-
April 19th, 2013, 08:52 AM
#1
[RESOLVED] Infected with MixDJ Toolbar--Win 8
I downloaded a piece of freeware that had the malware MiXDJ Toolbar and it installed myself onto my (brand new) computer and I can't get rid of it!
I tried following this thread, but got stuck at ComboFix because ComboFix doesn't have software for Windows 8. Any help would be greatly appreciated!
http://discussions.virtualdr.com/sho...-Mixdj-toolbar
-
April 19th, 2013, 12:24 PM
#2
Welcome aboard
Please, complete all steps listed here: http://discussions.virtualdr.com/sho...d.php?t=167915
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
===============================
Never attempt to run Combofix on your own.
-
April 19th, 2013, 11:47 PM
#3
Thank you for your willingness to help me! I did do a factory restore because I just bought the computer a week ago, but it still seems to be there! I am running a full scan using Avast now and will post the log as soon as it is done!
Thank you again!
-
April 20th, 2013, 12:09 AM
#4
I did an Avast full system scan and no viruses were found. Running Malwarebytes next!
-
April 20th, 2013, 12:10 AM
#5
Malwarebytes Log
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.04.20.03
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16384
Jennifer :: JEN [administrator]
4/19/2013 11:06:07 PM
mbam-log-2013-04-19 (23-06-07).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209017
Time elapsed: 2 minute(s), 31 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
April 20th, 2013, 12:14 AM
#6
aswMBR scan results
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-19 23:12:55
-----------------------------
23:12:55.858 OS Version: Windows x64 6.2.9200
23:12:55.858 Number of processors: 4 586 0x3A09
23:12:55.858 ComputerName: JEN UserName:
23:12:55.860 Initialze error 1
23:12:55.907 AVAST engine defs: 13041901
23:12:58.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000038
23:12:58.830 Disk 0 Vendor: HGST_HTS541075A9E680 JA2OA560 Size: 715404MB BusType: 11
23:12:58.837 Disk 0 MBR read successfully
23:12:58.839 Disk 0 MBR scan
23:12:58.840 Disk 0 unknown MBR code
23:12:58.842 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
23:12:58.845 Disk 0 scanning C:\Windows\system32\drivers
23:12:58.847 Service scanning
23:12:59.535 Modules scanning
23:12:59.540 Disk 0 trace - called modules:
23:12:59.549 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
23:12:59.555 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008db6060]
23:12:59.561 3 CLASSPNP.SYS[fffff8800202d8aa] -> nt!IofCallDriver -> [0xfffffa800743f3c0]
23:12:59.570 5 ACPI.sys[fffff88001001a91] -> nt!IofCallDriver -> \Device\00000038[0xfffffa800743f7f0]
23:12:59.576 AVAST engine scan C:\
23:12:59.580 Scan finished successfully
23:13:08.521 Disk 0 MBR has been saved successfully to "C:\Users\Jennifer\Desktop\MBR.dat"
23:13:08.525 The log file has been saved successfully to "C:\Users\Jennifer\Desktop\aswMBR.txt"
-
April 20th, 2013, 12:17 AM
#7
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume1
Install Date: 4/19/2013 12:37:38 PM
System Uptime: 4/19/2013 8:42:42 PM (3 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | K55A
Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz | SOCKET 0 | 2601/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 279 GiB total, 238.339 GiB free.
D: is FIXED (NTFS) - 398 GiB total, 397.233 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2: 4/19/2013 3:34:00 PM - Language Pack Removal
RP3: 4/19/2013 9:42:03 PM - Initial Backup
.
==== Installed Programs ======================
.
Adobe Reader X MUI
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS Instant Connect
ASUS InstantOn
ASUS Live Update
ASUS Smart Gesture
ASUSDVD
ATK Package
avast! Free Antivirus
Bonjour
Classic Shell
Dropbox
FileZilla Client 3.6.0.2
Google Chrome
Google Drive
Google Update Helper
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
iTunes
LastPass(uninstall only)
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Internet Security
Microsoft Office
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
Qualcomm Atheros Bluetooth Suite (64)
Qualcomm Atheros Client Installation Program
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Shared C Run-time for x64
Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148)
WinFlash
.
==== Event Viewer Messages From Past Week ========
.
4/19/2013 8:46:07 PM, Error: Service Control Manager [7003] - The McAfee Network Agent service depends on the following service: MfeFire. This service might not be installed.
4/19/2013 8:43:50 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{DC47B852-3008-47DB-BB4E-5AD914CAF089} because another computer on the network has the same name. The server could not start.
4/19/2013 8:43:50 PM, Error: NetBT [4321] - The name "JEN :20" could not be registered on the interface with IP address 192.168.0.17. The computer with the IP address 192.168.0.15 did not allow the name to be claimed by this computer.
4/19/2013 8:43:45 PM, Error: Service Control Manager [7003] - The McAfee Anti-Spam Service service depends on the following service: MfeFire. This service might not be installed.
4/19/2013 8:29:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McNASvc service.
4/19/2013 3:35:43 PM, Error: NetBT [4321] - The name "JEN :0" could not be registered on the interface with IP address 192.168.0.17. The computer with the IP address 192.168.0.15 did not allow the name to be claimed by this computer.
4/19/2013 3:12:29 PM, Error: volmgr [46] - Crash dump initialization failed!
4/19/2013 11:05:59 PM, Error: Service Control Manager [7023] - The Interactive Services Detection service terminated with the following error: Incorrect function.
.
==== End Of File ===========================
-
April 20th, 2013, 12:17 AM
#8
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16384
Run by Jennifer at 23:14:58 on 2013-04-19
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.8078.6042 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\system32\igfxpers.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
C:\Windows\explorer.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files\Classic Shell\ClassicShellService.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus13.msn.com
uDefault_Page_URL = hxxp://asus13.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Jennifer\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
mPolicies-System: DisableCAD = dword:1
IE: LastPass - C:\Users\Jennifer\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\Jennifer\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{DC47B852-3008-47DB-BB4E-5AD914CAF089} : DHCPNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [BtTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
x64-Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-5 645952]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\Drivers\mfehidk.sys [2013-4-19 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\Drivers\mfewfpk.sys [2013-4-19 340216]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-4-19 377920]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-13 277120]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-4-19 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-4-19 80816]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-8-10 211584]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-4-19 45248]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-12-28 2451456]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-12-28 129856]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-12-28 166720]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2013-4-19 201304]
R2 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2013-4-19 201304]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-4-19 182752]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-12-28 365376]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-8-10 323584]
R3 aswVmm;aswVmm;C:\Windows\System32\Drivers\aswVmm.sys [2013-4-19 178624]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2012-12-28 88728]
R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2012-10-31 61824]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2012-12-28 344216]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2012-12-28 114840]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2012-12-28 33944]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2012-12-28 178840]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2012-12-28 76952]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2012-12-28 135832]
R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2012-12-28 567808]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2012-11-9 21152]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-11-9 342528]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\Drivers\mfeavfk.sys [2013-4-19 309840]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\Drivers\mfefirek.sys [2013-4-19 515968]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2012-12-28 295056]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-12-28 683664]
S0 aswRvrt;aswRvrt;C:\Windows\System32\Drivers\aswRvrt.sys [2013-4-19 65336]
S0 mfeelamk;McAfee Inc. mfeelamk;C:\Windows\System32\Drivers\mfeelamk.sys [2013-4-19 69168]
S1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-4-19 1025808]
S2 0055481366430763mcinstcleanup;McAfee Application Installer Cleanup (0055481366430763);C:\Windows\TEMP\005548~1.EXE -cleanup -nolog --> C:\Windows\TEMP\005548~1.EXE -cleanup -nolog [?]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2013-4-19 201304]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2013-4-19 201304]
S2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\SystemCore\mcshield.exe [2013-4-19 241456]
S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe [2013-4-19 218760]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\Drivers\cfwids.sys [2013-4-19 70112]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\Drivers\HipShieldK.sys [2013-4-19 196440]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-8-4 332080]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\Drivers\mferkdet.sys [2013-4-19 106552]
.
=============== Created Last 30 ================
.
2013-04-20 04:06:59 196440 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2013-04-20 04:05:49 10728 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2013-04-20 04:05:37 182752 ----a-w- C:\Windows\System32\mfevtps.exe
2013-04-20 04:05:33 340216 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2013-04-20 04:05:32 771536 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2013-04-20 04:05:32 69168 ----a-w- C:\Windows\System32\drivers\mfeelamk.sys
2013-04-20 04:05:32 106552 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2013-04-20 04:05:31 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2013-04-20 04:05:31 515968 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2013-04-20 04:05:31 309840 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2013-04-20 04:05:31 179280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2013-04-20 03:49:52 -------- d-----w- C:\Users\Jennifer\AppData\Local\CrashDumps
2013-04-20 03:34:25 14880256 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-04-20 03:34:19 -------- d-----w- C:\Program Files (x86)\LastPass
2013-04-20 03:27:54 -------- d-----w- C:\Users\Jennifer\AppData\Roaming\Malwarebytes
2013-04-20 03:12:47 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-04-20 03:12:42 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-04-20 03:12:42 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-04-20 03:12:42 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-04-20 03:12:41 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-04-20 03:12:07 41664 ----a-w- C:\Windows\avastSS.scr
2013-04-20 03:11:59 -------- d-----w- C:\ProgramData\AVAST Software
2013-04-20 03:11:59 -------- d-----w- C:\Program Files\AVAST Software
2013-04-20 03:11:42 -------- d-----w- C:\ProgramData\Malwarebytes
2013-04-20 03:11:41 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-20 03:11:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-20 03:11:40 -------- d-----w- C:\Users\Jennifer\AppData\Local\Programs
2013-04-20 03:11:36 -------- d-----w- C:\Users\Jennifer\AppData\Local\Apple Computer
2013-04-20 03:11:21 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-04-20 03:10:58 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-04-20 03:10:58 -------- d-----w- C:\Program Files\iTunes
2013-04-20 03:10:58 -------- d-----w- C:\Program Files\iPod
2013-04-20 03:10:58 -------- d-----w- C:\Program Files (x86)\iTunes
2013-04-20 03:10:35 -------- d-----w- C:\Users\Jennifer\AppData\Local\Apple
2013-04-20 03:10:31 -------- d-----w- C:\Program Files\Bonjour
2013-04-20 03:10:31 -------- d-----w- C:\Program Files (x86)\Bonjour
2013-04-20 03:08:02 -------- d-----w- C:\Users\Jennifer\AppData\Roaming\Dropbox
2013-04-20 01:51:15 -------- d-----w- C:\Users\Jennifer\AppData\Local\Google
2013-04-20 01:34:49 -------- d-----w- C:\sources
2013-04-20 01:31:13 -------- d-----w- C:\Users\Jennifer\AppData\Local\Deployment
2013-04-20 01:31:13 -------- d-----w- C:\Users\Jennifer\AppData\Local\Apps
2013-04-19 17:41:13 -------- d-----w- C:\Users\Jennifer\AppData\Local\BMExplorer
2013-04-19 17:40:52 -------- d-----w- C:\Users\Jennifer\AppData\Roaming\ASUS WebStorage
2013-04-19 17:40:45 -------- d-----w- C:\Users\Jennifer\AppData\Roaming\Atheros
2013-04-19 17:40:18 -------- d-----r- C:\Users\Jennifer\Searches
2013-04-19 17:39:28 -------- d-----w- C:\ProgramData\FolderView
2013-04-19 17:38:38 -------- d-----r- C:\Users\Jennifer\Contacts
.
==================== Find3M ====================
.
2013-01-24 17:32:08 2177648 ----a-w- C:\Windows\System32\coin93.dll
.
============= FINISH: 23:15:22.82 ===============
-
April 20th, 2013, 12:50 AM
#9
You're running 3 AV programs, McAfee, Avast and Windows Defender (that's MSE in Windows 8)./
You need to uninstall TWO of them.
If McAfee is one of them use this tool: http://majorgeeks.com/McAfee_Consume...ool_d5420.html
If Windows Defender (MSE) is another one you have to disable it (WD can't be uninstalled).
Download RogueKiller on the desktop
- Close all the running programs
- Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
- Otherwise just double-click on RogueKiller.exe
- Pre-scan will start. Let it finish.
- Click on SCAN button.
- Wait until the Status box shows Scan Finished
- Click on Delete.
- Wait until the Status box shows Deleting Finished.
- Click on Report and copy/paste the content of the Notepad into your next reply.
- RKreport.txt could also be found on your desktop.
- If more than one log is produced post all logs.
- If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
Download Malwarebytes Anti-Rootkit (MBAR) from HERE
- Unzip downloaded file.
- Open the folder where the contents were unzipped and run mbar.exe
- Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
- Click on the Cleanup button to remove any threats and reboot if prompted to do so.
- Wait while the system shuts down and the cleanup process is performed.
- Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
- When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
-
April 20th, 2013, 09:46 AM
#10
RK Log 1
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Jennifer [Admin rights]
Mode : Scan -- Date : 04/20/2013 08:41:24
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: HGST HTS541075A9E680 +++++
--- User ---
[MBR] 376354a5f1fea24eecbf5881810ed65e
[BSP] 36cd65d2c5dae24661a4f793aca37976 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_04202013_02d0841.txt >>
RKreport[1]_S_04202013_02d0841.txt
RK Log 2
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Jennifer [Admin rights]
Mode : Remove -- Date : 04/20/2013 08:43:39
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: HGST HTS541075A9E680 +++++
--- User ---
[MBR] 376354a5f1fea24eecbf5881810ed65e
[BSP] 36cd65d2c5dae24661a4f793aca37976 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_04202013_02d0843.txt >>
RKreport[1]_S_04202013_02d0841.txt ; RKreport[2]_D_04202013_02d0843.txt
-
April 20th, 2013, 10:05 AM
#11
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.04.20.05
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16384
Jennifer :: JEN [administrator]
4/20/2013 9:03:14 AM
mbar-log-2013-04-20 (09-03-14).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 7177
Time elapsed: 13 minute(s), 53 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.2.9200 Windows 8 x64
Account is Administrative
Internet Explorer version: 10.0.9200.16384
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 8469909504, free: 6465867776
------------ Kernel report ------------
04/20/2013 08:48:19
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsBaStor.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\AsusTP.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbfiltr.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\AsHIDSwitch64.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\btath_bus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\dc3d.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\System32\drivers\btath_rcp.sys
\SystemRoot\system32\drivers\btath_avdt.sys
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\System32\drivers\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8008cf3060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000038\
Lower Device Object: 0xfffffa8007427060
Lower Device Driver Name: \Driver\iaStorA\
Driver name found: iaStorA
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\Drivers\storport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.04.20.05
Downloaded database version: v2013.04.17.03
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 4
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8008cf3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008cf3b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008cf3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80074282a0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007427060, DeviceName: \Device\00000038\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xfffff8a00ab57f20, 0xfffffa8008cf3060, 0xfffffa800766e740
Lower DeviceData: 0xfffff8a00a0c3580, 0xfffffa8007427060, 0xfffffa800d8b8450
Partition type: GUID
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 4
Partition type: GUID
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: C2B20764
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 703931948
GPT Header CurrentLba = 1 BackupLba 1465149167
GPT Header FirstUsableLba 34 LastUsableLba 1465149134
GPT Header Guid dc9eb263-3b9e-41d0-b370-bab1e79722c6
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 703931948
Backup GPT header CurrentLba = 1465149167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1465149134
Backup GPT header Guid dc9eb263-3b9e-41d0-b370-bab1e79722c6
Backup GPT header Contains 128 partition entries starting at LBA 1465149135
Backup GPT header Partition entry size = 128
Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID a567588-aa2-4b12-907-2f5ec24cb9c0
FirstLBA 2048 Last LBA 616447
Attributes 0
Partition Name EFI system partition
GPT Partition 0 is bootable
Partition 1 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 925318e6-d763-42d8-a2a9-3137e7dd6b2e
FirstLBA 616448 Last LBA 2459647
Attributes 1
Partition Name Basic data partition
Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID 49ad7db-ea38-4f9b-adab-8560926784ff
FirstLBA 2459648 Last LBA 2721791
Attributes 0
Partition Name Microsoft reserved partition
Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 7ec4a428-9d7e-46fd-8d43-7c01413c6c7
FirstLBA 2721792 Last LBA 588779519
Attributes 0
Partition Name Basic data partition
Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID efc5d252-3e36-40c0-9d1b-ce66e21bc166
FirstLBA 588779520 Last LBA 1423183871
Attributes 0
Partition Name Basic data partition
Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID cf5f903a-c49c-497e-a398-ad68d367015
FirstLBA 1423183872 Last LBA 1465147391
Attributes 1
Partition Name Basic data partition
Disk Size: 750156374016 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
-
April 20th, 2013, 01:29 PM
#12
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/...-in-windows-7/
- Vista: http://www.howtogeek.com/howto/windo...ystem-restore/
- XP: http://support.microsoft.com/kb/948247
Please download ComboFix from Here, Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix. - Double click on combofix.exe & follow the prompts.
- NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try the following...
Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
Restart computer in safe mode
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
-
April 20th, 2013, 09:00 PM
#13
I downloaded ComboFix and it said it doesn't work with Windows 8. Windows 8 then offers to install it as a compatible program. Should I try to run it that way?
-
April 20th, 2013, 10:08 PM
#14
My apology
Please download Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Double-click to run it. When the tool opens click Yes to disclaimer.[/*]
- Press Scan button.[/*]
- It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.[/*]
- The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.[/*]
-
April 20th, 2013, 10:15 PM
#15
No problem! I just appreciate all of your help!
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-04-2013 01
Ran by Jennifer (administrator) on 20-04-2013 21:11:51
Running from C:\Users\Jennifer\Desktop
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(IvoSoft) [1104] C:\Program Files\Classic Shell\ClassicShellService.exe
(ASUSTek Computer Inc.) [1324] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) [1404] C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) [1428] C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) [1852] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) [1888] C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) [2000] C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) [2036] C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) [1448] C:\Windows\system32\dashost.exe
(Intel(R) Corporation) [1436] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) [1020] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Atheros) [2088] C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Realsil Microelectronics Inc.) [3716] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) [3740] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) [3788] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) [4068] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ASUSTek Computer Inc.) [3056] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) [1460] C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(IvoSoft) [3060] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(ASUSTek Computer Inc.) [2628] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) [3836] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) [3832] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) [1244] C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(AsusTek) [2868] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) [2540] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) [2060] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Intel Corporation) [3688] C:\Windows\System32\igfxtray.exe
(Intel Corporation) [3844] C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) [3584] C:\Windows\System32\RuntimeBroker.exe
(Realtek Semiconductor) [2504] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) [2572] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) [3852] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) [3964] C:\Windows\System32\igfxpers.exe
(CyberLink Corp.) [1376] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Apple Inc.) [1828] C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) [3600] C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) [2244] C:\Program Files\iPod\bin\iPodService.exe
(AsusTek) [4304] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ASUSTeK Computer Inc.) [4856] C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) [4520] C:\Windows\SysWOW64\ctfmon.exe
(AsusTek) [2688] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Farbar) [4888] C:\Users\Jennifer\Desktop\FRST64.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe" [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [127616 2012-08-10] (Qualcomm Atheros Commnucations)
HKLM-x32\...\RunOnce: [Z1] cmd /c "C:\Users\Jennifer\Downloads\mbar-1.05.0.1001\mbar\mbar.exe" /cleanup /s [1398856 2013-04-20] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Z1] cmd /c "C:\Users\Jennifer\Downloads\mbar-1.05.0.1001\mbar\mbar.exe" /cleanup /s [1398856 2013-04-20] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4767304 2013-03-06] (AVAST Software)
Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Winsock: Catalog5 07 %SystemRoot%\system32\wshbth.dll [50688] (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog5-x64 07 %SystemRoot%\system32\wshbth.dll [64000] (Microsoft Corporation)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Chrome:
=======
CHR HomePage: https://www.google.com/reader/view/?...es%2Findex.xml
CHR RestoreOnStartup: https://www.google.com/reader", "hxxp://www.google.com/", "hxxp://www.msn.com/?pc=U016&ocid=U016DHP&dt=041913", "hxxp://search.conduit.com/?ctid=CT3287822&SearchSource=48&CUI=UN17986453404438157&UM=2
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Google Docs) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (WOT) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.11_0
CHR Extension: (YouTube) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Ultimate Google Docs Viewer) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\edgbhipncfdgcekflcoelhmnkcfdfjcl\0.8.4.7_0
CHR Extension: (Springpad) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmopoamfjnmppabeaphohombnjcjgla\6_0
CHR Extension: (AdBlock) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0
CHR Extension: (Pinterest) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.1_0
CHR Extension: (LastPass) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.25_0
CHR Extension: (avast! WebRep) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0
CHR Extension: (Super Full Feeds for Google Reader\u2122) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\khbjahpecnkenngkidhioicnfpakihgo\1.3.2_0
CHR Extension: (ZipList Recipe Clipper) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgnplfeogpkbplfamjbigeekindmicbe\1.1.3_0
CHR Extension: ( "name": "Feedly") - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndhinffkekpekljifjkkkkkhopnjodja\14.0.484_0
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.2_0
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0
CHR Extension: (Checker Plus for Gmail\u2122) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj\13.2_0
CHR Extension: (The Tracktor - Amazon Price Tracker) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\onajjgekdldckfgodnmoallcmdmfcfom\3.1.2_0
CHR Extension: (Gmail) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
==================== Services (Whitelisted) =================
S2 0055481366430763mcinstcleanup; C:\Windows\TEMP\005548~1.EXE [833616 2013-01-30] (McAfee, Inc.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
R2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248 2013-03-06] (AVAST Software)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-04-12] (IvoSoft)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros)
==================== Drivers (Whitelisted) ====================
R2 ASMMAP64; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-03-06] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [70992 2013-03-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-03-06] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-03-06] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [377920 2013-03-06] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [68920 2013-03-06] (AVAST Software)
S3 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178624 2013-03-06] ()
R3 AthBTPort; C:\Windows\system32\DRIVERS\btath_flt.sys [88728 2012-08-10] (Qualcomm Atheros)
R3 athr; C:\Windows\system32\DRIVERS\athw8x.sys [3624960 2012-08-16] (Qualcomm Atheros Communications, Inc.)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R3 BTATH_A2DP; C:\Windows\system32\drivers\btath_a2dp.sys [344216 2012-08-10] (Qualcomm Atheros)
R3 btath_avdt; C:\Windows\system32\drivers\btath_avdt.sys [114840 2012-08-10] (Qualcomm Atheros)
R3 BTATH_BUS; C:\Windows\System32\drivers\btath_bus.sys [33944 2012-08-10] (Qualcomm Atheros)
R3 BTATH_HCRP; C:\Windows\System32\drivers\btath_hcrp.sys [178840 2012-08-10] (Qualcomm Atheros)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BTATH_RCP; C:\Windows\System32\drivers\btath_rcp.sys [135832 2012-08-10] (Qualcomm Atheros)
R3 BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [567808 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 HIDSwitch; C:\Windows\System32\drivers\AsHIDSwitch64.sys [21152 2012-05-30] (ASUS)
R0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [645952 2012-07-23] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 RSBASTOR; C:\Windows\system32\DRIVERS\RtsBaStor.sys [295056 2012-07-03] (Realtek Semiconductor Corp.)
U0 msahci;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-04-20 21:11 - 2013-04-20 21:11 - 01707098 ____A (Farbar) C:\Users\Jennifer\Desktop\FRST64.exe
2013-04-20 21:11 - 2013-04-20 21:11 - 00000000 ____D C:\FRST
2013-04-20 08:48 - 2013-04-20 08:48 - 00000000 ____D C:\Users\Jennifer\Downloads\mbar-1.05.0.1001
2013-04-20 08:46 - 2013-04-20 08:47 - 12917756 ____A C:\Users\Jennifer\Downloads\mbar-1.05.0.1001.zip
2013-04-20 08:43 - 2013-04-20 08:43 - 00001315 ____A C:\Users\Jennifer\Desktop\RKreport[2]_D_04202013_02d0843.txt
2013-04-20 08:41 - 2013-04-20 08:41 - 00001262 ____A C:\Users\Jennifer\Desktop\RKreport[1]_S_04202013_02d0841.txt
2013-04-20 08:40 - 2013-04-20 08:42 - 00000000 ____D C:\Users\Jennifer\Desktop\RK_Quarantine
2013-04-20 08:39 - 2013-04-20 08:39 - 00816128 ____A C:\Users\Jennifer\Desktop\RogueKiller.exe
2013-04-20 08:21 - 2013-04-20 08:22 - 03191888 ____A (McAfee, Inc.) C:\Users\Jennifer\Downloads\MCPR.exe
2013-04-19 23:15 - 2013-04-19 23:16 - 00019005 ____A C:\Users\Jennifer\Desktop\dds.txt
2013-04-19 23:15 - 2013-04-19 23:16 - 00003713 ____A C:\Users\Jennifer\Desktop\attach.txt
2013-04-19 23:14 - 2013-04-19 23:14 - 00688992 ____R (Swearware) C:\Users\Jennifer\Desktop\dds.com
2013-04-19 23:13 - 2013-04-19 23:13 - 00001558 ____A C:\Users\Jennifer\Desktop\aswMBR.txt
2013-04-19 23:13 - 2013-04-19 23:13 - 00000512 ____A C:\Users\Jennifer\Desktop\MBR.dat
2013-04-19 23:10 - 2013-04-19 23:11 - 04745728 ____A (AVAST Software) C:\Users\Jennifer\Desktop\aswMBR.exe
2013-04-19 22:49 - 2013-04-19 22:49 - 00000000 ____D C:\Users\Jennifer\AppData\Local\CrashDumps
2013-04-19 22:34 - 2013-04-19 22:34 - 00001192 ____A C:\Users\Public\Desktop\My LastPass Vault.lnk
2013-04-19 22:34 - 2013-04-19 22:34 - 00000000 ____D C:\Program Files (x86)\LastPass
2013-04-19 22:33 - 2013-04-19 22:33 - 14880256 ____A (LastPass) C:\Users\Jennifer\Downloads\lastpass_x64.exe
2013-04-19 22:27 - 2013-04-19 22:27 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\Malwarebytes
2013-04-19 22:12 - 2013-04-19 22:12 - 00001924 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-04-19 22:12 - 2013-04-19 22:12 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-04-19 22:12 - 2013-03-06 17:33 - 01025808 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-04-19 22:12 - 2013-03-06 17:33 - 00377920 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-04-19 22:12 - 2013-03-06 17:33 - 00178624 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-04-19 22:12 - 2013-03-06 17:33 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-04-19 22:12 - 2013-03-06 17:33 - 00070992 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-04-19 22:12 - 2013-03-06 17:33 - 00068920 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-04-19 22:12 - 2013-03-06 17:33 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-04-19 22:12 - 2013-03-06 17:33 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-04-19 22:12 - 2013-03-06 17:32 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-04-19 22:12 - 2013-03-06 17:32 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-04-19 22:11 - 2013-04-20 08:36 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\Apple Computer
2013-04-19 22:11 - 2013-04-19 22:11 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-04-19 22:11 - 2013-04-19 22:11 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-19 22:11 - 2013-04-19 22:11 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Apple Computer
2013-04-19 22:11 - 2013-04-19 22:11 - 00000000 ____D C:\Program Files\AVAST Software
2013-04-19 22:11 - 2013-04-19 22:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-19 22:11 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-04-19 22:11 - 2012-08-21 13:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2013-04-19 22:10 - 2013-04-19 22:11 - 00000000 ____D C:\Program Files\iTunes
2013-04-19 22:10 - 2013-04-19 22:11 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-04-19 22:10 - 2013-04-19 22:10 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Apple
2013-04-19 22:10 - 2013-04-19 22:10 - 00000000 ____D C:\Program Files\iPod
2013-04-19 22:10 - 2013-04-19 22:10 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-04-19 22:10 - 2013-04-19 22:10 - 00000000 ____D C:\Program Files\Bonjour
2013-04-19 22:10 - 2013-04-19 22:10 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-04-19 22:10 - 2013-04-19 22:10 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-04-19 22:08 - 2013-04-20 08:36 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\Dropbox
2013-04-19 22:08 - 2013-04-19 22:08 - 00000982 ____A C:\Users\Jennifer\Desktop\Dropbox.lnk
2013-04-19 22:07 - 2013-04-19 22:07 - 00001082 ____A C:\Users\Public\Desktop\Google Drive.lnk
2013-04-19 22:07 - 2013-04-19 22:07 - 00000000 ____D C:\Users\Jennifer\AppData\LocalGoogle
2013-04-19 22:06 - 2013-04-19 22:06 - 00001209 ____A C:\Users\Public\Desktop\FileZilla.lnk
2013-04-19 22:06 - 2013-04-19 22:06 - 00001149 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-04-19 22:06 - 2013-04-19 22:06 - 00000000 ____D C:\Program Files\Classic Shell
2013-04-19 22:06 - 2013-04-19 22:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-04-19 22:06 - 2013-04-19 22:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-19 22:06 - 2013-04-19 22:06 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-04-19 22:05 - 2013-04-19 22:05 - 00254152 ____A (Secure By Design Inc.) C:\Users\Jennifer\Downloads\Ninite Avast Classic Start Dropbox FileZilla Installer.exe
2013-04-19 21:12 - 2013-04-19 21:12 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2013-04-19 20:52 - 2013-04-19 20:52 - 00002257 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-04-19 20:51 - 2013-04-20 19:56 - 00000910 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-19 20:51 - 2013-04-20 08:36 - 00000906 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-19 20:51 - 2013-04-19 22:07 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Google
2013-04-19 20:51 - 2013-04-19 22:07 - 00000000 ____D C:\Program Files (x86)\Google
2013-04-19 20:51 - 2013-04-19 20:51 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\Macromedia
2013-04-19 20:34 - 2013-04-19 20:34 - 00000000 ____D C:\sources
2013-04-19 20:31 - 2013-04-19 20:51 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Deployment
2013-04-19 20:31 - 2013-04-19 20:31 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Apps\2.0
2013-04-19 15:12 - 2013-04-19 15:13 - 00281088 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-19 12:56 - 2013-04-19 12:56 - 00000027 ____A C:\Windows\Improvement.log
2013-04-19 12:41 - 2013-04-19 12:41 - 00000000 ____D C:\Users\Jennifer\Documents\Bluetooth Folder
2013-04-19 12:41 - 2013-04-19 12:41 - 00000000 ____D C:\Users\Jennifer\AppData\Local\BMExplorer
2013-04-19 12:40 - 2013-04-19 12:40 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\Atheros
2013-04-19 12:40 - 2013-04-19 12:40 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\ASUS WebStorage
2013-04-19 12:39 - 2013-04-19 12:39 - 00000196 ____A C:\Windows\FixPatch.log
2013-04-19 12:39 - 2013-04-19 12:39 - 00000000 __RSD C:\Users\Public\Desktop\ASUS
2013-04-19 12:39 - 2013-04-19 12:39 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\Adobe
2013-04-19 12:37 - 2013-04-19 20:45 - 00000000 ____D C:\users\Jennifer
2013-04-19 12:37 - 2013-04-19 12:39 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Packages
2013-04-19 12:37 - 2013-04-19 12:38 - 00000000 ____D C:\Users\Jennifer\AppData\Local\ASUS
2013-04-19 12:37 - 2013-04-19 12:37 - 00000020 ___SH C:\Users\Jennifer\ntuser.ini
2013-04-19 12:37 - 2013-04-19 12:37 - 00000000 ____D C:\Users\Jennifer\AppData\Local\VirtualStore
==================== One Month Modified Files and Folders =======
2013-04-20 21:11 - 2013-04-20 21:11 - 01707098 ____A (Farbar) C:\Users\Jennifer\Desktop\FRST64.exe
2013-04-20 21:11 - 2013-04-20 21:11 - 00000000 ____D C:\FRST
2013-04-20 21:09 - 2012-12-28 03:38 - 01667009 ____A C:\Windows\WindowsUpdate.log
2013-04-20 20:00 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\System32\sru
2013-04-20 19:56 - 2013-04-19 20:51 - 00000910 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-20 08:48 - 2013-04-20 08:48 - 00000000 ____D C:\Users\Jennifer\Downloads\mbar-1.05.0.1001
2013-04-20 08:47 - 2013-04-20 08:46 - 12917756 ____A C:\Users\Jennifer\Downloads\mbar-1.05.0.1001.zip
2013-04-20 08:43 - 2013-04-20 08:43 - 00001315 ____A C:\Users\Jennifer\Desktop\RKreport[2]_D_04202013_02d0843.txt
2013-04-20 08:42 - 2013-04-20 08:40 - 00000000 ____D C:\Users\Jennifer\Desktop\RK_Quarantine
2013-04-20 08:41 - 2013-04-20 08:41 - 00001262 ____A C:\Users\Jennifer\Desktop\RKreport[1]_S_04202013_02d0841.txt
2013-04-20 08:39 - 2013-04-20 08:39 - 00816128 ____A C:\Users\Jennifer\Desktop\RogueKiller.exe
2013-04-20 08:36 - 2013-04-19 22:11 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\Apple Computer
2013-04-20 08:36 - 2013-04-19 22:08 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\Dropbox
2013-04-20 08:36 - 2013-04-19 20:51 - 00000906 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-20 08:35 - 2012-07-26 02:28 - 00848230 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-20 08:34 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\rescache
2013-04-20 08:31 - 2012-07-26 02:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-20 08:30 - 2012-08-01 20:20 - 00056264 ____A C:\Windows\PFRO.log
2013-04-20 08:30 - 2012-07-26 00:26 - 00262144 __ASH C:\Windows\System32\config\BBI
2013-04-20 08:29 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\WinStore
2013-04-20 08:29 - 2012-07-26 03:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-04-20 08:29 - 2012-07-26 03:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-04-20 08:29 - 2012-07-26 03:12 - 00000000 ____D C:\Program Files\Common Files\System
2013-04-20 08:29 - 2012-07-26 03:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-04-20 08:29 - 2012-07-26 03:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-04-20 08:29 - 2012-07-26 02:52 - 00000000 ____D C:\Program Files\Windows Journal
2013-04-20 08:28 - 2012-07-26 03:12 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2013-04-20 08:28 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\SysWOW64\MUI
2013-04-20 08:28 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-04-20 08:28 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\SysWOW64\Com
2013-04-20 08:28 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\System32\SystemResetPlatform
2013-04-20 08:28 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\System32\MUI
2013-04-20 08:28 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\System32\migwiz
2013-04-20 08:28 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\System32\Com
2013-04-20 08:28 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-04-20 08:28 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\IME
2013-04-20 08:28 - 2012-07-26 02:49 - 00000000 ____D C:\Windows\SysWOW64\winrm
2013-04-20 08:28 - 2012-07-26 02:49 - 00000000 ____D C:\Windows\SysWOW64\WCN
2013-04-20 08:28 - 2012-07-26 02:49 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2013-04-20 08:28 - 2012-07-26 02:49 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2013-04-20 08:28 - 2012-07-26 02:49 - 00000000 ____D C:\Windows\System32\winrm
2013-04-20 08:28 - 2012-07-26 02:49 - 00000000 ____D C:\Windows\System32\WCN
2013-04-20 08:28 - 2012-07-26 02:49 - 00000000 ____D C:\Windows\System32\slmgr
2013-04-20 08:28 - 2012-07-26 02:49 - 00000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2013-04-20 08:28 - 2012-07-26 00:38 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-04-20 08:28 - 2012-07-26 00:38 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-04-20 08:28 - 2012-07-26 00:38 - 00000000 ____D C:\Windows\System32\Sysprep
2013-04-20 08:28 - 2012-07-26 00:38 - 00000000 ____D C:\Windows\System32\oobe
2013-04-20 08:28 - 2012-07-26 00:38 - 00000000 ____D C:\Windows\System32\Dism
2013-04-20 08:26 - 2012-07-26 02:49 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2013-04-20 08:26 - 2012-07-26 00:37 - 00000000 ____D C:\Windows\servicing
2013-04-20 08:22 - 2013-04-20 08:21 - 03191888 ____A (McAfee, Inc.) C:\Users\Jennifer\Downloads\MCPR.exe
2013-04-20 08:19 - 2012-07-26 03:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2013-04-19 23:16 - 2013-04-19 23:15 - 00019005 ____A C:\Users\Jennifer\Desktop\dds.txt
2013-04-19 23:16 - 2013-04-19 23:15 - 00003713 ____A C:\Users\Jennifer\Desktop\attach.txt
2013-04-19 23:14 - 2013-04-19 23:14 - 00688992 ____R (Swearware) C:\Users\Jennifer\Desktop\dds.com
2013-04-19 23:13 - 2013-04-19 23:13 - 00001558 ____A C:\Users\Jennifer\Desktop\aswMBR.txt
2013-04-19 23:13 - 2013-04-19 23:13 - 00000512 ____A C:\Users\Jennifer\Desktop\MBR.dat
2013-04-19 23:11 - 2013-04-19 23:10 - 04745728 ____A (AVAST Software) C:\Users\Jennifer\Desktop\aswMBR.exe
2013-04-19 22:49 - 2013-04-19 22:49 - 00000000 ____D C:\Users\Jennifer\AppData\Local\CrashDumps
2013-04-19 22:34 - 2013-04-19 22:34 - 00001192 ____A C:\Users\Public\Desktop\My LastPass Vault.lnk
2013-04-19 22:34 - 2013-04-19 22:34 - 00000000 ____D C:\Program Files (x86)\LastPass
2013-04-19 22:33 - 2013-04-19 22:33 - 14880256 ____A (LastPass) C:\Users\Jennifer\Downloads\lastpass_x64.exe
2013-04-19 22:27 - 2013-04-19 22:27 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\Malwarebytes
2013-04-19 22:12 - 2013-04-19 22:12 - 00001924 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-04-19 22:12 - 2013-04-19 22:12 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-04-19 22:11 - 2013-04-19 22:11 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-04-19 22:11 - 2013-04-19 22:11 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-19 22:11 - 2013-04-19 22:11 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Apple Computer
2013-04-19 22:11 - 2013-04-19 22:11 - 00000000 ____D C:\Program Files\AVAST Software
2013-04-19 22:11 - 2013-04-19 22:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-19 22:11 - 2013-04-19 22:10 - 00000000 ____D C:\Program Files\iTunes
2013-04-19 22:11 - 2013-04-19 22:10 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-04-19 22:10 - 2013-04-19 22:10 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Apple
2013-04-19 22:10 - 2013-04-19 22:10 - 00000000 ____D C:\Program Files\iPod
2013-04-19 22:10 - 2013-04-19 22:10 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-04-19 22:10 - 2013-04-19 22:10 - 00000000 ____D C:\Program Files\Bonjour
2013-04-19 22:10 - 2013-04-19 22:10 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-04-19 22:10 - 2013-04-19 22:10 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-04-19 22:08 - 2013-04-19 22:08 - 00000982 ____A C:\Users\Jennifer\Desktop\Dropbox.lnk
2013-04-19 22:07 - 2013-04-19 22:07 - 00001082 ____A C:\Users\Public\Desktop\Google Drive.lnk
2013-04-19 22:07 - 2013-04-19 22:07 - 00000000 ____D C:\Users\Jennifer\AppData\LocalGoogle
2013-04-19 22:07 - 2013-04-19 20:51 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Google
2013-04-19 22:07 - 2013-04-19 20:51 - 00000000 ____D C:\Program Files (x86)\Google
2013-04-19 22:06 - 2013-04-19 22:06 - 00001209 ____A C:\Users\Public\Desktop\FileZilla.lnk
2013-04-19 22:06 - 2013-04-19 22:06 - 00001149 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-04-19 22:06 - 2013-04-19 22:06 - 00000000 ____D C:\Program Files\Classic Shell
2013-04-19 22:06 - 2013-04-19 22:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-04-19 22:06 - 2013-04-19 22:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-19 22:06 - 2013-04-19 22:06 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-04-19 22:05 - 2013-04-19 22:05 - 00254152 ____A (Secure By Design Inc.) C:\Users\Jennifer\Downloads\Ninite Avast Classic Start Dropbox FileZilla Installer.exe
2013-04-19 21:30 - 2012-08-04 20:42 - 00000000 ____D C:\Program Files (x86)\ASUS
2013-04-19 21:12 - 2013-04-19 21:12 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2013-04-19 21:12 - 2012-07-26 02:21 - 00032832 ____A C:\Windows\setupact.log
2013-04-19 20:52 - 2013-04-19 20:52 - 00002257 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-04-19 20:51 - 2013-04-19 20:51 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\Macromedia
2013-04-19 20:51 - 2013-04-19 20:31 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Deployment
2013-04-19 20:45 - 2013-04-19 12:37 - 00000000 ____D C:\users\Jennifer
2013-04-19 20:40 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-04-19 20:39 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\System32\zh-HK
2013-04-19 20:34 - 2013-04-19 20:34 - 00000000 ____D C:\sources
2013-04-19 20:33 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\Globalization
2013-04-19 20:31 - 2013-04-19 20:31 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Apps\2.0
2013-04-19 16:33 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-04-19 15:34 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\System32\restore
2013-04-19 15:13 - 2013-04-19 15:12 - 00281088 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-19 15:12 - 2012-07-26 03:13 - 00262144 ____A C:\Windows\System32\config\BCD-Template
2013-04-19 15:12 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\System32\Recovery
2013-04-19 12:56 - 2013-04-19 12:56 - 00000027 ____A C:\Windows\Improvement.log
2013-04-19 12:41 - 2013-04-19 12:41 - 00000000 ____D C:\Users\Jennifer\Documents\Bluetooth Folder
2013-04-19 12:41 - 2013-04-19 12:41 - 00000000 ____D C:\Users\Jennifer\AppData\Local\BMExplorer
2013-04-19 12:40 - 2013-04-19 12:40 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\Atheros
2013-04-19 12:40 - 2013-04-19 12:40 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\ASUS WebStorage
2013-04-19 12:39 - 2013-04-19 12:39 - 00000196 ____A C:\Windows\FixPatch.log
2013-04-19 12:39 - 2013-04-19 12:39 - 00000000 __RSD C:\Users\Public\Desktop\ASUS
2013-04-19 12:39 - 2013-04-19 12:39 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\Adobe
2013-04-19 12:39 - 2013-04-19 12:37 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Packages
2013-04-19 12:39 - 2012-08-04 20:42 - 05181376 ____A C:\Windows\AsDebug.log
2013-04-19 12:39 - 2012-08-04 20:42 - 00739018 ____A C:\Windows\AsCDProc.log
2013-04-19 12:39 - 2012-08-04 20:37 - 00002232 ____A C:\Windows\PQArecord.log
2013-04-19 12:39 - 2012-08-01 20:36 - 00000000 ____D C:\Windows\Log
2013-04-19 12:39 - 2012-07-26 00:26 - 00262144 __ASH C:\Windows\System32\config\ELAM
2013-04-19 12:38 - 2013-04-19 12:37 - 00000000 ____D C:\Users\Jennifer\AppData\Local\ASUS
2013-04-19 12:37 - 2013-04-19 12:37 - 00000020 ___SH C:\Users\Jennifer\ntuser.ini
2013-04-19 12:37 - 2013-04-19 12:37 - 00000000 ____D C:\Users\Jennifer\AppData\Local\VirtualStore
2013-04-04 14:50 - 2013-04-19 22:11 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe
[2012-12-28 03:38] - [2012-09-20 01:33] - 0516608 ____A (Microsoft Corporation) 1F84B5F8DBDFFD36DF143C61CE25F12A
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2012-07-25 18:14] - [2012-07-25 23:49] - 2380440 ____A (Microsoft Corporation) 928791755FDDEA721B053535EF84FA17
C:\Windows\SysWOW64\explorer.exe
[2012-07-25 18:11] - [2012-07-25 22:50] - 2114936 ____A (Microsoft Corporation) 5B6ED1B57DBFF18D405A0260559B571E
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
Last Boot: 2012-08-01 20:20
==================== End Of Log ============================
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|