Author Topic: [Resolved] mrstub.exe potential threat?  (Read 3159 times)

Offline mooseboy018

  • Bronze Member
  • Posts: 115
[Resolved] mrstub.exe potential threat?
« on: February 11, 2015, 12:15:36 PM »
I posted this in the general security forum, but I thought I should post it here too just to make sure nothing was actually wrong:

Opened up my D drive a few minutes ago, and I saw a random folder that I didn't create. The name was a bunch of random letters and numbers. Something basically like: 12navui3fnb5abs

I right clicked it, and it said the folder had been created a few minutes before I found it. I scanned just the folder with TrojanKiller and Malwarebytes, and they both said there were no threats detected.

I opened the folder and inside were two .exe files (before I opened it, it asked me for administrator permission). At least I think they were both .exe files. I obviously can't go back and check since the entire folder disappeared. The name of the applications were something like mrstub.exe. I'm not 100% sure about the names, but I know it started with an 'm' and ended with 'stub'. I right clicked them, and it said they were both created on January 29th, which I thought was odd considering the folder had supposedly been created just a few minutes before I saw it.

When I tried to delete the folder, it said I couldn't because it was active in another program. I closed the D drive and opened it up again, and the mysterious folder was gone but not in my recycle bin.

Even though there was no threat detected, the fact that this thing just showed up out of nowhere has me a little worried. Any idea what it was? I tried checking TrojanKiller and Malwarebytes logs, but I didn't see the name of the folder or files listed anywhere.


Based on what Hoov and others have said, it sounds like this is probably just a result of some sort of malware scanner creating a temporary folder. But if there's a chance that it's actually something bad, I want to catch it.





DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17631  BrowserJavaVersion: 11.31.2
Run by Zack at 13:11:22 on 2015-02-11
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3982.2166 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://go.microsoft.com
uDefault_Page_URL = about:blank
uDefault_Search_URL = hxxp://go.microsoft.com
mStart Page = about:blank
mSearch Page = hxxp://go.microsoft.com
mDefault_Page_URL = about:blank
mDefault_Search_URL = hxxp://go.microsoft.com
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 184.172.114.130,208.43.110.90
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{B8594177-8815-4E1B-9D1F-E4F340E512BE} : NameServer = 184.172.114.130,208.43.110.90
TCP: Interfaces\{B8594177-8815-4E1B-9D1F-E4F340E512BE} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{B8594177-8815-4E1B-9D1F-E4F340E512BE}\E45445745414256333 : NameServer = 184.172.114.130,208.43.110.90
TCP: Interfaces\{B8594177-8815-4E1B-9D1F-E4F340E512BE}\E45445745414256333 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B8594177-8815-4E1B-9D1F-E4F340E512BE}\E45445745414258393 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{F9205CE0-11F9-4E16-8724-AB577FD654D0} : NameServer = 184.172.114.130,208.43.110.90
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: WSIEChrome - <Clsid value has no data>
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-mSearch Page = hxxp://go.microsoft.com
x64-mDefault_Page_URL = about:blank
x64-mDefault_Search_URL = hxxp://go.microsoft.com
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Handler: WSIEChrome - <Clsid value has no data>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\r7v4bs9j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-11-18 203544]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-7-18 313624]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-10-5 124184]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-18 31512]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2012-10-5 647736]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2012-10-5 28216]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-4-20 20464]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-18 153368]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-12-8 260888]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-8-28 243480]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-10-10 274200]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-4-27 50976]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-19 77128]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-4-13 277120]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2015-1-6 3440080]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2015-1-6 309232]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-11-16 169432]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2015-1-30 2604344]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2012-5-7 17152]
R3 AsusVBus;AsusVBus;C:\Windows\System32\drivers\AsusVBus.sys [2012-7-13 35968]
R3 AsusVTouch;AsusVTouch;C:\Windows\System32\drivers\AsusVTouch.sys [2012-7-13 19104]
R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\drivers\AsusTP.sys [2012-7-13 49824]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-7-25 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-4-20 358896]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-4-20 795632]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\drivers\RtsBaStor.sys [2015-2-2 313048]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-10-11 939224]
R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;C:\Windows\System32\drivers\gtkdrv.sys [2015-2-9 17568]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2014-8-28 14112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-6-25 95928]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-2-18 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-2-10 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-2-6 203544]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2014-3-26 16152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-9-5 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-18 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-1 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-02-11 04:25:54   1424384   ----a-w-   C:\Windows\System32\WindowsCodecs.dll
2015-02-11 04:24:17   5554112   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2015-02-11 04:24:12   3972544   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2015-02-11 04:24:12   3917760   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2015-02-11 04:24:09   503808   ----a-w-   C:\Windows\System32\srcore.dll
2015-02-11 04:24:09   50176   ----a-w-   C:\Windows\System32\srclient.dll
2015-02-11 04:24:09   43008   ----a-w-   C:\Windows\SysWow64\srclient.dll
2015-02-11 04:24:09   296960   ----a-w-   C:\Windows\System32\rstrui.exe
2015-02-11 04:23:29   406528   ----a-w-   C:\Windows\System32\scesrv.dll
2015-02-11 04:23:29   308224   ----a-w-   C:\Windows\SysWow64\scesrv.dll
2015-02-11 04:23:27   3201536   ----a-w-   C:\Windows\System32\win32k.sys
2015-02-10 07:00:00   --------   d-----w-   C:\Users\Zack\AppData\Local\{FF2FE689-150A-4F40-A2C0-5225BDE83FEB}
2015-02-09 15:25:46   17568   ----a-w-   C:\Windows\System32\drivers\gtkdrv.sys
2015-02-06 06:36:44   --------   d-----w-   C:\ProgramData\Package Cache
2015-02-06 06:31:41   --------   d-----w-   C:\Users\Zack\AppData\Local\{54A153BE-D261-4920-8754-97F13B962C9D}
2015-02-05 07:42:04   5070512   ----a-w-   C:\Windows\SysWow64\FlashPlayerInstaller.exe
2015-02-05 00:22:54   --------   d-----w-   C:\Users\Zack\AppData\Local\{B9DF0BF3-8780-4CBE-B7B2-64842E33B986}
2015-02-04 23:58:32   --------   d-----w-   C:\Program Files\iPod
2015-02-04 23:58:31   --------   d-----w-   C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-04 23:58:31   --------   d-----w-   C:\Program Files\iTunes
2015-02-04 02:06:57   --------   d-----w-   C:\Users\Zack\AppData\Local\{7E595DD7-8396-4003-8AE1-9C46227D39D5}
2015-02-02 06:07:40   3209728   ----a-w-   C:\Windows\SysWow64\mf.dll
2015-02-02 06:07:39   4121600   ----a-w-   C:\Windows\System32\mf.dll
2015-02-02 05:58:43   3241984   ----a-w-   C:\Windows\System32\msi.dll
2015-02-02 05:58:43   2363904   ----a-w-   C:\Windows\SysWow64\msi.dll
2015-02-02 05:58:20   165888   ----a-w-   C:\Windows\System32\charmap.exe
2015-02-02 05:58:20   155136   ----a-w-   C:\Windows\SysWow64\charmap.exe
2015-02-02 05:58:10   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2015-02-02 05:58:10   2048   ----a-w-   C:\Windows\System32\tzres.dll
2015-02-02 05:57:05   346624   ----a-w-   C:\Windows\System32\WSManMigrationPlugin.dll
2015-02-02 05:57:05   310272   ----a-w-   C:\Windows\System32\WsmWmiPl.dll
2015-02-02 05:57:05   266240   ----a-w-   C:\Windows\System32\WSManHTTPConfig.exe
2015-02-02 05:57:05   248832   ----a-w-   C:\Windows\SysWow64\WSManMigrationPlugin.dll
2015-02-02 05:57:05   214016   ----a-w-   C:\Windows\SysWow64\WsmWmiPl.dll
2015-02-02 05:57:05   2020352   ----a-w-   C:\Windows\System32\WsmSvc.dll
2015-02-02 05:57:05   198656   ----a-w-   C:\Windows\SysWow64\WSManHTTPConfig.exe
2015-02-02 05:57:05   181248   ----a-w-   C:\Windows\System32\WsmAuto.dll
2015-02-02 05:57:05   145920   ----a-w-   C:\Windows\SysWow64\WsmAuto.dll
2015-02-02 05:57:05   1177088   ----a-w-   C:\Windows\SysWow64\WsmSvc.dll
2015-02-02 05:56:55   119296   ----a-w-   C:\Windows\System32\drivers\tdx.sys
2015-02-02 05:51:14   788696   ----a-w-   C:\Windows\System32\drivers\RtsPer.sys
2015-02-02 05:51:14   377560   ----a-w-   C:\Windows\System32\drivers\RtsUer.sys
2015-02-02 05:51:14   359128   ----a-w-   C:\Windows\System32\drivers\RtsPStor.sys
2015-02-02 05:51:14   313048   ----a-w-   C:\Windows\System32\drivers\RtsBaStor.sys
2015-02-02 05:51:14   294104   ----a-w-   C:\Windows\System32\drivers\RtsP2Stor.sys
2015-02-02 05:51:13   9890008   ----a-w-   C:\Windows\SysWow64\RsCRIcon.dll
2015-02-02 05:50:19   --------   d-----w-   C:\Intel
2015-01-29 18:23:27   --------   d-----w-   C:\Users\Zack\AppData\Local\Garmin
2015-01-29 18:23:16   --------   d-----w-   C:\Users\Zack\AppData\Roaming\Garmin
2015-01-29 18:22:11   --------   d-----w-   C:\ProgramData\Garmin
2015-01-28 19:10:14   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2015-01-28 19:10:14   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2015-01-28 19:10:14   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2015-01-28 19:10:14   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2015-01-28 19:10:14   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2015-01-23 07:21:40   --------   d-----w-   C:\Users\Zack\AppData\Local\{E5AE8C0A-7AED-444E-B589-B81B28C3D703}
2015-01-22 02:47:53   --------   d-----w-   C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-21 02:38:52   --------   d-----w-   C:\Users\Zack\AppData\Local\{C95C3FB4-13AC-4499-866F-1BE7E8C0B0A1}
2015-01-20 03:08:50   --------   d-----w-   C:\Users\Zack\AppData\Local\{F5CCD869-819E-4510-8FB6-FE7E74F2919C}
2015-01-13 20:50:02   210432   ----a-w-   C:\Windows\System32\profsvc.dll
2015-01-13 20:50:01   52224   ----a-w-   C:\Windows\SysWow64\nlaapi.dll
2015-01-13 20:50:01   303616   ----a-w-   C:\Windows\System32\nlasvc.dll
2015-01-13 20:50:01   156672   ----a-w-   C:\Windows\SysWow64\ncsi.dll
2015-01-13 20:50:01   141312   ----a-w-   C:\Windows\System32\drivers\mrxdav.sys
2015-01-13 20:49:56   87040   ----a-w-   C:\Windows\System32\TSWbPrxy.exe
.
==================== Find3M  ====================
.
2015-02-11 08:44:32   129752   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-02-05 07:42:08   71344   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 07:42:08   701616   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2015-02-02 06:15:17   16152   ----a-w-   C:\Windows\System32\drivers\SWDUMon.sys
2015-01-30 16:23:16   41784   ----a-w-   C:\Windows\System32\TURegOpt.exe
2015-01-30 16:22:58   44856   ----a-w-   C:\Windows\System32\uxtuneup.dll
2015-01-30 16:22:58   36664   ----a-w-   C:\Windows\SysWow64\uxtuneup.dll
2015-01-30 16:22:58   30520   ----a-w-   C:\Windows\System32\authuitu.dll
2015-01-30 16:22:58   25912   ----a-w-   C:\Windows\SysWow64\authuitu.dll
2015-01-26 21:25:55   98216   ----a-w-   C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-15 08:14:17   155072   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2015-01-15 08:14:16   95680   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2015-01-15 08:09:58   29184   ----a-w-   C:\Windows\System32\sspisrv.dll
2015-01-15 08:09:58   136192   ----a-w-   C:\Windows\System32\sspicli.dll
2015-01-15 08:09:57   28160   ----a-w-   C:\Windows\System32\secur32.dll
2015-01-15 08:09:51   1461760   ----a-w-   C:\Windows\System32\lsasrv.dll
2015-01-15 08:09:15   31232   ----a-w-   C:\Windows\System32\lsass.exe
2015-01-15 08:08:59   64000   ----a-w-   C:\Windows\System32\auditpol.exe
2015-01-15 08:06:22   60416   ----a-w-   C:\Windows\System32\msobjs.dll
2015-01-15 08:06:11   146432   ----a-w-   C:\Windows\System32\msaudite.dll
2015-01-15 08:04:23   686080   ----a-w-   C:\Windows\System32\adtschema.dll
2015-01-15 07:42:59   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2015-01-15 07:42:05   50176   ----a-w-   C:\Windows\SysWow64\auditpol.exe
2015-01-15 07:41:53   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
2015-01-15 07:39:53   60416   ----a-w-   C:\Windows\SysWow64\msobjs.dll
2015-01-15 07:39:36   146432   ----a-w-   C:\Windows\SysWow64\msaudite.dll
2015-01-15 07:37:55   686080   ----a-w-   C:\Windows\SysWow64\adtschema.dll
2015-01-15 04:22:18   458824   ----a-w-   C:\Windows\System32\drivers\cng.sys
2015-01-13 02:49:19   1230336   ----a-w-   C:\Windows\SysWow64\WindowsCodecs.dll
2015-01-12 03:05:32   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2015-01-12 03:05:19   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2015-01-12 02:49:42   66560   ----a-w-   C:\Windows\System32\iesetup.dll
2015-01-12 02:48:57   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2015-01-12 02:48:52   584192   ----a-w-   C:\Windows\System32\vbscript.dll
2015-01-12 02:47:25   88064   ----a-w-   C:\Windows\System32\MshtmlDac.dll
2015-01-12 02:34:42   144384   ----a-w-   C:\Windows\System32\ieUnatt.exe
2015-01-12 02:34:30   114688   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2015-01-12 02:33:52   814080   ----a-w-   C:\Windows\System32\jscript9diag.dll
2015-01-12 02:32:57   6041088   ----a-w-   C:\Windows\System32\jscript9.dll
2015-01-12 02:25:28   968704   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2015-01-12 02:21:19   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2015-01-12 02:13:27   77824   ----a-w-   C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-01-12 02:08:09   503296   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2015-01-12 02:07:51   62464   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2015-01-12 02:07:06   47616   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2015-01-12 02:05:36   64000   ----a-w-   C:\Windows\SysWow64\MshtmlDac.dll
2015-01-12 01:55:47   115712   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2015-01-12 01:55:00   620032   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2015-01-12 01:46:29   1359360   ----a-w-   C:\Windows\System32\mshtmlmedia.dll
2015-01-12 01:46:00   2125824   ----a-w-   C:\Windows\System32\inetcpl.cpl
2015-01-12 01:40:43   60416   ----a-w-   C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-01-12 01:29:46   4300800   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2015-01-12 01:27:32   2358272   ----a-w-   C:\Windows\System32\wininet.dll
2015-01-12 01:23:09   2052608   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2015-01-12 01:22:17   1155072   ----a-w-   C:\Windows\SysWow64\mshtmlmedia.dll
2015-01-12 01:00:17   1888256   ----a-w-   C:\Windows\SysWow64\wininet.dll
2015-01-10 06:48:22   210944   ----a-w-   C:\Windows\System32\wdigest.dll
2015-01-10 06:48:19   86528   ----a-w-   C:\Windows\System32\TSpkg.dll
2015-01-10 06:48:17   341504   ----a-w-   C:\Windows\System32\schannel.dll
2015-01-10 06:48:13   309760   ----a-w-   C:\Windows\System32\ncrypt.dll
2015-01-10 06:48:12   314880   ----a-w-   C:\Windows\System32\msv1_0.dll
2015-01-10 06:48:10   728064   ----a-w-   C:\Windows\System32\kerberos.dll
2015-01-10 06:48:05   22016   ----a-w-   C:\Windows\System32\credssp.dll
2015-01-10 06:27:54   172032   ----a-w-   C:\Windows\SysWow64\wdigest.dll
2015-01-10 06:27:51   65536   ----a-w-   C:\Windows\SysWow64\TSpkg.dll
2015-01-10 06:27:47   248832   ----a-w-   C:\Windows\SysWow64\schannel.dll
2015-01-10 06:27:44   221184   ----a-w-   C:\Windows\SysWow64\ncrypt.dll
2015-01-10 06:27:43   259584   ----a-w-   C:\Windows\SysWow64\msv1_0.dll
2015-01-10 06:27:39   550912   ----a-w-   C:\Windows\SysWow64\kerberos.dll
2015-01-10 06:27:32   17408   ----a-w-   C:\Windows\SysWow64\credssp.dll
2014-12-09 02:24:26   260888   ----a-w-   C:\Windows\System32\drivers\avgidsdrivera.sys
2014-11-21 11:14:22   63704   ----a-w-   C:\Windows\System32\drivers\mwac.sys
2014-11-21 11:14:12   93400   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 11:14:08   25816   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2014-11-19 02:42:04   203544   ----a-w-   C:\Windows\System32\drivers\avgidsha.sys
2014-11-18 19:56:48   1202848   ----a-w-   C:\Windows\SysWow64\FM20.DLL
.
============= FINISH: 13:14:09.04 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/27/2013 6:35:15 PM
System Uptime: 2/11/2015 12:48:43 PM (1 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | K55A
Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz | SOCKET 0 | 2401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 186 GiB total, 9.994 GiB free.
D: is FIXED (NTFS) - 254 GiB total, 26.866 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: HID-compliant mouse
Device ID: HID\ASUSVTOUCHDEV&COL02\2&22FC1D96&0&0001
Manufacturer: Microsoft
Name: HID-compliant mouse
PNP Device ID: HID\ASUSVTOUCHDEV&COL02\2&22FC1D96&0&0001
Service: mouhid
.
==== System Restore Points ===================
.
RP235: 2/11/2015 3:00:52 AM - Windows Update
.
==== Installed Programs ======================
.
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Reader XI (11.0.10)
Adobe Refresh Manager
Anodyne
AoA Audio Extractor
Apple Application Support (32-bit)
Apple Application Support (64-bit)
Apple Mobile Device Support
Apple Software Update
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS Smart Gesture
ASUS Splendid Video Enhancement Technology
ASUS USB Charger Plus
ATK Package
Audiosurf
AVG 2015
AVG PC TuneUp 2015
AVG PC TuneUp 2015 (en-US)
Bastion
Battle.net
BattleBlock Theater
Blackguards
Bonjour
Borderlands 2
Broken Age
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Child of Light
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
Corel PDF Fusion
Corel PDF Fusion - Creator
Corel PDF Fusion - ICA
Corel PDF Fusion - Program
Corel PDF Fusion - Setup
D3DX10
Darkest Dungeon
DivX Setup
Don't Starve
DriverUpdate
DuckTales Remastered
Dust: An Elysian Tail
Easy Phone Tunes
Evoland
FEZ
FINAL FANTASY VII
Free YouTube Download version 3.2.2.430
FTL: Faster Than Light
Galeria de Fotografias do Windows Live
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Garry's Mod
Google Chrome
Google Update Helper
Hearthstone
InstantOn for NB
Intel(R) Management Engine Components
Intel(R) OpenCL CPU Runtime
Intel(R) Processor Graphics
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
iTunes
Java 8 Update 31
Java Auto Updater
Junk Mail filter update
K-Lite Codec Pack 9.8.5 (64-bit)
Kingdom Rush
League of Legends
Malwarebytes Anti-Malware version 2.0.4.1028
Mesh Runtime
Microsoft .NET Framework 4.5.2
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Xbox 360 Accessories 1.2
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0 Refresh
Mozilla Firefox 35.0.1 (x86 en-US)
Mozilla Maintenance Service
MPC-HC 1.7.7 (64-bit)
MSVCRT
MSVCRT_amd64
myBitCast 1.0.0.4
OpenAL
Panda USB Vaccine 1.0.1.4
Pando Media Booster
Pokémon Trading Card Game Online
Qualcomm Atheros WiFi Driver Installation
QuickTime 7
Realtek Card Reader
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Reus
Rogue Legacy
RollerCoaster Tycoon: Deluxe
RPG Maker VX Ace
RPG MAKER VX Ace RTP
SceneSwitch
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596927) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2920795) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2956097) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2956098) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2920788) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2956099) 32-Bit Edition
Shared C Run-time for x64
Shelter
Shovel Knight
Sid Meier's Civilization V
Skype™ 6.20
Sony Picture Utility
Sony USB Driver
Spelunky
Star Wars: Knights of the Old Republic
Starbound
Steam
Super Amazing Wagon Adventure
Super Meat Boy
Terraria
The Banner Saga
The Binding of Isaac
The Sims(TM) 3
Torchlight II
Trojan Killer
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office PowerPoint 2007 (KB2597972) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Uplay
Valdis Story: Abyssal City
Valiant Hearts: The Great War™ / Soldats Inconnus : Mémoires de la Grande Guerre™
VC80CRTRedist - 8.0.50727.6195
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VLC media player 2.0.6
Warcraft III
Windows Driver Package - ASUS (ATP) Mouse  (07/08/2012 1.0.0.93)
Windows Live
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
WinRAR 4.20 (64-bit)
Wireless Console 3
Wondershare Video Editor(Build 4.8.0)
.
==== Event Viewer Messages From Past Week ========
.
2/8/2015 1:07:31 PM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
2/11/2015 4:58:51 AM, Error: Service Control Manager [7034]  - The Canon Camera Access Library 8 service terminated unexpectedly.  It has done this 1 time(s).
2/11/2015 4:00:26 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
2/11/2015 12:49:44 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  PxHelp20
2/11/2015 12:49:00 PM, Error: Application Popup [1060]  - \SystemRoot\SysWow64\Drivers\PxHelp20.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================
« Last Edit: March 15, 2015, 09:29:05 PM by Hoov »



Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27056
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] mrstub.exe potential threat?
« Reply #1 on: February 11, 2015, 04:28:13 PM »
Because you have AVG on your computer I would like you to run a scan with a different scanner, just to make sure there is no problem.

[/b]To run the ESET online scanner click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the [img=http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png] icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes and if it finds anything, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline mooseboy018

  • Bronze Member
  • Posts: 115
Re: [In Progress] mrstub.exe potential threat?
« Reply #2 on: February 12, 2015, 03:48:37 PM »
No threats were found.

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27056
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] mrstub.exe potential threat?
« Reply #3 on: February 12, 2015, 06:13:36 PM »
Please follow these steps:

1.- Download AdwCleaner by Xplode onto your Desktop.
  •   Please close all open programs and internet browsers.
  •   Double click on Adwcleaner.exe to run the tool.
  •   Click on the Scan button..
  •   Please be patient as this can take a while to complete.
  •   You will get a prompt asking to close all programs. Click OK.
  •   Click OK again to reboot your computer. A text file will open after the restart.
  •   Please post the content of that logfile in your reply.
  •   You can find the logfile at C:\AdwCleaner[Sn].txt.
2.- Download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Run the tool by double-clicking it.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt in your next message.
3.- Please download RogueKiller and Save to the desktop.
  • Close all windows and browsers
  • Double click on RogueKiller.exe to run the tool.
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please post it in your next reply.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline mooseboy018

  • Bronze Member
  • Posts: 115
Re: [In Progress] mrstub.exe potential threat?
« Reply #4 on: February 12, 2015, 10:06:39 PM »
# AdwCleaner v4.110 - Logfile created 12/02/2015 at 23:00:58
# Updated 05/02/2015 by Xplode
# Database : 2015-02-12.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Zack - ZACK-PC
# Running from : C:\Users\Zack\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKCU\Software\DriverTuner_Init
Key Deleted : HKCU\Software\DriverTuner
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v35.0.1 (x86 en-US)


-\\ Google Chrome v40.0.2214.111

[C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1559 bytes] - [12/02/2015 22:57:42]
AdwCleaner[S0].txt - [1405 bytes] - [12/02/2015 23:00:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1464  bytes] ##########

Offline mooseboy018

  • Bronze Member
  • Posts: 115
Re: [In Progress] mrstub.exe potential threat?
« Reply #5 on: February 12, 2015, 10:13:01 PM »
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional x64
Ran by Zack on Thu 02/12/2015 at 23:08:26.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Zack\appdata\local\{54A153BE-D261-4920-8754-97F13B962C9D}
Successfully deleted: [Empty Folder] C:\Users\Zack\appdata\local\{7D8AFD09-8486-472E-A341-8F73CAF96F12}
Successfully deleted: [Empty Folder] C:\Users\Zack\appdata\local\{7E595DD7-8396-4003-8AE1-9C46227D39D5}
Successfully deleted: [Empty Folder] C:\Users\Zack\appdata\local\{B0831BEB-0A2E-4738-A7F6-C2DEC5F00E5B}
Successfully deleted: [Empty Folder] C:\Users\Zack\appdata\local\{B9DF0BF3-8780-4CBE-B7B2-64842E33B986}
Successfully deleted: [Empty Folder] C:\Users\Zack\appdata\local\{C95C3FB4-13AC-4499-866F-1BE7E8C0B0A1}
Successfully deleted: [Empty Folder] C:\Users\Zack\appdata\local\{E5AE8C0A-7AED-444E-B589-B81B28C3D703}
Successfully deleted: [Empty Folder] C:\Users\Zack\appdata\local\{F5CCD869-819E-4510-8FB6-FE7E74F2919C}
Successfully deleted: [Empty Folder] C:\Users\Zack\appdata\local\{FAD95D15-3885-4F19-9C8E-FD5BB7520FBD}
Successfully deleted: [Empty Folder] C:\Users\Zack\appdata\local\{FF2FE689-150A-4F40-A2C0-5225BDE83FEB}



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Zack\appdata\local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/12/2015 at 23:11:30.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Offline mooseboy018

  • Bronze Member
  • Posts: 115
Re: [In Progress] mrstub.exe potential threat?
« Reply #6 on: February 12, 2015, 10:26:42 PM »
RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Zack [Administrator]
Mode : Delete -- Date : 02/12/2015  23:23:08

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 19 ¤¤¤
[PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://go.microsoft.com  -> Not selected
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://go.microsoft.com  -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-913676279-1143746095-4277644156-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://go.microsoft.com  -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-913676279-1143746095-4277644156-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://go.microsoft.com  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | NameServer : 184.172.114.130,208.43.110.90 [(Unknown Country?) (XX)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | NameServer : 184.172.114.130,208.43.110.90 [(Unknown Country?) (XX)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | NameServer : 184.172.114.130,208.43.110.90 [(Unknown Country?) (XX)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B8594177-8815-4E1B-9D1F-E4F340E512BE} | NameServer : 184.172.114.130,208.43.110.90 [(Unknown Country?) (XX)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F9205CE0-11F9-4E16-8724-AB577FD654D0} | NameServer : 184.172.114.130,208.43.110.90 [(Unknown Country?) (XX)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B8594177-8815-4E1B-9D1F-E4F340E512BE} | NameServer : 184.172.114.130,208.43.110.90 [(Unknown Country?) (XX)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F9205CE0-11F9-4E16-8724-AB577FD654D0} | NameServer : 184.172.114.130,208.43.110.90 [(Unknown Country?) (XX)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B8594177-8815-4E1B-9D1F-E4F340E512BE} | NameServer : 184.172.114.130,208.43.110.90 [(Unknown Country?) (XX)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F9205CE0-11F9-4E16-8724-AB577FD654D0} | NameServer : 184.172.114.130,208.43.110.90 [(Unknown Country?) (XX)][UNITED STATES (US)]  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-913676279-1143746095-4277644156-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-913676279-1143746095-4277644156-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-913676279-1143746095-4277644156-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-913676279-1143746095-4277644156-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] 36c739f96f2db8795cba06bf95b84cdd
[BSP] 78dbbe245901969d52fcf797261aac99 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_02122015_231833.log

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27056
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] mrstub.exe potential threat?
« Reply #7 on: February 13, 2015, 02:28:47 PM »
Do you know who softlayer.com is?

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline mooseboy018

  • Bronze Member
  • Posts: 115
Re: [In Progress] mrstub.exe potential threat?
« Reply #8 on: February 13, 2015, 10:05:02 PM »
No I don't. Why?
« Last Edit: February 13, 2015, 10:13:01 PM by mooseboy018 »

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27056
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] mrstub.exe potential threat?
« Reply #9 on: February 14, 2015, 10:26:40 AM »
That is who your DNS entries are pointed to. Who is your ISP?

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline mooseboy018

  • Bronze Member
  • Posts: 115
Re: [In Progress] mrstub.exe potential threat?
« Reply #10 on: February 14, 2015, 10:39:56 AM »
AT&T

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27056
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] mrstub.exe potential threat?
« Reply #11 on: February 14, 2015, 11:05:17 AM »
From what I can find out there may be some issues with AT&T's DNS servers. There is a way to get better DNS servers. There is a program from Google called Namebench. If you run it, it will scan all the DNS servers it can find and tell you which ones are best for you. To actually change the settings there are instructions here on  how to do it.

Other than that, there were a few small things on your system,

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline mooseboy018

  • Bronze Member
  • Posts: 115
Re: [In Progress] mrstub.exe potential threat?
« Reply #12 on: February 14, 2015, 11:13:21 AM »
So there are no huge threats though? I won't have a chance to do much with my computer today.

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27056
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] mrstub.exe potential threat?
« Reply #13 on: February 14, 2015, 11:19:18 AM »
I will go thru the logs again this afternoon but your problems looked to be more irritating than large problems. Once you get the DNS issue resolved, if I don't find anything else, we can do a bit of house cleaning and call it done, unless you run into a problem.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline mooseboy018

  • Bronze Member
  • Posts: 115
Re: [In Progress] mrstub.exe potential threat?
« Reply #14 on: February 17, 2015, 12:39:30 AM »
It will be a few days before I have a chance to really do much. Just letting you know. Thanks for the help so far. :t