November 16th, 2014, 02:16 PM
#1
[Inactive] MBAM Found Trojan Downloader on Regular Check
I've been keeping up Mbam and running other scans regularly and trying to keep Secunia up to date. This latest scan found PUPs and a file listed as a Trojan Downloader. I had them quarentined.
Is there further action to take?
Computer Info:
Windows Vista Home Premium Service Pack 2
Intel Core 2Quad CPU 2.33 GHz
8 GB RAM
64 bit OS
Hard Drive 581 GB / 218 GB free space
Cable connection
router with WIFI
Here are the Logs requested in the sticky note.
Thank you for your help,
Stitch60134
-------------------------------------------------------------------------------------------------------
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 11/15/2014
Scan Time: 2:59:33 PM
Logfile: MBAM LOG 2014-11-15.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.11.15.08
Rootkit Database: v2014.11.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Steve
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 621044
Time Elapsed: 51 min, 11 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 26
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [070dd4684c30e74f55ff10e4b44ee41c],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}, Quarantined, [070dd4684c30e74f55ff10e4b44ee41c],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}, Quarantined, [070dd4684c30e74f55ff10e4b44ee41c],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6C434537-053E-486D-B62A-160059D9D456}, Quarantined, [070dd4684c30e74f55ff10e4b44ee41c],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}, Quarantined, [070dd4684c30e74f55ff10e4b44ee41c],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}, Quarantined, [070dd4684c30e74f55ff10e4b44ee41c],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6C434537-053E-486D-B62A-160059D9D456}, Quarantined, [070dd4684c30e74f55ff10e4b44ee41c],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}, Quarantined, [070dd4684c30e74f55ff10e4b44ee41c],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}, Quarantined, [070dd4684c30e74f55ff10e4b44ee41c],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}, Quarantined, [070dd4684c30e74f55ff10e4b44ee41c],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\CLASSES\GenericAskToolbar.ToolbarWnd.1, Quarantined, [070dd4684c30e74f55ff10e4b44ee41c],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\CLASSES\GenericAskToolbar.ToolbarWnd, Quarantined, [070dd4684c30e74f55ff10e4b44ee41c],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GenericAskToolbar.ToolbarWnd, Quarantined, [070dd4684c30e74f55ff10e4b44ee41c],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [070dd4684c30e74f55ff10e4b44ee41c],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GenericAskToolbar.ToolbarWnd.1, Quarantined, [070dd4684c30e74f55ff10e4b44ee41c],
PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-4030962143-734979336-2068065854-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [070dd4684c30e74f55ff10e4b44ee41c],
PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-4030962143-734979336-2068065854-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [070dd4684c30e74f55ff10e4b44ee41c],
PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-4030962143-734979336-2068065854-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [070dd4684c30e74f55ff10e4b44ee41c],
PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-4030962143-734979336-2068065854-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [070dd4684c30e74f55ff10e4b44ee41c],
PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-4030962143-734979336-2068065854-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [070dd4684c30e74f55ff10e4b44ee41c],
PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-4030962143-734979336-2068065854-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [070dd4684c30e74f55ff10e4b44ee41c],
PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-4030962143-734979336-2068065854-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [070dd4684c30e74f55ff10e4b44ee41c],
PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-4030962143-734979336-2068065854-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [070dd4684c30e74f55ff10e4b44ee41c],
PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-4030962143-734979336-2068065854-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [070dd4684c30e74f55ff10e4b44ee41c],
PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-4030962143-734979336-2068065854-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [070dd4684c30e74f55ff10e4b44ee41c],
PUP.Optional.WeCare, HKU\S-1-5-21-4030962143-734979336-2068065854-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\wecarereminder, Quarantined, [68acb08c89f35adc390c4bfc44bfbc44],
Registry Values: 3
PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-4030962143-734979336-2068065854-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{00000000-6E41-4FD3-8538-502F5495E5FC}, Quarantined, [070dd4684c30e74f55ff10e4b44ee41c],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [070dd4684c30e74f55ff10e4b44ee41c],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [1301fe3e374550e6c68e589c89798d73],
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 2
PUP.Optional.FrostwireTB.A, C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll, Quarantined, [070dd4684c30e74f55ff10e4b44ee41c],
Trojan.Downloader, C:\Users\Alyssa\Downloads\adobe_flash_setup.exe, Quarantined, [b85c3b014e2e49edcf86645ae21f0ef2],
Physical Sectors: 0
(No malicious items detected)
(end)
--------------------------------------------------------------------------------------------------------------------------
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16592
Run by Steve at 16:24:03 on 2014-11-15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.5698 [GMT -6:00]
.
AV: Trend Micro Titanium Maximum Security *Enabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Trend Micro Titanium Maximum Security *Enabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files (x86)\Philips\CamSuite\1.0.9.0\ACPService.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Users\Steve\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\PSIService.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Windows\System32\nvraidservice.exe
C:\Windows\RAVCpl64.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\CNYHKey.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Users\Steve\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Windows\MHotkey.exe
C:\Windows\ModLedKey.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\ChiFuncExt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
C:\Windows\system32\SearchFilterHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/advanced_search
mStart Page = about :blank
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Desura] C:\Program Files (x86)\Desura\desura.exe -autostart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [LchDrvKey] LchDrvKey.exe
mRun: [LedKey] CNYHKey.exe
mRun: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
mRun: [UVS12 Preload] "C:\Program Files (x86)\Corel\Corel VideoStudio 12\uvPL.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\Users\Steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\HPSIMP~1.LNK - C:\Users\Steve\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SMARTC~1.LNK - C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SMARTL~1.LNK - C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://sllmc.sargentlundy.com/dwa85W.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://sllmc.sargentlundy.com/dwa8W.cab
DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CAB
DPF: {CEF002D2-5A9F-4656-AA41-85DA2534ACBD} - hxxps://sllmc.sargentlundy.com/dwa85W.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
TCP: Interfaces\{1382C867-F693-43B0-A71F-1B14D6A9E1E6} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\SysWow64\browseui.dll
x64-mStart Page = about :blank
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll
x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -
x64-Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe
x64-Run: [RtHDVCpl] RAVCpl64.exe
x64-Run: [Skytel] Skytel.exe
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll
x64-Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - LocalServer32 - <no file>
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - LocalServer32 - <no file>
.
============= SERVICES / DRIVERS ===============
.
R0 nvamacpi;Nvidia Away Mode System;C:\Windows\System32\drivers\nvamacpi.sys [2008-11-7 28192]
R0 TMEBC;TMEBC;C:\Windows\System32\drivers\TMEBC64.sys [2013-12-8 50976]
R1 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2013-12-8 85936]
R2 ACPService;ACPService;C:\Program Files (x86)\Philips\CamSuite\1.0.9.0\ACPService.exe [2008-6-11 741376]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2013-12-8 305760]
R2 BackupService;BackupService;C:\Users\Steve\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [2012-10-7 83512]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
R2 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2013-2-3 2571704]
R2 ETService;Empowering Technology Service;C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2009-2-18 24576]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-11-3 2530128]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-10-21 417552]
R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2012-9-19 441344]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-19 993848]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-4-19 399416]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;C:\Windows\System32\drivers\AVer88xHD64.sys [2008-11-7 432256]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RTS5121.sys [2009-2-18 204288]
R3 tmeevw;tmeevw;C:\Windows\System32\drivers\tmeevw.sys [2013-12-8 100640]
R3 tmnciesc;tmnciesc;C:\Windows\System32\drivers\tmnciesc.sys [2013-12-8 303392]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 ATRK;ATRK;C:\Users\Steve\Desktop\TrendMicro AntiThreat Toolkit\HC_ATTK\atrk64.sys [2014-6-11 69432]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2012-8-27 131912]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-22 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 phaudlwr;Philips Audio Filter;C:\Windows\System32\drivers\phaudlwr.sys [2009-10-20 114608]
S3 rcmirror;rcmirror;C:\Windows\System32\drivers\rcmirror.sys [2010-1-18 4608]
S3 SPC1330;USB2.0 PC Camera (SPC1330);C:\Windows\System32\drivers\spc1330.sys [2010-1-5 3297792]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2014-8-16 90776]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2014-11-15 22:18:53 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-12 10:41:26 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 10:41:26 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-12 09:00:58 103374192 ----a-w- C:\Windows\System32\mrt.exe
2014-10-27 20:32:45 17870336 ----a-w- C:\Windows\System32\mshtml.dll
2014-10-27 20:13:57 2339840 ----a-w- C:\Windows\System32\jscript9.dll
2014-10-27 20:12:24 10921472 ----a-w- C:\Windows\System32\ieframe.dll
2014-10-27 20:07:15 1388032 ----a-w- C:\Windows\System32\urlmon.dll
2014-10-27 20:06:55 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-10-27 20:05:41 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-10-27 20:05:26 237056 ----a-w- C:\Windows\System32\url.dll
2014-10-27 20:05:13 86016 ----a-w- C:\Windows\System32\jsproxy.dll
2014-10-27 20:04:52 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-10-27 20:04:38 2157056 ----a-w- C:\Windows\System32\iertutil.dll
2014-10-27 20:04:37 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-10-27 20:04:29 816640 ----a-w- C:\Windows\System32\jscript.dll
2014-10-27 20:04:26 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2014-10-27 20:04:09 453120 ----a-w- C:\Windows\System32\dxtmsft.dll
2014-10-27 20:03:59 282112 ----a-w- C:\Windows\System32\dxtrans.dll
2014-10-27 20:03:57 55296 ----a-w- C:\Windows\System32\msfeedsbs.dll
2014-10-27 20:03:54 11264 ----a-w- C:\Windows\System32\msfeedssync.exe
2014-10-27 20:03:41 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2014-10-27 20:03:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-10-27 20:03:21 12800 ----a-w- C:\Windows\System32\mshta.exe
2014-10-27 20:03:05 248320 ----a-w- C:\Windows\System32\ieui.dll
2014-10-27 19:10:22 12366848 ----a-w- C:\Windows\SysWow64\mshtml.dll
2014-10-27 19:05:44 1810944 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-10-27 19:02:37 9739776 ----a-w- C:\Windows\SysWow64\ieframe.dll
2014-10-27 18:59:41 1139712 ----a-w- C:\Windows\SysWow64\urlmon.dll
2014-10-27 18:59:06 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-10-27 18:58:19 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-10-27 18:57:36 231936 ----a-w- C:\Windows\SysWow64\url.dll
2014-10-27 18:57:18 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2014-10-27 18:56:58 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-10-27 18:56:40 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-10-27 18:56:15 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2014-10-27 18:56:10 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2014-10-27 18:56:08 1802752 ----a-w- C:\Windows\SysWow64\iertutil.dll
2014-10-27 18:55:50 41472 ----a-w- C:\Windows\SysWow64\msfeedsbs.dll
2014-10-27 18:55:44 353792 ----a-w- C:\Windows\SysWow64\dxtmsft.dll
2014-10-27 18:55:39 223232 ----a-w- C:\Windows\SysWow64\dxtrans.dll
2014-10-27 18:55:32 10752 ----a-w- C:\Windows\SysWow64\msfeedssync.exe
2014-10-27 18:55:28 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2014-10-27 18:55:20 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-10-27 18:55:17 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2014-10-27 18:54:43 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2014-10-24 01:04:29 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-24 00:39:49 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-18 01:08:10 564224 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-18 00:46:22 847360 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-15 12:47:40 848 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2014-10-12 23:52:40 2782208 ----a-w- C:\Windows\System32\win32k.sys
2014-10-10 01:10:24 548352 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-10 01:09:30 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-10 01:09:23 1689600 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-10 01:01:46 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-10 01:00:34 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-09 23:53:20 619520 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-09 23:22:16 619520 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-03 01:18:20 274432 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:17:16 396800 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:17:16 115712 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-10-03 01:03:12 313344 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 01:02:20 201728 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 01:01:59 474624 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 01:01:59 446976 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-02 23:49:01 88576 ----a-w- C:\Windows\SysWow64\audiodg.exe
2014-10-01 17:11:22 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-01 17:11:16 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-01 17:11:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-19 00:50:45 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-09-19 00:45:00 347136 ----a-w- C:\Windows\System32\schannel.dll
2014-09-09 12:42:06 231960 ----a-w- C:\Windows\RegBootClean64.exe
2014-09-09 06:40:37 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 06:24:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 23:38:10 198656 ----a-w- C:\Windows\System32\drivers\fastfat.sys
2014-08-27 00:55:39 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-08-27 00:55:39 1249280 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-08-27 00:41:56 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-08-27 00:41:56 1869824 ----a-w- C:\Windows\System32\msxml3.dll
2014-08-23 01:05:12 304128 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-23 00:42:45 390144 ----a-w- C:\Windows\System32\gdi32.dll
.
============= FINISH: 16:25:23.28 ===============
-----------------------------------------------------------------------------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/18/2009 6:08:11 AM
System Uptime: 11/15/2014 4:11:30 PM (0 hours ago)
.
Motherboard: Gateway | | FMCP7AM
Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | CPU 1 | 2003/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 582 GiB total, 177.946 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&2D45C30F&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&2D45C30F&0
Service: i8042prt
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Envy 100 D410 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Envy 100 D410 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer
7-Zip 9.20 (x64 edition)
Acrobat.com
Adobe AIR
Adobe Flash Player 15 ActiveX
Adobe Reader XI (11.0.08)
Agere Systems PCI-SV92PP Soft Modem
Aleks 3.16
AMD64Bit
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaConverter 2
ArcSoft WebCam Companion 2
Ask Toolbar
Ask Toolbar Updater
att.net Internet Mail
AudibleManager
AVerMedia M791 PCIe Combo NTSC/ATSC 6.104.64.5
Bing Bar
Bing Rewards Client Installer
Bonjour
Catalyst 2012 Team Edition
Compatibility Pack for the 2007 Office system
Corel DVD Copy 6
Corel Paint Shop Pro Photo X2
Corel VideoStudio 12
Coupon Printer for Windows
CyberLink LabelPrint
CyberLink Power2Go
D3DX10
Desura
Dolby Control Center
DVD Copy
ESET Online Scanner v3
Extended Asian Language font pack for Adobe Reader XI
Facebook Video Calling 3.1.0.521
Gateway Games
Gateway Recovery Management
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Half-Life
Harry Potter
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Envy 100 D410 series Basic Device Software
HP Envy 100 D410 series Help
HP Envy 100 D410 series Product Improvement Study
HP Photo Creations
HP Photosmart Essential
HP Update
HPDiagnosticAlert
Image Plugin
ImgBurn
InterVideo DiscLabel
InterVideo WinDVD 8
iSEEK AnswerWorks English Runtime
iTunes
Junk Mail filter update
KB0817 Keyboard Driver
LogMeIn Hamachi
LSI PCI-SV92PP Soft Modem
Malwarebytes Anti-Malware version 2.0.3.1025
McAfee Security Scan Plus
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft XNA Framework Redistributable 4.0
MSVCRT
MSVCRT_amd64
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
Musicnotes Software Suite 1.5.5
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA Graphics Driver 311.06
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
Panda ActiveScan 2.0
Philips CamSuite
Philips Intelligent Agent
Philips SPC1330NC Webcam
PVSonyDll
Quicken 2008
Quicken 2011
Quicken 2013
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Card Reader
Realtek High Definition Audio Driver
RealUpgrade 1.1
Recover My Files
Rhapsody
Screencast-O-Matic
Secunia PSI (2.0.0.3003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2899526) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2899527) 32-Bit Edition
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Segoe UI
Skype Click to Call
Skype™ 6.11
SmartCopy
SmartLauncher
SmartSound Quicktracks Plugin
Sony Picture Utility
Spelling Dictionaries Support For Adobe Reader 9
Steam
Team Fortress 2
Trend Micro Titanium
Trend Micro Titanium Maximum Security
TurboTax 2008
TurboTax 2008 wiliper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 wiliper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 wiliper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 wiliper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 wiliper
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
TurboTax 2013
TurboTax 2013 wiliper
TurboTax 2013 WinPerFedFormset
TurboTax 2013 WinPerReleaseEngine
TurboTax 2013 WinPerTaxSupport
TurboTax 2013 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2899525) 32-Bit Edition
Update for Microsoft Office PowerPoint 2007 (KB2597972) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoStudio
VLC media player
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
WOT for Internet Explorer
X_Integrated Remote Station (W)
Yahoo! BrowserPlus 2.9.8
Yahoo! Toolbar
.
==== End Of File ===========================
November 17th, 2014, 03:40 PM
#2
Please, observe following rules:
Read all of my instructions very carefully . Your mistakes during cleaning process may have very serious consequences, like unbootable computer.If you're stuck, or you're not sure about certain step, always ask before doing anything else. Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest. Never run more than one scan at a time. Keep updating me regarding your computer behavior, good, or bad. The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know. If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum. I close my topics if you have not replied in 5 days . If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
==================================
Download RogueKiller from one of the following links and save it to your Desktop:
Link 1
Link 2
Close all the running programs Windows Vista/7/8 users: right click on RogueKiller.exe , click Run as Administrator Otherwise just double-click on RogueKiller.exe Pre-scan will start. Let it finish. Click on SCAN button. Wait until the Status box shows Scan Finished Click on Delete . Wait until the Status box shows Deleting Finished . Click on Report and copy/paste the content of the Notepad into your next reply. RKreport.txt could also be found on your desktop.If more than one log is produced post all logs. If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/...t-all-windows/
Download Malwarebytes Anti-Rootkit to your desktop.
Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights. Double click on downloaded file. OK self extracting prompt. MBAR will start. Click "Next " to continue. Click in the following screen "Update " to obtain the latest malware definitions. Once the update is complete select "Next " and click "Scan ". When the scan is finished and no malware has been found select "Exit ". If malware was detected, make sure to check all the items and click "Cleanup ". Reboot your computer. Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
"mbar-log-{date} (xx-xx-xx) .txt" "system-log.txt"
NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes icon in the system tray and click on Exit .
November 19th, 2014, 05:46 PM
#3
Hello Broni,
I ran RougeKiller and it got some hits. I clicked on Delete and waited for delete to finish then stopped for the night. This is where everything went south.
I have auto update enabled and it apparently ran during the night. When I got up to head for work, I found an ugly blue screen with a lot of white text stating that to save the computer it was stopping all processes, I should try a restart if this was the first time seeing this screen.
I did a manual reboot and that was when I found that it was trying to install updates. "Step 3 of 3. Do not interrupt."
It was while watching this update that it returned to the same blue screen warning and stopped. Is there a way to stop this process in safe mode or some other way.
This may be another line to add to your rules, "Shut of Auto-Update until further notice."
Murphy was an optimist,
Stitch60134
November 19th, 2014, 05:55 PM
#4
Is the computer bootable in any mode?
November 19th, 2014, 06:26 PM
#5
Hello Broni,
It boots up to the black and white screen with the option to boot in normal mode or safe mode.
Since it was the first time, I tried normal mode and encountered the updating issue and then the Blue stop screen. I have not tried anything else.
Stitch60134
November 19th, 2014, 06:37 PM
#6
Tried "Last known good configuration"?
November 19th, 2014, 09:43 PM
#7
I booted on "Last known good configuration" and it loked like I was OK. However, when I choose my desktop to go to, it went to the Blue Stop screen.
November 19th, 2014, 10:00 PM
#8
NOTE 1. Use another working computer to download Farbar Recovery Scan Tool. Use USB flash drive to transfer it from good computer to the bad one.
NOTE 2. Install Panda USB Vaccine , or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.
Plug the flashdrive into the infected PC.
If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.
If you are using Vista or Windows 7 enter System Recovery Options .
To enter System Recovery Options from the Advanced Boot Options:
Restart the computer. As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears. Use the arrow keys to select the Repair your computer menu item. Select US as the keyboard language settings, and then click Next . Select the operating system you want to repair, and then click Next . Select your user account an click Next .
To enter System Recovery Options by using Windows installation disc:
Insert the installation disc. Restart your computer. If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings. Click Repair your computer . Select US as the keyboard language settings, and then click Next . Select the operating system you want to repair, and then click Next . Select your user account and click Next .
On the System Recovery Options menu you will get the following options:
Startup Repair System Restore Windows Complete PC Restore Windows Memory Diagnostic Tool Command Prompt
Select Command Prompt In the command window type in notepad and press Enter . The notepad opens. Under File menu select Open . Select "Computer" and find your flash drive letter and close the notepad. In the command window type e :\frst (for x64 bit version type e :\frst64 ) and press Enter
Note: Replace letter e with the drive letter of your flash drive. The tool will start to run. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt ) on the flash drive. Please copy and paste it to your reply.
November 22nd, 2014, 10:21 AM
#9
OK Broni,
I couldn't get to the Panda USB Tool but did get to the BitDefender USB with no problem.
Here is the FRST.txt information:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2014
Ran by SYSTEM on MINWINPC on 22-11-2014 08:16:37
Running from i:\
Platform: Windows Vista (TM) Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NVRaidService] => C:\Windows\system32\nvraidservice.exe [333344 2008-08-18] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6495264 2008-09-18] (Realtek Semiconductor)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [229824 2013-10-09] (Trend Micro Inc.)
HKLM-x32\...\Run: [P2Go_Menu] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Corel File Shell Monitor] => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [16200 2007-10-30] ()
HKLM-x32\...\Run: [UVS12 Preload] => C:\Program Files (x86)\Corel\Corel VideoStudio 12\uvPL.exe [397456 2008-06-09] (Corel TW Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207360 2010-03-18] (ArcSoft Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\real\realplayer\update\realsched.exe [295512 2013-08-31] (RealNetworks, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-11-03] (LogMeIn Inc.)
HKU\Alyssa\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-03-25] (Google Inc.)
HKU\Alyssa\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-09] (Microsoft Corporation)
HKU\Alyssa\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Alyssa\...\Run: [GoogleChromeAutoLaunch_C144F2622DB992178DFB979A3C7428E5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-21] (Google Inc.)
HKU\Alyssa\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\Aydan\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-03-25] (Google Inc.)
HKU\Aydan\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\Aydan\...\Run: [Facebook Update] => C:\Users\Aydan\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\Aydan\...\Run: [GoogleChromeAutoLaunch_13E5667FC936F662EEFAF73831C29737] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-21] (Google Inc.)
HKU\Aydan\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\Default\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\Default User\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\Keane\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-03-25] (Google Inc.)
HKU\Keane\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\Owner\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-03-25] (Google Inc.)
HKU\Owner\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\Owner\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Quinn\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-03-25] (Google Inc.)
HKU\Quinn\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1940160 2014-11-11] (Valve Corporation)
HKU\Quinn\...\Run: [Desura] => C:\Program Files (x86)\Desura\desura.exe [2529096 2012-08-27] (Desura Pty Ltd)
HKU\Quinn\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\Steve\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-03-25] (Google Inc.)
HKU\Steve\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Steve\...\Run: [Desura] => C:\Program Files (x86)\Desura\desura.exe [2529096 2012-08-27] (Desura Pty Ltd)
HKU\Steve\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\Steve\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\UpdatusUser\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Startup: C:\Users\Alyssa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
ShortcutTarget: HP SimpleSave Monitor.lnk -> C:\Users\Steve\AppData\Roaming\HP SimpleSave Application\StartHelper.exe ()
BootExecute:
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 ACPService; C:\Program Files (x86)\Philips\CamSuite\1.0.9.0\ACPService.exe [741376 2008-06-11] ()
S2 BackupService; C:\Users\Steve\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (ArcSoft, Inc.)
S2 ETService; C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [24576 2008-06-11] ()
S2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [726016 2008-09-08] ()
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-10-21] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [441344 2012-07-06] (Alcatel-Lucent)
S2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-04-18] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-04-18] (Secunia)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S3 AVer88xHD; C:\Windows\System32\drivers\AVer88xHD64.sys [432256 2007-04-10] (AVerMedia TECHNOLOGIES, Inc.)
S1 Beep; No ImagePath
S3 Iviaspi; C:\Windows\System32\drivers\iviaspi.sys [21792 2007-01-11] (InterVideo, Inc.)
S3 Iviaspi; C:\Windows\SysWOW64\drivers\iviaspi.sys [10368 2005-12-01] (InterVideo, Inc.)
S2 MCSTRM; No ImagePath
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA))
S0 nvamacpi; C:\Windows\System32\DRIVERS\NVAMACPI.sys [28192 2005-08-27] (NVIDIA Corporation)
S0 nvrd64; C:\Windows\System32\drivers\nvrd64.sys [166944 2008-08-18] (NVIDIA Corporation)
S3 phaudlwr; C:\Windows\System32\DRIVERS\phaudlwr.sys [114608 2009-10-20] (Philips Applied Technologies)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 RSUSBSTOR; C:\Windows\System32\Drivers\RTS5121.sys [204288 2008-06-03] (Realtek Semiconductor Corporation)
S3 SPC1330; C:\Windows\System32\DRIVERS\spc1330.sys [3297792 2010-01-05] ()
S1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [117312 2013-12-03] (Trend Micro Inc.)
S1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [283160 2013-12-03] (Trend Micro Inc.)
S0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-01] (Trend Micro Inc.)
S3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [100640 2013-06-12] (Trend Micro Inc.)
S1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [85936 2013-12-03] (Trend Micro Inc.)
S3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [303392 2013-05-15] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-08-22] (Trend Micro Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 Rts516xIR; system32\DRIVERS\Rts516xIR.sys [X]
S2 TMAgent; No ImagePath
S3 USBCCID; system32\DRIVERS\Rts5161ccid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-22 08:16 - 2014-11-22 08:16 - 00000000 ____D () C:\FRST
2014-11-20 05:31 - 2014-11-20 05:31 - 00007042 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-11-20 05:29 - 2014-11-20 05:29 - 00282608 _____ () C:\Windows\Minidump\Mini112014-01.dmp
2014-11-19 17:24 - 2014-11-19 17:24 - 00000732 _____ () C:\Users\Steve\AppData\Local\d3d9caps64.dat
2014-11-19 17:19 - 2014-11-19 17:19 - 00281640 _____ () C:\Windows\Minidump\Mini111914-03.dmp
2014-11-19 17:11 - 2014-11-19 17:12 - 00281640 _____ () C:\Windows\Minidump\Mini111914-02.dmp
2014-11-19 03:42 - 2014-11-19 03:42 - 00281640 _____ () C:\Windows\Minidump\Mini111914-01.dmp
2014-11-19 01:04 - 2014-11-19 01:04 - 00000000 ____H () C:\ProgramData\cm-lock
2014-11-19 01:00 - 2014-10-23 17:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 01:00 - 2014-10-23 16:39 - 00656384 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-11-18 21:20 - 2014-11-18 21:20 - 00006627 _____ () C:\Users\Steve\Desktop\RKreport_DEL_11182014_231926 2.log
2014-11-18 21:19 - 2014-11-18 21:19 - 00006710 _____ () C:\Users\Steve\Desktop\RKreport_DEL_11182014_231758.log
2014-11-18 21:06 - 2014-11-18 21:06 - 00037624 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2014-11-18 21:06 - 2014-11-18 21:06 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-18 21:02 - 2014-11-18 21:02 - 17535064 _____ () C:\Users\Steve\Desktop\RogueKillerX64.exe
2014-11-18 20:59 - 2014-11-18 20:59 - 02037784 _____ (SafeInstall, LLC) C:\Users\Steve\Desktop\manualdownload.exe
2014-11-15 14:22 - 2014-11-15 14:22 - 00688992 ____R (Swearware) C:\Users\Steve\Desktop\dds 2014-11-15.com
2014-11-15 12:57 - 2014-11-15 12:57 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Steve\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-15 08:07 - 2014-11-15 08:10 - 483929486 _____ () C:\Users\Quinn\Downloads\nohomebrew.zip
2014-11-12 19:40 - 2014-11-12 19:43 - 157240251 _____ () C:\Users\Owner\Downloads\10 Ibert - Flute Concerto - II_2 (1).mp4
2014-11-12 19:17 - 2014-11-12 19:20 - 157240251 _____ () C:\Users\Owner\Downloads\10 Ibert - Flute Concerto - II_2.mp4
2014-11-12 01:48 - 2014-10-12 15:52 - 02782208 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-11-12 01:48 - 2014-09-18 16:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 01:48 - 2014-09-18 16:45 - 00347136 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-11-12 01:43 - 2014-08-11 18:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 01:43 - 2014-08-11 18:11 - 00923136 _____ (Microsoft Corporation) C:\Windows\System32\IMJP10K.DLL
2014-11-12 01:41 - 2014-10-17 17:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 01:41 - 2014-10-17 16:46 - 00847360 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2014-11-12 01:41 - 2014-10-09 17:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll
2014-11-12 01:41 - 2014-10-09 17:09 - 01689600 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-11-12 01:41 - 2014-10-09 17:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2014-11-12 01:41 - 2014-10-09 17:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 01:41 - 2014-10-09 17:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 01:41 - 2014-10-09 15:53 - 00619520 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2014-11-12 01:41 - 2014-10-09 15:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 01:40 - 2014-10-02 17:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 01:40 - 2014-10-02 17:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 01:40 - 2014-10-02 17:17 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 01:40 - 2014-10-02 17:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2014-11-12 01:40 - 2014-10-02 17:02 - 00201728 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2014-11-12 01:40 - 2014-10-02 17:01 - 00474624 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2014-11-12 01:40 - 2014-10-02 17:01 - 00446976 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2014-11-12 01:40 - 2014-10-02 15:49 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodg.exe
2014-11-12 01:00 - 2014-10-23 17:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 01:00 - 2014-10-23 16:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll
2014-11-12 01:00 - 2014-08-26 16:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 01:00 - 2014-08-26 16:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 01:00 - 2014-08-26 16:41 - 01869824 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-11-12 01:00 - 2014-08-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2014-11-11 16:39 - 2014-10-27 12:32 - 17870336 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-11-11 16:39 - 2014-10-27 12:13 - 02339840 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-11-11 16:39 - 2014-10-27 12:12 - 10921472 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-11-11 16:39 - 2014-10-27 12:07 - 01388032 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-11-11 16:39 - 2014-10-27 12:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-11-11 16:39 - 2014-10-27 12:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-11-11 16:39 - 2014-10-27 12:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2014-11-11 16:39 - 2014-10-27 12:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-11-11 16:39 - 2014-10-27 12:04 - 02157056 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-11-11 16:39 - 2014-10-27 12:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-11-11 16:39 - 2014-10-27 12:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-11-11 16:39 - 2014-10-27 12:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-11-11 16:39 - 2014-10-27 12:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-11-11 16:39 - 2014-10-27 12:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-11-11 16:39 - 2014-10-27 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-11-11 16:39 - 2014-10-27 12:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-11-11 16:39 - 2014-10-27 12:03 - 00248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-11-11 16:39 - 2014-10-27 12:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-11-11 16:39 - 2014-10-27 12:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2014-11-11 16:39 - 2014-10-27 12:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2014-11-11 16:39 - 2014-10-27 12:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2014-11-11 16:39 - 2014-10-27 11:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 16:39 - 2014-10-27 11:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 16:39 - 2014-10-27 11:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 16:39 - 2014-10-27 10:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 16:39 - 2014-10-27 10:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 16:39 - 2014-10-27 10:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 16:39 - 2014-10-27 10:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-11 16:39 - 2014-10-27 10:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 16:39 - 2014-10-27 10:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 16:39 - 2014-10-27 10:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-11 16:39 - 2014-10-27 10:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 16:39 - 2014-10-27 10:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 16:39 - 2014-10-27 10:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 16:39 - 2014-10-27 10:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 16:39 - 2014-10-27 10:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 16:39 - 2014-10-27 10:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 16:39 - 2014-10-27 10:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 16:39 - 2014-10-27 10:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-11 16:39 - 2014-10-27 10:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-11 16:39 - 2014-10-27 10:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-11 16:39 - 2014-10-27 10:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-06 21:02 - 2014-11-06 21:02 - 72542407 _____ () C:\Users\Owner\Desktop\French Video Project Quinn Matt Joey.wmv
2014-11-06 03:40 - 2014-11-06 03:40 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-11-03 05:14 - 2014-11-03 05:15 - 51596905 _____ () C:\Users\Owner\Downloads\28 Bach - Sonata #1 - I_2 (1).mp4
2014-11-03 05:14 - 2014-11-03 05:14 - 51596905 _____ () C:\Users\Owner\Downloads\28 Bach - Sonata #1 - I_2.mp4
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-20 05:33 - 2009-12-27 09:21 - 00000732 _____ () C:\Users\Owner\AppData\Local\d3d9caps64.dat
2014-11-20 05:31 - 2009-05-18 12:37 - 00018944 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-20 05:30 - 2012-11-11 10:05 - 00000000 ____D () C:\Users\Owner\AppData\Local\LogMeIn Hamachi
2014-11-20 05:29 - 2010-01-25 17:23 - 541341959 _____ () C:\Windows\MEMORY.DMP
2014-11-20 05:29 - 2010-01-25 17:23 - 00000000 ____D () C:\Windows\Minidump
2014-11-19 17:36 - 2009-12-08 17:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-19 17:36 - 2009-02-18 04:15 - 00000000 _____ () C:\Windows\System32\LogConfigTemp.xml
2014-11-19 17:36 - 2009-02-18 04:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-19 17:36 - 2006-11-02 07:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-19 17:36 - 2006-11-02 07:22 - 00004912 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-19 17:36 - 2006-11-02 07:22 - 00004912 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-19 17:24 - 2006-11-02 04:46 - 00006844 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-11-19 01:03 - 2013-12-08 19:35 - 00136280 _____ () C:\Windows\PFRO.log
2014-11-19 01:02 - 2009-02-18 04:05 - 01440351 _____ () C:\Windows\WindowsUpdate.log
2014-11-19 01:02 - 2006-11-02 07:42 - 00032642 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-19 00:52 - 2013-02-08 20:58 - 00000064 __RSH () C:\Windows\System32\Drivers\WUDFPf.winsecurity
2014-11-19 00:41 - 2012-04-01 15:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-19 00:24 - 2009-12-08 17:01 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-19 00:12 - 2013-02-08 20:58 - 00000064 __RSH () C:\Windows\System32\Drivers\ws2ifsl.winsecurity
2014-11-19 00:11 - 2012-12-04 19:06 - 00000338 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-11-19 00:06 - 2011-09-23 13:56 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4030962143-734979336-2068065854-1003UA.job
2014-11-18 20:54 - 2012-11-04 07:04 - 00000000 ____D () C:\Users\Steve\AppData\Local\LogMeIn Hamachi
2014-11-18 15:06 - 2011-09-23 13:56 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4030962143-734979336-2068065854-1003Core.job
2014-11-18 11:51 - 2009-03-28 13:31 - 00002657 _____ () C:\Users\Owner\Desktop\Outlook 2007.lnk
2014-11-18 00:57 - 2011-04-20 12:32 - 00003686 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0ACA3BFE-D8F2-4744-AB5D-A1B932E4FC81}
2014-11-17 00:16 - 2011-04-19 16:19 - 00003686 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0AC84020-B60A-453C-9A07-83473F7ACA3F}
2014-11-16 14:25 - 2013-01-20 12:03 - 00000000 ____D () C:\Users\Steve\AppData\Local\Trend Micro
2014-11-16 06:33 - 2014-08-20 03:19 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4030962143-734979336-2068065854-1000
2014-11-16 06:33 - 2014-01-11 05:46 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4030962143-734979336-2068065854-1000
2014-11-15 14:28 - 2014-04-27 09:53 - 00012100 _____ () C:\Users\Steve\Desktop\attach.txt
2014-11-15 14:25 - 2014-04-27 09:53 - 00026597 _____ () C:\Users\Steve\Desktop\dds.txt
2014-11-15 14:18 - 2014-04-27 09:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-11-15 14:14 - 2006-11-02 07:07 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-15 14:11 - 2014-04-27 09:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-15 14:08 - 2013-06-19 15:46 - 00000000 ____D () C:\Program Files (x86)\Ask.com
2014-11-15 12:58 - 2014-04-27 09:07 - 00000943 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-15 08:08 - 2012-08-19 13:56 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-15 08:05 - 2012-12-22 10:24 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4030962143-734979336-2068065854-1005
2014-11-15 08:05 - 2012-12-22 10:24 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4030962143-734979336-2068065854-1005
2014-11-15 08:05 - 2012-11-03 08:49 - 00000000 ____D () C:\Users\Quinn\AppData\Local\LogMeIn Hamachi
2014-11-15 06:49 - 2014-10-19 11:25 - 00003362 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4030962143-734979336-2068065854-1006
2014-11-15 06:49 - 2014-10-19 11:25 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4030962143-734979336-2068065854-1006
2014-11-14 19:19 - 2009-12-08 17:01 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 19:19 - 2009-12-08 17:01 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 14:21 - 2013-12-02 19:57 - 00000000 ____D () C:\Users\Owner\AppData\Local\Trend Micro
2014-11-12 10:59 - 2014-03-11 20:10 - 00003362 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4030962143-734979336-2068065854-1000
2014-11-12 10:59 - 2014-03-11 20:10 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4030962143-734979336-2068065854-1000
2014-11-12 02:41 - 2012-04-01 15:51 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 02:41 - 2012-04-01 15:51 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 02:41 - 2011-05-15 13:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 02:23 - 2006-11-02 05:33 - 00000000 ____D () C:\Windows\rescache
2014-11-12 02:08 - 2006-11-02 07:21 - 00439720 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-11-12 01:47 - 2008-11-07 14:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 01:39 - 2013-08-15 03:54 - 00000000 ____D () C:\Windows\System32\MRT
2014-11-12 01:00 - 2006-11-02 04:35 - 103374192 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2014-11-06 21:09 - 2013-11-17 07:28 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\vlc
2014-11-06 03:40 - 2012-11-03 08:48 - 00000839 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-11-05 20:46 - 2013-08-25 19:46 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\vlc
2014-11-02 08:39 - 2009-03-29 08:16 - 00000000 ____D () C:\users\Keane
2014-11-01 07:37 - 2013-01-01 07:16 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4030962143-734979336-2068065854-1003
2014-11-01 07:37 - 2013-01-01 07:16 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4030962143-734979336-2068065854-1003
2014-11-01 07:37 - 2012-11-07 19:03 - 00000000 ____D () C:\Users\Aydan\AppData\Local\LogMeIn Hamachi
2014-11-01 07:37 - 2009-03-29 08:04 - 00000000 ____D () C:\users\Aydan
2014-10-29 14:26 - 2014-06-09 13:06 - 00002027 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-29 13:42 - 2009-03-25 10:51 - 00000000 ____D () C:\users\Owner
2014-10-29 11:15 - 2012-11-07 19:02 - 00000000 ____D () C:\Users\Alyssa\AppData\Local\LogMeIn Hamachi
2014-10-26 09:25 - 2012-12-26 07:04 - 00003342 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4030962143-734979336-2068065854-1002
2014-10-26 09:25 - 2012-12-26 07:04 - 00003210 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4030962143-734979336-2068065854-1002
2014-10-25 07:46 - 2009-05-31 09:42 - 00000000 ____D () C:\Users\Alyssa\Tracing
Files to move or delete:
====================
C:\Users\Public\Deb Home Keane TTi_7.0_HE_Downloader.exe
Some content of TEMP:
====================
C:\Users\Steve\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Steve\AppData\Local\Temp\dwa85res_en.dll
C:\Users\Steve\AppData\Local\Temp\mnyB37.exe
C:\Users\Steve\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\Steve\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Steve\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Steve\AppData\Local\Temp\vlc-2.1.5-win32.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
Restore point made on: 2014-10-08 21:00:06
Restore point made on: 2014-10-10 04:02:36
Restore point made on: 2014-10-10 21:00:01
Restore point made on: 2014-10-11 21:00:06
Restore point made on: 2014-10-12 06:54:13
Restore point made on: 2014-10-13 05:27:25
Restore point made on: 2014-10-13 21:00:03
Restore point made on: 2014-10-14 16:08:45
Restore point made on: 2014-10-15 00:00:20
Restore point made on: 2014-10-15 21:00:04
Restore point made on: 2014-10-16 21:00:06
Restore point made on: 2014-10-17 21:00:07
Restore point made on: 2014-10-19 12:16:35
Restore point made on: 2014-10-23 03:37:02
Restore point made on: 2014-10-23 21:00:02
Restore point made on: 2014-10-24 21:00:06
Restore point made on: 2014-10-25 21:00:06
Restore point made on: 2014-10-29 17:38:11
Restore point made on: 2014-10-30 21:16:54
Restore point made on: 2014-10-31 21:00:04
Restore point made on: 2014-11-01 21:00:07
Restore point made on: 2014-11-04 18:03:55
Restore point made on: 2014-11-05 22:11:57
Restore point made on: 2014-11-06 22:29:42
Restore point made on: 2014-11-07 22:00:06
Restore point made on: 2014-11-09 08:07:15
Restore point made on: 2014-11-12 01:00:25
Restore point made on: 2014-11-12 22:00:06
Restore point made on: 2014-11-13 22:00:06
Restore point made on: 2014-11-14 22:00:06
Restore point made on: 2014-11-15 15:16:17
Restore point made on: 2014-11-17 00:15:51
Restore point made on: 2014-11-17 22:00:06
Restore point made on: 2014-11-18 22:00:08
Restore point made on: 2014-11-19 01:00:13
==================== Memory info ===========================
Percentage of memory in use: 9%
Total physical RAM: 8190.44 MB
Available physical RAM: 7446.64 MB
Total Pagefile: 7924.34 MB
Available Pagefile: 7556.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:581.52 GB) (Free:184.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive i: (USB DISK) (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32
Drive x: (PQSERVICE) (Fixed) (Total:14.65 GB) (Free:6.23 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 4D8D8909)
Partition 1: (Not Active) - (Size=14.7 GB) - (Type=27)
Partition 2: (Active) - (Size=581.5 GB) - (Type=07 NTFS)
========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)
LastRegBack: 2014-11-19 17:24
==================== End Of Log ============================
November 22nd, 2014, 10:24 AM
#10
OK Broni,
I couldn't get to the Panda USB Tool but did get to the BitDefender USB with no problem.
Here is the FRST.txt information:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2014
Ran by SYSTEM on MINWINPC on 22-11-2014 08:16:37
Running from i:\
Platform: Windows Vista (TM) Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NVRaidService] => C:\Windows\system32\nvraidservice.exe [333344 2008-08-18] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6495264 2008-09-18] (Realtek Semiconductor)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [229824 2013-10-09] (Trend Micro Inc.)
HKLM-x32\...\Run: [P2Go_Menu] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Corel File Shell Monitor] => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [16200 2007-10-30] ()
HKLM-x32\...\Run: [UVS12 Preload] => C:\Program Files (x86)\Corel\Corel VideoStudio 12\uvPL.exe [397456 2008-06-09] (Corel TW Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207360 2010-03-18] (ArcSoft Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\real\realplayer\update\realsched.exe [295512 2013-08-31] (RealNetworks, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-11-03] (LogMeIn Inc.)
HKU\Alyssa\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-03-25] (Google Inc.)
HKU\Alyssa\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-09] (Microsoft Corporation)
HKU\Alyssa\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Alyssa\...\Run: [GoogleChromeAutoLaunch_C144F2622DB992178DFB979A3C7428E5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-21] (Google Inc.)
HKU\Alyssa\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\Aydan\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-03-25] (Google Inc.)
HKU\Aydan\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\Aydan\...\Run: [Facebook Update] => C:\Users\Aydan\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\Aydan\...\Run: [GoogleChromeAutoLaunch_13E5667FC936F662EEFAF73831C29737] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-21] (Google Inc.)
HKU\Aydan\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\Default\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\Default User\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\Keane\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-03-25] (Google Inc.)
HKU\Keane\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\Owner\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-03-25] (Google Inc.)
HKU\Owner\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\Owner\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Quinn\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-03-25] (Google Inc.)
HKU\Quinn\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1940160 2014-11-11] (Valve Corporation)
HKU\Quinn\...\Run: [Desura] => C:\Program Files (x86)\Desura\desura.exe [2529096 2012-08-27] (Desura Pty Ltd)
HKU\Quinn\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\Steve\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-03-25] (Google Inc.)
HKU\Steve\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Steve\...\Run: [Desura] => C:\Program Files (x86)\Desura\desura.exe [2529096 2012-08-27] (Desura Pty Ltd)
HKU\Steve\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\Steve\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\UpdatusUser\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Startup: C:\Users\Alyssa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
ShortcutTarget: HP SimpleSave Monitor.lnk -> C:\Users\Steve\AppData\Roaming\HP SimpleSave Application\StartHelper.exe ()
BootExecute:
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 ACPService; C:\Program Files (x86)\Philips\CamSuite\1.0.9.0\ACPService.exe [741376 2008-06-11] ()
S2 BackupService; C:\Users\Steve\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (ArcSoft, Inc.)
S2 ETService; C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [24576 2008-06-11] ()
S2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [726016 2008-09-08] ()
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-10-21] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [441344 2012-07-06] (Alcatel-Lucent)
S2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-04-18] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-04-18] (Secunia)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S3 AVer88xHD; C:\Windows\System32\drivers\AVer88xHD64.sys [432256 2007-04-10] (AVerMedia TECHNOLOGIES, Inc.)
S1 Beep; No ImagePath
S3 Iviaspi; C:\Windows\System32\drivers\iviaspi.sys [21792 2007-01-11] (InterVideo, Inc.)
S3 Iviaspi; C:\Windows\SysWOW64\drivers\iviaspi.sys [10368 2005-12-01] (InterVideo, Inc.)
S2 MCSTRM; No ImagePath
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA))
S0 nvamacpi; C:\Windows\System32\DRIVERS\NVAMACPI.sys [28192 2005-08-27] (NVIDIA Corporation)
S0 nvrd64; C:\Windows\System32\drivers\nvrd64.sys [166944 2008-08-18] (NVIDIA Corporation)
S3 phaudlwr; C:\Windows\System32\DRIVERS\phaudlwr.sys [114608 2009-10-20] (Philips Applied Technologies)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 RSUSBSTOR; C:\Windows\System32\Drivers\RTS5121.sys [204288 2008-06-03] (Realtek Semiconductor Corporation)
S3 SPC1330; C:\Windows\System32\DRIVERS\spc1330.sys [3297792 2010-01-05] ()
S1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [117312 2013-12-03] (Trend Micro Inc.)
S1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [283160 2013-12-03] (Trend Micro Inc.)
S0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-01] (Trend Micro Inc.)
S3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [100640 2013-06-12] (Trend Micro Inc.)
S1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [85936 2013-12-03] (Trend Micro Inc.)
S3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [303392 2013-05-15] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-08-22] (Trend Micro Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 Rts516xIR; system32\DRIVERS\Rts516xIR.sys [X]
S2 TMAgent; No ImagePath
S3 USBCCID; system32\DRIVERS\Rts5161ccid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-22 08:16 - 2014-11-22 08:16 - 00000000 ____D () C:\FRST
2014-11-20 05:31 - 2014-11-20 05:31 - 00007042 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-11-20 05:29 - 2014-11-20 05:29 - 00282608 _____ () C:\Windows\Minidump\Mini112014-01.dmp
2014-11-19 17:24 - 2014-11-19 17:24 - 00000732 _____ () C:\Users\Steve\AppData\Local\d3d9caps64.dat
2014-11-19 17:19 - 2014-11-19 17:19 - 00281640 _____ () C:\Windows\Minidump\Mini111914-03.dmp
2014-11-19 17:11 - 2014-11-19 17:12 - 00281640 _____ () C:\Windows\Minidump\Mini111914-02.dmp
2014-11-19 03:42 - 2014-11-19 03:42 - 00281640 _____ () C:\Windows\Minidump\Mini111914-01.dmp
2014-11-19 01:04 - 2014-11-19 01:04 - 00000000 ____H () C:\ProgramData\cm-lock
2014-11-19 01:00 - 2014-10-23 17:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 01:00 - 2014-10-23 16:39 - 00656384 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-11-18 21:20 - 2014-11-18 21:20 - 00006627 _____ () C:\Users\Steve\Desktop\RKreport_DEL_11182014_231926 2.log
2014-11-18 21:19 - 2014-11-18 21:19 - 00006710 _____ () C:\Users\Steve\Desktop\RKreport_DEL_11182014_231758.log
2014-11-18 21:06 - 2014-11-18 21:06 - 00037624 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2014-11-18 21:06 - 2014-11-18 21:06 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-18 21:02 - 2014-11-18 21:02 - 17535064 _____ () C:\Users\Steve\Desktop\RogueKillerX64.exe
2014-11-18 20:59 - 2014-11-18 20:59 - 02037784 _____ (SafeInstall, LLC) C:\Users\Steve\Desktop\manualdownload.exe
2014-11-15 14:22 - 2014-11-15 14:22 - 00688992 ____R (Swearware) C:\Users\Steve\Desktop\dds 2014-11-15.com
2014-11-15 12:57 - 2014-11-15 12:57 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Steve\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-15 08:07 - 2014-11-15 08:10 - 483929486 _____ () C:\Users\Quinn\Downloads\nohomebrew.zip
2014-11-12 19:40 - 2014-11-12 19:43 - 157240251 _____ () C:\Users\Owner\Downloads\10 Ibert - Flute Concerto - II_2 (1).mp4
2014-11-12 19:17 - 2014-11-12 19:20 - 157240251 _____ () C:\Users\Owner\Downloads\10 Ibert - Flute Concerto - II_2.mp4
2014-11-12 01:48 - 2014-10-12 15:52 - 02782208 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-11-12 01:48 - 2014-09-18 16:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 01:48 - 2014-09-18 16:45 - 00347136 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-11-12 01:43 - 2014-08-11 18:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 01:43 - 2014-08-11 18:11 - 00923136 _____ (Microsoft Corporation) C:\Windows\System32\IMJP10K.DLL
2014-11-12 01:41 - 2014-10-17 17:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 01:41 - 2014-10-17 16:46 - 00847360 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2014-11-12 01:41 - 2014-10-09 17:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll
2014-11-12 01:41 - 2014-10-09 17:09 - 01689600 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-11-12 01:41 - 2014-10-09 17:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2014-11-12 01:41 - 2014-10-09 17:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 01:41 - 2014-10-09 17:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 01:41 - 2014-10-09 15:53 - 00619520 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2014-11-12 01:41 - 2014-10-09 15:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 01:40 - 2014-10-02 17:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 01:40 - 2014-10-02 17:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 01:40 - 2014-10-02 17:17 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 01:40 - 2014-10-02 17:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2014-11-12 01:40 - 2014-10-02 17:02 - 00201728 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2014-11-12 01:40 - 2014-10-02 17:01 - 00474624 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2014-11-12 01:40 - 2014-10-02 17:01 - 00446976 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2014-11-12 01:40 - 2014-10-02 15:49 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodg.exe
2014-11-12 01:00 - 2014-10-23 17:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 01:00 - 2014-10-23 16:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll
2014-11-12 01:00 - 2014-08-26 16:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 01:00 - 2014-08-26 16:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 01:00 - 2014-08-26 16:41 - 01869824 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-11-12 01:00 - 2014-08-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2014-11-11 16:39 - 2014-10-27 12:32 - 17870336 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-11-11 16:39 - 2014-10-27 12:13 - 02339840 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-11-11 16:39 - 2014-10-27 12:12 - 10921472 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-11-11 16:39 - 2014-10-27 12:07 - 01388032 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-11-11 16:39 - 2014-10-27 12:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-11-11 16:39 - 2014-10-27 12:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-11-11 16:39 - 2014-10-27 12:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2014-11-11 16:39 - 2014-10-27 12:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-11-11 16:39 - 2014-10-27 12:04 - 02157056 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-11-11 16:39 - 2014-10-27 12:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-11-11 16:39 - 2014-10-27 12:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-11-11 16:39 - 2014-10-27 12:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-11-11 16:39 - 2014-10-27 12:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-11-11 16:39 - 2014-10-27 12:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-11-11 16:39 - 2014-10-27 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-11-11 16:39 - 2014-10-27 12:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-11-11 16:39 - 2014-10-27 12:03 - 00248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-11-11 16:39 - 2014-10-27 12:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-11-11 16:39 - 2014-10-27 12:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2014-11-11 16:39 - 2014-10-27 12:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2014-11-11 16:39 - 2014-10-27 12:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2014-11-11 16:39 - 2014-10-27 11:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 16:39 - 2014-10-27 11:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 16:39 - 2014-10-27 11:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 16:39 - 2014-10-27 10:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 16:39 - 2014-10-27 10:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 16:39 - 2014-10-27 10:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 16:39 - 2014-10-27 10:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-11 16:39 - 2014-10-27 10:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 16:39 - 2014-10-27 10:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 16:39 - 2014-10-27 10:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-11 16:39 - 2014-10-27 10:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 16:39 - 2014-10-27 10:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 16:39 - 2014-10-27 10:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 16:39 - 2014-10-27 10:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 16:39 - 2014-10-27 10:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 16:39 - 2014-10-27 10:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 16:39 - 2014-10-27 10:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 16:39 - 2014-10-27 10:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-11 16:39 - 2014-10-27 10:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-11 16:39 - 2014-10-27 10:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-11 16:39 - 2014-10-27 10:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-06 21:02 - 2014-11-06 21:02 - 72542407 _____ () C:\Users\Owner\Desktop\French Video Project Quinn Matt Joey.wmv
2014-11-06 03:40 - 2014-11-06 03:40 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-11-03 05:14 - 2014-11-03 05:15 - 51596905 _____ () C:\Users\Owner\Downloads\28 Bach - Sonata #1 - I_2 (1).mp4
2014-11-03 05:14 - 2014-11-03 05:14 - 51596905 _____ () C:\Users\Owner\Downloads\28 Bach - Sonata #1 - I_2.mp4
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-20 05:33 - 2009-12-27 09:21 - 00000732 _____ () C:\Users\Owner\AppData\Local\d3d9caps64.dat
2014-11-20 05:31 - 2009-05-18 12:37 - 00018944 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-20 05:30 - 2012-11-11 10:05 - 00000000 ____D () C:\Users\Owner\AppData\Local\LogMeIn Hamachi
2014-11-20 05:29 - 2010-01-25 17:23 - 541341959 _____ () C:\Windows\MEMORY.DMP
2014-11-20 05:29 - 2010-01-25 17:23 - 00000000 ____D () C:\Windows\Minidump
2014-11-19 17:36 - 2009-12-08 17:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-19 17:36 - 2009-02-18 04:15 - 00000000 _____ () C:\Windows\System32\LogConfigTemp.xml
2014-11-19 17:36 - 2009-02-18 04:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-19 17:36 - 2006-11-02 07:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-19 17:36 - 2006-11-02 07:22 - 00004912 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-19 17:36 - 2006-11-02 07:22 - 00004912 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-19 17:24 - 2006-11-02 04:46 - 00006844 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-11-19 01:03 - 2013-12-08 19:35 - 00136280 _____ () C:\Windows\PFRO.log
2014-11-19 01:02 - 2009-02-18 04:05 - 01440351 _____ () C:\Windows\WindowsUpdate.log
2014-11-19 01:02 - 2006-11-02 07:42 - 00032642 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-19 00:52 - 2013-02-08 20:58 - 00000064 __RSH () C:\Windows\System32\Drivers\WUDFPf.winsecurity
2014-11-19 00:41 - 2012-04-01 15:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-19 00:24 - 2009-12-08 17:01 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-19 00:12 - 2013-02-08 20:58 - 00000064 __RSH () C:\Windows\System32\Drivers\ws2ifsl.winsecurity
2014-11-19 00:11 - 2012-12-04 19:06 - 00000338 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-11-19 00:06 - 2011-09-23 13:56 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4030962143-734979336-2068065854-1003UA.job
2014-11-18 20:54 - 2012-11-04 07:04 - 00000000 ____D () C:\Users\Steve\AppData\Local\LogMeIn Hamachi
2014-11-18 15:06 - 2011-09-23 13:56 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4030962143-734979336-2068065854-1003Core.job
2014-11-18 11:51 - 2009-03-28 13:31 - 00002657 _____ () C:\Users\Owner\Desktop\Outlook 2007.lnk
2014-11-18 00:57 - 2011-04-20 12:32 - 00003686 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0ACA3BFE-D8F2-4744-AB5D-A1B932E4FC81}
2014-11-17 00:16 - 2011-04-19 16:19 - 00003686 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0AC84020-B60A-453C-9A07-83473F7ACA3F}
2014-11-16 14:25 - 2013-01-20 12:03 - 00000000 ____D () C:\Users\Steve\AppData\Local\Trend Micro
2014-11-16 06:33 - 2014-08-20 03:19 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4030962143-734979336-2068065854-1000
2014-11-16 06:33 - 2014-01-11 05:46 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4030962143-734979336-2068065854-1000
2014-11-15 14:28 - 2014-04-27 09:53 - 00012100 _____ () C:\Users\Steve\Desktop\attach.txt
2014-11-15 14:25 - 2014-04-27 09:53 - 00026597 _____ () C:\Users\Steve\Desktop\dds.txt
2014-11-15 14:18 - 2014-04-27 09:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-11-15 14:14 - 2006-11-02 07:07 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-15 14:11 - 2014-04-27 09:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-15 14:08 - 2013-06-19 15:46 - 00000000 ____D () C:\Program Files (x86)\Ask.com
2014-11-15 12:58 - 2014-04-27 09:07 - 00000943 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-15 08:08 - 2012-08-19 13:56 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-15 08:05 - 2012-12-22 10:24 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4030962143-734979336-2068065854-1005
2014-11-15 08:05 - 2012-12-22 10:24 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4030962143-734979336-2068065854-1005
2014-11-15 08:05 - 2012-11-03 08:49 - 00000000 ____D () C:\Users\Quinn\AppData\Local\LogMeIn Hamachi
2014-11-15 06:49 - 2014-10-19 11:25 - 00003362 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4030962143-734979336-2068065854-1006
2014-11-15 06:49 - 2014-10-19 11:25 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4030962143-734979336-2068065854-1006
2014-11-14 19:19 - 2009-12-08 17:01 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 19:19 - 2009-12-08 17:01 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 14:21 - 2013-12-02 19:57 - 00000000 ____D () C:\Users\Owner\AppData\Local\Trend Micro
2014-11-12 10:59 - 2014-03-11 20:10 - 00003362 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4030962143-734979336-2068065854-1000
2014-11-12 10:59 - 2014-03-11 20:10 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4030962143-734979336-2068065854-1000
2014-11-12 02:41 - 2012-04-01 15:51 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 02:41 - 2012-04-01 15:51 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 02:41 - 2011-05-15 13:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 02:23 - 2006-11-02 05:33 - 00000000 ____D () C:\Windows\rescache
2014-11-12 02:08 - 2006-11-02 07:21 - 00439720 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-11-12 01:47 - 2008-11-07 14:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 01:39 - 2013-08-15 03:54 - 00000000 ____D () C:\Windows\System32\MRT
2014-11-12 01:00 - 2006-11-02 04:35 - 103374192 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2014-11-06 21:09 - 2013-11-17 07:28 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\vlc
2014-11-06 03:40 - 2012-11-03 08:48 - 00000839 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-11-05 20:46 - 2013-08-25 19:46 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\vlc
2014-11-02 08:39 - 2009-03-29 08:16 - 00000000 ____D () C:\users\Keane
2014-11-01 07:37 - 2013-01-01 07:16 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4030962143-734979336-2068065854-1003
2014-11-01 07:37 - 2013-01-01 07:16 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4030962143-734979336-2068065854-1003
2014-11-01 07:37 - 2012-11-07 19:03 - 00000000 ____D () C:\Users\Aydan\AppData\Local\LogMeIn Hamachi
2014-11-01 07:37 - 2009-03-29 08:04 - 00000000 ____D () C:\users\Aydan
2014-10-29 14:26 - 2014-06-09 13:06 - 00002027 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-29 13:42 - 2009-03-25 10:51 - 00000000 ____D () C:\users\Owner
2014-10-29 11:15 - 2012-11-07 19:02 - 00000000 ____D () C:\Users\Alyssa\AppData\Local\LogMeIn Hamachi
2014-10-26 09:25 - 2012-12-26 07:04 - 00003342 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4030962143-734979336-2068065854-1002
2014-10-26 09:25 - 2012-12-26 07:04 - 00003210 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4030962143-734979336-2068065854-1002
2014-10-25 07:46 - 2009-05-31 09:42 - 00000000 ____D () C:\Users\Alyssa\Tracing
Files to move or delete:
====================
C:\Users\Public\Deb Home Keane TTi_7.0_HE_Downloader.exe
Some content of TEMP:
====================
C:\Users\Steve\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Steve\AppData\Local\Temp\dwa85res_en.dll
C:\Users\Steve\AppData\Local\Temp\mnyB37.exe
C:\Users\Steve\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\Steve\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Steve\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Steve\AppData\Local\Temp\vlc-2.1.5-win32.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
Restore point made on: 2014-10-08 21:00:06
Restore point made on: 2014-10-10 04:02:36
Restore point made on: 2014-10-10 21:00:01
Restore point made on: 2014-10-11 21:00:06
Restore point made on: 2014-10-12 06:54:13
Restore point made on: 2014-10-13 05:27:25
Restore point made on: 2014-10-13 21:00:03
Restore point made on: 2014-10-14 16:08:45
Restore point made on: 2014-10-15 00:00:20
Restore point made on: 2014-10-15 21:00:04
Restore point made on: 2014-10-16 21:00:06
Restore point made on: 2014-10-17 21:00:07
Restore point made on: 2014-10-19 12:16:35
Restore point made on: 2014-10-23 03:37:02
Restore point made on: 2014-10-23 21:00:02
Restore point made on: 2014-10-24 21:00:06
Restore point made on: 2014-10-25 21:00:06
Restore point made on: 2014-10-29 17:38:11
Restore point made on: 2014-10-30 21:16:54
Restore point made on: 2014-10-31 21:00:04
Restore point made on: 2014-11-01 21:00:07
Restore point made on: 2014-11-04 18:03:55
Restore point made on: 2014-11-05 22:11:57
Restore point made on: 2014-11-06 22:29:42
Restore point made on: 2014-11-07 22:00:06
Restore point made on: 2014-11-09 08:07:15
Restore point made on: 2014-11-12 01:00:25
Restore point made on: 2014-11-12 22:00:06
Restore point made on: 2014-11-13 22:00:06
Restore point made on: 2014-11-14 22:00:06
Restore point made on: 2014-11-15 15:16:17
Restore point made on: 2014-11-17 00:15:51
Restore point made on: 2014-11-17 22:00:06
Restore point made on: 2014-11-18 22:00:08
Restore point made on: 2014-11-19 01:00:13
==================== Memory info ===========================
Percentage of memory in use: 9%
Total physical RAM: 8190.44 MB
Available physical RAM: 7446.64 MB
Total Pagefile: 7924.34 MB
Available Pagefile: 7556.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:581.52 GB) (Free:184.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive i: (USB DISK) (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32
Drive x: (PQSERVICE) (Fixed) (Total:14.65 GB) (Free:6.23 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 4D8D8909)
Partition 1: (Not Active) - (Size=14.7 GB) - (Type=27)
Partition 2: (Active) - (Size=581.5 GB) - (Type=07 NTFS)
========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)
LastRegBack: 2014-11-19 17:24
==================== End Of Log ============================
November 22nd, 2014, 10:27 AM
#11
Sorry for the double post. The forum sent me to a new page saying the message did not send and to wait 30 seconds and post again.
Stitch60134
November 22nd, 2014, 10:29 PM
#12
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
On Vista or Windows 7/8: Now please enter System Recovery Options.
On Windows XP: Now please boot into the OTLPE CD.
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
See if you can boot now.
Attached Files
November 22nd, 2014, 11:00 PM
#13
Broni,
I ran FRST64 and pressed the Fix button. It put a Fixlog.txt file on the USB and deleted the fixlist.txt file.
I rebooted and made it to my desktop but after about 10 to 20 seconds the blue stop screen returned.
Here is the Fixlog .txt data:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-11-2014
Ran by SYSTEM at 2014-11-22 20:48:53 Run:1
Running from i:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
LastRegBack: 2014-11-19 17:24
*****************
DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.
==== End of Fixlog ====
Thank you,
Stitch60134
November 22nd, 2014, 11:03 PM
#14
There is no sign of any infection anymore so you must have some other issues.
In this forum, we make sure, your computer is free of malware and your computer is clean
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.
Good luck
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
Forum Rules