaming\Skype
2014-09-22 05:38 - 2011-01-19 17:20 - 01741720 _____ () C:\windows\WindowsUpdate.log
2014-09-22 05:37 - 2014-09-22 05:37 - 00000000 ____D () C:\FRST
2014-09-22 05:34 - 2011-11-26 18:26 - 00000000 ____D () C:\ProgramData\GameXN
2014-09-22 05:34 - 2011-07-08 18:02 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-22 05:34 - 2011-05-29 12:44 - 00000000 ____D () C:\Users\michael\AppData\Roaming\go
2014-09-22 05:34 - 2011-05-14 16:15 - 00000328 _____ () C:\windows\Tasks\GlaryInitialize.job
2014-09-22 05:32 - 2014-03-06 20:27 - 00012972 _____ () C:\windows\setupact.log
2014-09-22 05:32 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-20 13:28 - 2014-09-20 10:32 - 00688992 ____R (Swearware) C:\Users\michael\Desktop\dds.com
2014-09-20 11:39 - 2014-09-18 17:31 - 00000000 ____D () C:\Users\michael\AppData\Local\CrashDumps
2014-09-20 11:35 - 2009-07-13 21:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-20 11:35 - 2009-07-13 21:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-20 10:44 - 2009-07-13 22:13 - 00732638 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-20 10:40 - 2014-09-20 10:40 - 00088539 _____ () C:\Users\michael\Desktop\attach.txt
2014-09-20 10:40 - 2014-09-20 10:40 - 00018559 _____ () C:\Users\michael\Desktop\dds.txt
2014-09-20 10:39 - 2014-09-18 10:17 - 00000000 ____D () C:\Users\michael\AppData\Local\NPE
2014-09-20 10:32 - 2014-09-12 13:22 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-18 13:22 - 2011-07-08 18:02 - 00000900 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-18 13:16 - 2014-09-20 10:32 - 03060320 ____N (Symantec Corporation) C:\Users\michael\Desktop\NPE.exe
2014-09-18 12:58 - 2012-12-08 09:45 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-18 12:49 - 2011-07-08 16:54 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-156623571-785845423-2841114081-1000UA.job
2014-09-18 12:32 - 2014-02-19 10:35 - 00000075 _____ () C:\windows\system32\fmlbbnf.tex
2014-09-18 12:26 - 2014-09-18 12:26 - 00000000 ____D () C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2014-09-18 12:26 - 2014-09-18 12:26 - 00000000 ____D () C:\Users\michael\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2014-09-18 10:37 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\NDF
2014-09-18 10:34 - 2014-01-16 10:25 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-18 10:22 - 2014-09-18 10:22 - 00000000 ____D () C:\NPE
2014-09-18 10:20 - 2014-03-06 20:39 - 00028020 _____ () C:\windows\PFRO.log
2014-09-18 10:18 - 2014-09-18 10:17 - 00000000 ____D () C:\ProgramData\Norton
2014-09-18 09:50 - 2011-07-08 16:54 - 00000864 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-156623571-785845423-2841114081-1000Core.job
2014-09-17 22:16 - 2011-02-11 11:55 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-17 13:31 - 2014-09-17 13:28 - 00002726 _____ () C:\Users\michael\Desktop\Rkill.txt
2014-09-13 09:20 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\Help
2014-09-13 09:05 - 2014-09-13 09:05 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-13 09:05 - 2014-09-13 09:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-13 09:05 - 2014-09-13 09:03 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-13 09:05 - 2014-09-13 09:03 - 00000000 ____D () C:\Program Files\iTunes
2014-09-13 09:05 - 2014-09-13 09:03 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-13 09:03 - 2014-09-13 09:03 - 00000000 ____D () C:\Program Files\iPod
2014-09-12 15:10 - 2011-02-11 11:55 - 00000000 ____D () C:\ProgramData\Skype
2014-09-12 15:07 - 2013-03-12 22:52 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-12 15:07 - 2013-03-12 22:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-12 14:22 - 2012-12-10 14:41 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-12 14:11 - 2014-06-21 15:44 - 00002343 _____ () C:\Users\michael\Desktop\Google Chrome.lnk
2014-09-12 13:59 - 2012-12-08 09:45 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-12 13:59 - 2012-12-08 09:45 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-12 13:59 - 2011-07-08 18:02 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-12 13:56 - 2012-12-10 15:06 - 00000000 ____D () C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-09-12 13:56 - 2011-05-14 16:15 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities
2014-09-12 13:56 - 2011-02-09 15:08 - 00000000 ____D () C:\Users\michael
2014-09-12 13:56 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\registration
2014-09-12 13:52 - 2013-10-15 21:17 - 00002124 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-12 13:52 - 2011-02-09 15:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-12 13:52 - 2011-01-06 21:39 - 00001945 _____ () C:\windows\epplauncher.mif
2014-09-12 13:51 - 2013-03-12 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-12 13:51 - 2012-04-30 21:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-12 13:51 - 2011-01-06 21:38 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-12 13:41 - 2014-09-12 13:41 - 00000000 ____D () C:\ab28b79a3278eabcdfc9dcf2
2014-09-12 13:41 - 2013-08-15 09:56 - 00000000 ____D () C:\windows\system32\MRT
2014-09-12 13:21 - 2014-09-12 13:21 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-12 13:21 - 2014-09-12 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-12 13:21 - 2014-09-12 13:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-12 13:21 - 2011-05-14 16:26 - 00000000 ____D () C:\Users\michael\AppData\Roaming\Malwarebytes
2014-09-12 13:21 - 2011-05-14 16:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-12 13:21 - 2011-05-14 16:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-09-12 13:19 - 2014-07-25 22:23 - 00000000 ____D () C:\Users\michael\AppData\Local\GameXN
2014-08-29 13:01 - 2010-12-29 22:19 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\michael\AppData\Local\Temp\drm_dyndata_7320010.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2009-07-13 17:00] - [2009-07-13 18:41] - 0514048 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\rpcss.dll No Company Name <===== ATTENTION!

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-23 19:38

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2014 01
Ran by michael at 2014-09-22 05:39:17
Running from C:\Users\michael\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Amazon MP3 Downloader 1.0.12 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.12 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BounceBack Express (HKLM-x32\...\{95632566-071E-4A02-92C1-4BD907065736}) (Version: 6.1.2 - )
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C6200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.111.0.62 - Conexant)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
CyberLink YouCam (x32 Version: 3.0.3030 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.0.8 - Lenovo)
F4200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
GameXN GO (HKCU\...\Game Organizer) (Version:  - GameXN AS)
Glary Utilities 2.45.0.1486 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.45.0.1486 - Glarysoft Ltd)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{A00C9114-40E6-4C70-A619-7DF264B23485}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (HKLM\...\{988329F4-A1A1-4D51-803C-EF2725A97627}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo EasyCamera (HKLM-x32\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 6.96.2018.21 - Lenovo EasyCamera)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1230 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Photo Notifier and Animation Creator (HKLM-x32\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1009 - IncrediMail Ltd.)
Photo Notifier and Animation Creator (x32 Version: 1.0.0.1009 - IncrediMail) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PS_AIO_02_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30116 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SCRABBLE (HKLM-x32\...\SCRABBLE) (Version: 1.0.1.3 - GameHouse, Inc.)
Seagate SeaTools English Online (HKLM-x32\...\Seagate SeaTools English Online) (Version:  - Ontrack Data International, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.25.0 - Synaptics Incorporated)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Mobile Device Updater Component (Version: 04.07.1407.00 - Microsoft Corporation) Hidden
Wise Disk Cleaner 5.93 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version:  - WiseCleaner.com)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )
Zune (HKLM\...\Zune) (Version: 04.07.1404.00 - Microsoft Corporation)
Zune (Version: 04.07.1404.00 - Microsoft Corporation) Hidden
Zune Language Pack (DEU) (Version: 04.07.1404.00 - Microsoft Corporation) Hidden
Zune Language Pack (ESP) (Version: 04.07.1404.00 - Microsoft Corporation) Hidden
Zune Language Pack (FRA) (Version: 04.07.1404.00 - Microsoft Corporation) Hidden
Zune Language Pack (ITA) (Version: 04.07.1404.00 - Microsoft Corporation) Hidden
Zune Language Pack (NLD) (Version: 04.07.1404.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTB) (Version: 04.07.1404.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTG) (Version: 04.07.1404.00 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-156623571-785845423-2841114081-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\michael\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-156623571-785845423-2841114081-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\michael\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-156623571-785845423-2841114081-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\michael\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-156623571-785845423-2841114081-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\michael\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

27-06-2014 22:24:42 Windows Update
01-07-2014 14:24:27 Windows Update
05-07-2014 05:25:32 Windows Update
08-07-2014 16:45:13 Windows Update
11-07-2014 04:48:26 Windows Update
15-07-2014 00:21:07 Windows Update
18-07-2014 14:32:58 Windows Update
24-07-2014 01:04:37 Windows Update
24-07-2014 06:35:59 Windows Update
26-07-2014 05:34:46 Microsoft Antimalware Checkpoint
12-09-2014 20:37:18 Windows Update
12-09-2014 20:49:03 Windows Update
13-09-2014 16:07:18 Microsoft Antimalware Checkpoint
17-09-2014 20:49:31 Windows Update
18-09-2014 16:45:35 Microsoft Antimalware Checkpoint
18-09-2014 19:25:56 Installed Windows 7 USB/DVD Download Tool
19-09-2014 17:09:09 Microsoft Antimalware Checkpoint
20-09-2014 17:32:38 Microsoft Antimalware Checkpoint
22-09-2014 12:35:33 Microsoft Antimalware Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2311D45D-5A54-4BDB-99FC-AA34421D9E95} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-156623571-785845423-2841114081-1000Core => C:\Users\michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-08] (Google Inc.)
Task: {2FEA89F2-C5F9-461B-A507-F21549BFE352} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-23] (Piriform Ltd)
Task: {6794E9D3-0EFC-4277-8E7E-DB9BB6EEC125} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6811B050-67D0-4B6E-8B40-7BD8A7B86E93} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-12] (Adobe Systems Incorporated)
Task: {7A0368D1-0C15-4092-BF95-50C7DDCF4933} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-08] (Google Inc.)
Task: {9E2162AE-992A-4D70-ACA6-E5AA93108B2D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-156623571-785845423-2841114081-1000UA => C:\Users\michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-08] (Google Inc.)
Task: {B687148A-F4DE-4D9A-B91A-87FEE7DFE813} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-08] (Google Inc.)
Task: {B846006D-03BF-4E5B-8607-6F3FF35B3563} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2012-05-13] (Glarysoft Ltd)
Task: {EC2260EB-83C8-460D-AC8E-7AC11A01E14E} - \WPD\SqmUpload_S-1-5-21-156623571-785845423-2841114081-500 No Task File <==== ATTENTION
Task: {F59C348A-B77B-488D-BC22-648BF87A2973} - System32\Tasks\{F1018AA9-74B6-47AA-A864-657CCDEAC100} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-156623571-785845423-2841114081-1000Core.job => C:\Users\michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-156623571-785845423-2841114081-1000UA.job => C:\Users\michael\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-07-13 17:00 - 2009-07-13 18:41 - 00514048 _____ () c:\windows\system32\rpcss.dll
2010-11-13 18:10 - 2009-07-15 08:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2010-11-13 18:10 - 2009-07-15 08:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-10 15:47 - 2013-01-10 15:47 - 00170496 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\d89f0252d910d617de1de783a812f840\IsdiInterop.ni.dll
2010-11-13 17:26 - 2010-03-03 13:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: GameXN GO => "C:\ProgramData\GameXN\GameXNGO.exe" /startup
MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/22/2014 05:35:31 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {864067bb-e1ae-40fb-bd1b-0cc89991682f}

Error: (09/22/2014 05:35:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0xee8
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3

Error: (09/22/2014 05:35:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time stamp: 0x5339cec3
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x67c
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report Id: mbamscheduler.exe3

Error: (09/20/2014 11:39:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xccc
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (09/20/2014 11:38:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x134c
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (09/20/2014 11:37:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0xcd8
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3

Error: (09/20/2014 11:37:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time stamp: 0x5339cec3
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x5e8
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report Id: mbamscheduler.exe3

Error: (09/20/2014 11:34:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x11a4
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (09/20/2014 11:32:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x12bc
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (09/20/2014 11:32:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0xc14
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3


System errors:
=============
Error: (09/22/2014 05:36:07 AM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: %Virus:Win64/Viknok.A60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Virus:Win64/Viknok.A603

	Name: Virus:Win64/Viknok.A

	ID: 2147687950

	Severity: %Virus:Win64/Viknok.A600

	Category: %Virus:Win64/Viknok.A602

	Path: 4.6.0305.02

	Detection Origin: 4.6.0305.04

	Detection Type: 4.6.0305.08

	Detection Source: %Virus:Win64/Viknok.A608

	User: {24DC9E1F-74E0-4EC1-A199-87C772338D48}9

	Process Name: %Virus:Win64/Viknok.A609

	Action: {24DC9E1F-74E0-4EC1-A199-87C772338D48}1

	Action Status:  {24DC9E1F-74E0-4EC1-A199-87C772338D48}8

	Error Code: {24DC9E1F-74E0-4EC1-A199-87C772338D48}3

	Error description: {24DC9E1F-74E0-4EC1-A199-87C772338D48}4

	Signature Version: 2014-09-22T12:34:48.226Z1

	Engine Version: 2014-09-22T12:34:48.226Z2

Error: (09/22/2014 05:35:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/22/2014 05:35:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Microsoft Network Inspection System service depends on the Base Filtering Engine service which failed to start because of the following error: 
%%1053

Error: (09/22/2014 05:35:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error: 
%%1053

Error: (09/22/2014 05:35:07 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

Error: (09/22/2014 05:34:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: 
%%1053

Error: (09/22/2014 05:34:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Base Filtering Engine service failed to start due to the following error: 
%%1053

Error: (09/22/2014 05:34:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Base Filtering Engine service to connect.

Error: (09/22/2014 05:34:23 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (09/22/2014 05:34:12 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Print Spooler service hung on starting.


Microsoft Office Sessions:
=========================
Error: (09/22/2014 05:35:31 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {864067bb-e1ae-40fb-bd1b-0cc89991682f}

Error: (09/22/2014 05:35:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8aee801cfd661a4498ca3C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeeb119d56-4254-11e4-8d94-88ae1de492a8

Error: (09/22/2014 05:35:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.0.2.05339cec3MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd67c01cfd66198fb779cC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlle0748e19-4254-11e4-8d94-88ae1de492a8

Error: (09/20/2014 11:39:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdccc01cfd50227584e7aC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll651def3c-40f5-11e4-812c-88ae1de492a8

Error: (09/20/2014 11:38:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd134c01cfd502055a4c55C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll43415860-40f5-11e4-812c-88ae1de492a8

Error: (09/20/2014 11:37:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8acd801cfd501f74c0423C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe3e0a7880-40f5-11e4-812c-88ae1de492a8

Error: (09/20/2014 11:37:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.0.2.05339cec3MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd5e801cfd501e821f68aC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll32213b70-40f5-11e4-812c-88ae1de492a8

Error: (09/20/2014 11:34:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd11a401cfd50183bacc45C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllc17ee668-40f4-11e4-8754-88ae1de492a8

Error: (09/20/2014 11:32:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd12bc01cfd5013e3c3dd2C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll7c1c1d64-40f4-11e4-8754-88ae1de492a8

Error: (09/20/2014 11:32:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8ac1401cfd501221ede2eC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe68fee5ca-40f4-11e4-8754-88ae1de492a8


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
Percentage of memory in use: 40%
Total physical RAM: 3894.85 MB
Available physical RAM: 2307.59 MB
Total Pagefile: 7787.84 MB
Available Pagefile: 6060.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:254.14 GB) (Free:175.12 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.81 GB) NTFS
Drive f: (UNTITLED) (Removable) (Total:0.95 GB) (Free:0.94 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 89EA7A30)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=254.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

========================================================
Disk: 1 (Size: 979 MB) (Disk ID: 85C8AEBD)
Partition 1: (Active) - (Size=979 MB) - (Type=0B)

==================== End Of Log ============================
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-09-22 05:50:39
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.0010 298.09GB
Running: szl9rm1y.exe; Driver: C:\Users\michael\AppData\Local\Temp\uxtiqpoc.sys


---- Threads - GMER 2.1 ----

Thread  C:\windows\system32\svchost.exe [660:736]                                                        000000000061ab20
Thread  C:\windows\system32\svchost.exe [660:748]                                                        0000000000611798
Thread  C:\windows\system32\svchost.exe [660:752]                                                        0000000000f9c784
Thread  C:\windows\system32\svchost.exe [660:756]                                                        0000000000f9c018
Thread  C:\windows\system32\svchost.exe [660:760]                                                        0000000000611708
Thread  C:\windows\system32\svchost.exe [660:1488]                                                       0000000000f9b54c
Thread  C:\windows\system32\svchost.exe [660:1492]                                                       0000000000f9b54c
Thread  C:\windows\system32\svchost.exe [660:1496]                                                       0000000000f9b54c
Thread  C:\windows\system32\svchost.exe [660:1500]                                                       0000000000f9b54c
Thread  C:\windows\SysWOW64\svchost.exe [1504:1552]                                                      00000000001f6651
Thread  C:\windows\SysWOW64\svchost.exe [1504:1572]                                                      00000000001f6013
Thread  C:\windows\SysWOW64\svchost.exe [1504:1604]                                                      000000000038c1ab
Thread  C:\windows\SysWOW64\svchost.exe [1512:1548]                                                      00000000001a6651
Thread  C:\windows\SysWOW64\svchost.exe [1512:1568]                                                      00000000001a6013
Thread  C:\windows\SysWOW64\svchost.exe [1512:1600]                                                      000000000026c1ab
Thread  C:\windows\SysWOW64\svchost.exe [1520:1556]                                                      0000000000186651
Thread  C:\windows\SysWOW64\svchost.exe [1520:1584]                                                      0000000000186013
Thread  C:\windows\SysWOW64\svchost.exe [1520:1608]                                                      00000000001dc1ab
Thread  C:\windows\SysWOW64\svchost.exe [1528:1560]                                                      00000000001a6651
Thread  C:\windows\SysWOW64\svchost.exe [1528:1588]                                                      00000000001a6013
Thread  C:\windows\SysWOW64\svchost.exe [1528:1612]                                                      000000000026c1ab
Thread  C:\windows\servicing\TrustedInstaller.exe [4464:2944]                                            000000000031c784
Thread  C:\windows\servicing\TrustedInstaller.exe [4464:1716]                                            000000000031c018

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88                      
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet)  

---- EOF - GMER 2.1 ----

Attached Files


Edited by Kevin_R, 22 September 2014 - 01:10 PM.


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:21 PM

Posted 22 September 2014 - 08:33 AM

You´ve accidentally posted the attach.txt by DDS.

Please post up the addition.txt by FRST as well. :)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Kevin_R

Kevin_R
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 22 September 2014 - 08:45 AM

oops, the similar name tripped me up.

 

post above has been edited.  


Edited by Kevin_R, 22 September 2014 - 01:12 PM.


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:21 PM

Posted 23 September 2014 - 06:46 AM

Search for files with FRST (Recovery Environment)


Run FRST.

Type the following in the edit box after "Search:"

rpcss.dll

Click Search button and post the log (Search.txt) it makes to your reply.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 Kevin_R

Kevin_R
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 23 September 2014 - 09:35 AM

search text below.

Farbar Recovery Scan Tool (x64) Version: 21-09-2014 01
Ran by michael at 2014-09-23 07:25:51
Running from C:\Users\michael\Desktop
Boot Mode: Normal

================== Search Files: "rpcss.dll" =============

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[2009-07-13 17:00][2009-07-13 18:41] 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027 [File is signed]

C:\Windows\System32\rpcss.dll
[2009-07-13 17:00][2009-07-13 18:41] 0514048 ____A () D41D8CD98F00B204E9800998ECF8427E

====== End Of Search ======


#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:21 PM

Posted 23 September 2014 - 09:50 AM

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 Kevin_R

Kevin_R
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 23 September 2014 - 10:19 AM

FRST run, fixlog below.

 

Malwarebytes not run.  It gets to the screen "Do you want to allow the following program to make changes to this computer?".  I click "yes".  Then Malwarebytes appears to quit.  Should I remove the existing copy and re-instal?

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-09-2014 01
Ran by michael at 2014-09-23 07:54:52 Run:1
Running from C:\Users\michael\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll C:\Windows\System32\rpcss.dll
Task: {EC2260EB-83C8-460D-AC8E-7AC11A01E14E} - \WPD\SqmUpload_S-1-5-21-156623571-785845423-2841114081-500 No Task File <==== ATTENTION
SearchScopes: HKLM-x32 - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=UXxdm011YYus&ptnrS=UXxdm011YYus&si=maps4pc&ptb=22036284-C447-42B5-B5C6-28A699D75160&ind=2012050612&n=77ed74b4&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=UXxdm011YYus&ptnrS=UXxdm011YYus&si=maps4pc&ptb=22036284-C447-42B5-B5C6-28A699D75160&ind=2012050612&n=77ed74b4&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredimail.com/mb95/?search={searchTerms}&loc=search_box&a=ICf2BZz3n7

EmptyTemp:
*****************

C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC2260EB-83C8-460D-AC8E-7AC11A01E14E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC2260EB-83C8-460D-AC8E-7AC11A01E14E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-156623571-785845423-2841114081-500" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}" => Key deleted successfully.
"HKCR\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}" => Key deleted successfully.
"HKCR\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}" => Key not found.
EmptyTemp: => Removed 3.5 GB temporary data.


The system needed a reboot. 

==== End of Fixlog ====


#10 Kevin_R

Kevin_R
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 23 September 2014 - 10:50 AM

In addition to Malwarebytes quitting, the computer appears to be running something in the background now.  The drive activity light continues to flicker and it hasn't entered sleep mode.  The taskbar doesn't indicate anything running.



#11 Kevin_R

Kevin_R
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 23 September 2014 - 11:56 AM

Whatever was running has finished.  Malwarebytes still quits.



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:21 PM

Posted 24 September 2014 - 05:43 AM

Clean reinstall of Malwarebytes Antimalware
 
 
Remove Malwarebytes Antimalware following theseinstructions.
When finished, reinstall it and run a scan:
 
 
Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 Kevin_R

Kevin_R
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 24 September 2014 - 09:36 AM

MBAM successfully re-installed and scan run with nothing detected.  Log pasted below.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/24/2014
Scan Time: 5:52:28 AM
Logfile: 
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.24.05
Rootkit Database: v2014.09.19.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: michael

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 334921
Time Elapsed: 12 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:21 PM

Posted 24 September 2014 - 10:08 AM

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 Kevin_R

Kevin_R
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 24 September 2014 - 11:57 AM

ESET Online Scan completed.  Log below.

C:\FRST\Quarantine\C\Windows\System32\rpcss.dll.xBAD	Win64/Patched.H trojan
C:\Users\michael\Downloads\ccsetup325.exe	Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Users\michael\Downloads\gusetup.exe	a variant of Win32/ELEX.AG potentially unwanted application
C:\Users\michael\Downloads\WDCFree.exe	a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users