SpywareHammer.com

SpywareHammer Malware Removal Forums => Completed Malware and Rootkit Removal Topics => Topic started by: mooseboy018 on February 11, 2015, 12:15:36 PM

Title: [Resolved] mrstub.exe potential threat?
Post by: mooseboy018 on February 11, 2015, 12:15:36 PM
I posted this in the general security forum, but I thought I should post it here too just to make sure nothing was actually wrong:

Opened up my D drive a few minutes ago, and I saw a random folder that I didn't create. The name was a bunch of random letters and numbers. Something basically like: 12navui3fnb5abs

I right clicked it, and it said the folder had been created a few minutes before I found it. I scanned just the folder with TrojanKiller and Malwarebytes, and they both said there were no threats detected.

I opened the folder and inside were two .exe files (before I opened it, it asked me for administrator permission). At least I think they were both .exe files. I obviously can't go back and check since the entire folder disappeared. The name of the applications were something like mrstub.exe. I'm not 100% sure about the names, but I know it started with an 'm' and ended with 'stub'. I right clicked them, and it said they were both created on January 29th, which I thought was odd considering the folder had supposedly been created just a few minutes before I saw it.

When I tried to delete the folder, it said I couldn't because it was active in another program. I closed the D drive and opened it up again, and the mysterious folder was gone but not in my recycle bin.

Even though there was no threat detected, the fact that this thing just showed up out of nowhere has me a little worried. Any idea what it was? I tried checking TrojanKiller and Malwarebytes logs, but I didn't see the name of the folder or files listed anywhere.


Based on what Hoov and others have said, it sounds like this is probably just a result of some sort of malware scanner creating a temporary folder. But if there's a chance that it's actually something bad, I want to catch it.





DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17631  BrowserJavaVersion: 11.31.2
Run by Zack at 13:11:22 on 2015-02-11
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3982.2166 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://go.microsoft.com
uDefault_Page_URL = about:blank
uDefault_Search_URL = hxxp://go.microsoft.com
mStart Page = about:blank
mSearch Page = hxxp://go.microsoft.com
mDefault_Page_URL = about:blank
mDefault_Search_URL = hxxp://go.microsoft.com
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 184.172.114.130,208.43.110.90
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{B8594177-8815-4E1B-9D1F-E4F340E512BE} : NameServer = 184.172.114.130,208.43.110.90
TCP: Interfaces\{B8594177-8815-4E1B-9D1F-E4F340E512BE} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{B8594177-8815-4E1B-9D1F-E4F340E512BE}\E45445745414256333 : NameServer = 184.172.114.130,208.43.110.90
TCP: Interfaces\{B8594177-8815-4E1B-9D1F-E4F340E512BE}\E45445745414256333 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B8594177-8815-4E1B-9D1F-E4F340E512BE}\E45445745414258393 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{F9205CE0-11F9-4E16-8724-AB577FD654D0} : NameServer = 184.172.114.130,208.43.110.90
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: WSIEChrome - <Clsid value has no data>
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-mSearch Page = hxxp://go.microsoft.com
x64-mDefault_Page_URL = about:blank
x64-mDefault_Search_URL = hxxp://go.microsoft.com
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Handler: WSIEChrome - <Clsid value has no data>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\r7v4bs9j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-11-18 203544]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-7-18 313624]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-10-5 124184]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-18 31512]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2012-10-5 647736]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2012-10-5 28216]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-4-20 20464]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-18 153368]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-12-8 260888]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-8-28 243480]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-10-10 274200]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-4-27 50976]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-19 77128]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-4-13 277120]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2015-1-6 3440080]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2015-1-6 309232]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-11-16 169432]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2015-1-30 2604344]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2012-5-7 17152]
R3 AsusVBus;AsusVBus;C:\Windows\System32\drivers\AsusVBus.sys [2012-7-13 35968]
R3 AsusVTouch;AsusVTouch;C:\Windows\System32\drivers\AsusVTouch.sys [2012-7-13 19104]
R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\drivers\AsusTP.sys [2012-7-13 49824]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-7-25 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-4-20 358896]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-4-20 795632]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\drivers\RtsBaStor.sys [2015-2-2 313048]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-10-11 939224]
R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;C:\Windows\System32\drivers\gtkdrv.sys [2015-2-9 17568]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2014-8-28 14112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-6-25 95928]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-2-18 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-2-10 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-2-6 203544]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2014-3-26 16152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-9-5 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-18 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-1 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-02-11 04:25:54   1424384   ----a-w-   C:\Windows\System32\WindowsCodecs.dll
2015-02-11 04:24:17   5554112   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2015-02-11 04:24:12   3972544   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2015-02-11 04:24:12   3917760   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2015-02-11 04:24:09   503808   ----a-w-   C:\Windows\System32\srcore.dll
2015-02-11 04:24:09   50176   ----a-w-   C:\Windows\System32\srclient.dll
2015-02-11 04:24:09   43008   ----a-w-   C:\Windows\SysWow64\srclient.dll
2015-02-11 04:24:09   296960   ----a-w-   C:\Windows\System32\rstrui.exe
2015-02-11 04:23:29   406528   ----a-w-   C:\Windows\System32\scesrv.dll
2015-02-11 04:23:29   308224   ----a-w-   C:\Windows\SysWow64\scesrv.dll
2015-02-11 04:23:27   3201536   ----a-w-   C:\Windows\System32\win32k.sys
2015-02-10 07:00:00   --------   d-----w-   C:\Users\Zack\AppData\Local\{FF2FE689-150A-4F40-A2C0-5225BDE83FEB}
2015-02-09 15:25:46   17568   ----a-w-   C:\Windows\System32\drivers\gtkdrv.sys
2015-02-06 06:36:44   --------   d-----w-   C:\ProgramData\Package Cache
2015-02-06 06:31:41   --------   d-----w-   C:\Users\Zack\AppData\Local\{54A153BE-D261-4920-8754-97F13B962C9D}
2015-02-05 07:42:04   5070512   ----a-w-   C:\Windows\SysWow64\FlashPlayerInstaller.exe
2015-02-05 00:22:54   --------   d-----w-   C:\Users\Zack\AppData\Local\{B9DF0BF3-8780-4CBE-B7B2-64842E33B986}
2015-02-04 23:58:32   --------   d-----w-   C:\Program Files\iPod
2015-02-04 23:58:31   --------   d-----w-   C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-04 23:58:31   --------   d-----w-   C:\Program Files\iTunes
2015-02-04 02:06:57   --------   d-----w-   C:\Users\Zack\AppData\Local\{7E595DD7-8396-4003-8AE1-9C46227D39D5}
2015-02-02 06:07:40   3209728   ----a-w-   C:\Windows\SysWow64\mf.dll
2015-02-02 06:07:39   4121600   ----a-w-   C:\Windows\System32\mf.dll
2015-02-02 05:58:43   3241984   ----a-w-   C:\Windows\System32\msi.dll
2015-02-02 05:58:43   2363904   ----a-w-   C:\Windows\SysWow64\msi.dll
2015-02-02 05:58:20   165888   ----a-w-   C:\Windows\System32\charmap.exe
2015-02-02 05:58:20   155136   ----a-w-   C:\Windows\SysWow64\charmap.exe
2015-02-02 05:58:10   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2015-02-02 05:58:10   2048   ----a-w-   C:\Windows\System32\tzres.dll
2015-02-02 05:57:05   346624   ----a-w-   C:\Windows\System32\WSManMigrationPlugin.dll
2015-02-02 05:57:05   310272   ----a-w-   C:\Windows\System32\WsmWmiPl.dll
2015-02-02 05:57:05   266240   ----a-w-   C:\Windows\System32\WSManHTTPConfig.exe
2015-02-02 05:57:05   248832   ----a-w-   C:\Windows\SysWow64\WSManMigrationPlugin.dll
2015-02-02 05:57:05   214016   ----a-w-   C:\Windows\SysWow64\WsmWmiPl.dll
2015-02-02 05:57:05   2020352   ----a-w-   C:\Windows\System32\WsmSvc.dll
2015-02-02 05:57:05   198656   ----a-w-   C:\Windows\SysWow64\WSManHTTPConfig.exe
2015-02-02 05:57:05   181248   ----a-w-   C:\Windows\System32\WsmAuto.dll
2015-02-02 05:57:05   145920   ----a-w-   C:\Windows\SysWow64\WsmAuto.dll
2015-02-02 05:57:05   1177088   ----a-w-   C:\Windows\SysWow64\WsmSvc.dll
2015-02-02 05:56:55   119296   ----a-w-   C:\Windows\System32\drivers\tdx.sys
2015-02-02 05:51:14   788696   ----a-w-   C:\Windows\System32\drivers\RtsPer.sys
2015-02-02 05:51:14   377560   ----a-w-   C:\Windows\System32\drivers\RtsUer.sys
2015-02-02 05:51:14   359128   ----a-w-   C:\Windows\System32\drivers\RtsPStor.sys
2015-02-02 05:51:14   313048   ----a-w-   C:\Windows\System32\drivers\RtsBaStor.sys
2015-02-02 05:51:14   294104   ----a-w-   C:\Windows\System32\drivers\RtsP2Stor.sys
2015-02-02 05:51:13   9890008   ----a-w-   C:\Windows\SysWow64\RsCRIcon.dll
2015-02-02 05:50:19   --------   d-----w-   C:\Intel
2015-01-29 18:23:27   --------   d-----w-   C:\Users\Zack\AppData\Local\Garmin
2015-01-29 18:23:16   --------   d-----w-   C:\Users\Zack\AppData\Roaming\Garmin
2015-01-29 18:22:11   --------   d-----w-   C:\ProgramData\Garmin
2015-01-28 19:10:14   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2015-01-28 19:10:14   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2015-01-28 19:10:14   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2015-01-28 19:10:14   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2015-01-28 19:10:14   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2015-01-23 07:21:40   --------   d-----w-   C:\Users\Zack\AppData\Local\{E5AE8C0A-7AED-444E-B589-B81B28C3D703}
2015-01-22 02:47:53   --------   d-----w-   C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-21 02:38:52   --------   d-----w-   C:\Users\Zack\AppData\Local\{C95C3FB4-13AC-4499-866F-1BE7E8C0B0A1}
2015-01-20 03:08:50   --------   d-----w-   C:\Users\Zack\AppData\Local\{F5CCD869-819E-4510-8FB6-FE7E74F2919C}
2015-01-13 20:50:02   210432   ----a-w-   C:\Windows\System32\profsvc.dll
2015-01-13 20:50:01   52224   ----a-w-   C:\Windows\SysWow64\nlaapi.dll
2015-01-13 20:50:01   303616   ----a-w-   C:\Windows\System32\nlasvc.dll
2015-01-13 20:50:01   156672   ----a-w-   C:\Windows\SysWow64\ncsi.dll
2015-01-13 20:50:01   141312   ----a-w-   C:\Windows\System32\drivers\mrxdav.sys
2015-01-13 20:49:56   87040   ----a-w-   C:\Windows\System32\TSWbPrxy.exe
.
==================== Find3M  ====================
.
2015-02-11 08:44:32   129752   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-02-05 07:42:08   71344   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 07:42:08   701616   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2015-02-02 06:15:17   16152   ----a-w-   C:\Windows\System32\drivers\SWDUMon.sys
2015-01-30 16:23:16   41784   ----a-w-   C:\Windows\System32\TURegOpt.exe
2015-01-30 16:22:58   44856   ----a-w-   C:\Windows\System32\uxtuneup.dll
2015-01-30 16:22:58   36664   ----a-w-   C:\Windows\SysWow64\uxtuneup.dll
2015-01-30 16:22:58   30520   ----a-w-   C:\Windows\System32\authuitu.dll
2015-01-30 16:22:58   25912   ----a-w-   C:\Windows\SysWow64\authuitu.dll
2015-01-26 21:25:55   98216   ----a-w-   C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-15 08:14:17   155072   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2015-01-15 08:14:16   95680   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2015-01-15 08:09:58   29184   ----a-w-   C:\Windows\System32\sspisrv.dll
2015-01-15 08:09:58   136192   ----a-w-   C:\Windows\System32\sspicli.dll
2015-01-15 08:09:57   28160   ----a-w-   C:\Windows\System32\secur32.dll
2015-01-15 08:09:51   1461760   ----a-w-   C:\Windows\System32\lsasrv.dll
2015-01-15 08:09:15   31232   ----a-w-   C:\Windows\System32\lsass.exe
2015-01-15 08:08:59   64000   ----a-w-   C:\Windows\System32\auditpol.exe
2015-01-15 08:06:22   60416   ----a-w-   C:\Windows\System32\msobjs.dll
2015-01-15 08:06:11   146432   ----a-w-   C:\Windows\System32\msaudite.dll
2015-01-15 08:04:23   686080   ----a-w-   C:\Windows\System32\adtschema.dll
2015-01-15 07:42:59   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2015-01-15 07:42:05   50176   ----a-w-   C:\Windows\SysWow64\auditpol.exe
2015-01-15 07:41:53   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
2015-01-15 07:39:53   60416   ----a-w-   C:\Windows\SysWow64\msobjs.dll
2015-01-15 07:39:36   146432   ----a-w-   C:\Windows\SysWow64\msaudite.dll
2015-01-15 07:37:55   686080   ----a-w-   C:\Windows\SysWow64\adtschema.dll
2015-01-15 04:22:18   458824   ----a-w-   C:\Windows\System32\drivers\cng.sys
2015-01-13 02:49:19   1230336   ----a-w-   C:\Windows\SysWow64\WindowsCodecs.dll
2015-01-12 03:05:32   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2015-01-12 03:05:19   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2015-01-12 02:49:42   66560   ----a-w-   C:\Windows\System32\iesetup.dll
2015-01-12 02:48:57   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2015-01-12 02:48:52   584192   ----a-w-   C:\Windows\System32\vbscript.dll
2015-01-12 02:47:25   88064   ----a-w-   C:\Windows\System32\MshtmlDac.dll
2015-01-12 02:34:42   144384   ----a-w-   C:\Windows\System32\ieUnatt.exe
2015-01-12 02:34:30   114688   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2015-01-12 02:33:52   814080   ----a-w-   C:\Windows\System32\jscript9diag.dll
2015-01-12 02:32:57   6041088   ----a-w-   C:\Windows\System32\jscript9.dll
2015-01-12 02:25:28   968704   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2015-01-12 02:21:19   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2015-01-12 02:13:27   77824   ----a-w-   C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-01-12 02:08:09   503296   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2015-01-12 02:07:51   62464   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2015-01-12 02:07:06   47616   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2015-01-12 02:05:36   64000   ----a-w-   C:\Windows\SysWow64\MshtmlDac.dll
2015-01-12 01:55:47   115712   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2015-01-12 01:55:00   620032   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2015-01-12 01:46:29   1359360   ----a-w-   C:\Windows\System32\mshtmlmedia.dll
2015-01-12 01:46:00   2125824   ----a-w-   C:\Windows\System32\inetcpl.cpl
2015-01-12 01:40:43   60416   ----a-w-   C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-01-12 01:29:46   4300800   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2015-01-12 01:27:32   2358272   ----a-w-   C:\Windows\System32\wininet.dll
2015-01-12 01:23:09   2052608   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2015-01-12 01:22:17   1155072   ----a-w-   C:\Windows\SysWow64\mshtmlmedia.dll
2015-01-12 01:00:17   1888256   ----a-w-   C:\Windows\SysWow64\wininet.dll
2015-01-10 06:48:22   210944   ----a-w-   C:\Windows\System32\wdigest.dll
2015-01-10 06:48:19   86528   ----a-w-   C:\Windows\System32\TSpkg.dll
2015-01-10 06:48:17   341504   ----a-w-   C:\Windows\System32\schannel.dll
2015-01-10 06:48:13   309760   ----a-w-   C:\Windows\System32\ncrypt.dll
2015-01-10 06:48:12   314880   ----a-w-   C:\Windows\System32\msv1_0.dll
2015-01-10 06:48:10   728064   ----a-w-   C:\Windows\System32\kerberos.dll
2015-01-10 06:48:05   22016   ----a-w-   C:\Windows\System32\credssp.dll
2015-01-10 06:27:54   172032   ----a-w-   C:\Windows\SysWow64\wdigest.dll
2015-01-10 06:27:51   65536   ----a-w-   C:\Windows\SysWow64\TSpkg.dll
2015-01-10 06:27:47   248832   ----a-w-   C:\Windows\SysWow64\schannel.dll
2015-01-10 06:27:44   221184   ----a-w-   C:\Windows\SysWow64\ncrypt.dll
2015-01-10 06:27:43   259584   ----a-w-   C:\Windows\SysWow64\msv1_0.dll
2015-01-10 06:27:39   550912   ----a-w-   C:\Windows\SysWow64\kerberos.dll
2015-01-10 06:27:32   17408   ----a-w-   C:\Windows\SysWow64\credssp.dll
2014-12-09 02:24:26   260888   ----a-w-   C:\Windows\System32\drivers\avgidsdrivera.sys
2014-11-21 11:14:22   63704   ----a-w-   C:\Windows\System32\drivers\mwac.sys
2014-11-21 11:14:12   93400   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 11:14:08   25816   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2014-11-19 02:42:04   203544   ----a-w-   C:\Windows\System32\drivers\avgidsha.sys
2014-11-18 19:56:48   1202848   ----a-w-   C:\Windows\SysWow64\FM20.DLL
.
============= FINISH: 13:14:09.04 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/27/2013 6:35:15 PM
System Uptime: 2/11/2015 12:48:43 PM (1 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | K55A
Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz | SOCKET 0 | 2401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 186 GiB total, 9.994 GiB free.
D: is FIXED (NTFS) - 254 GiB total, 26.866 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: HID-compliant mouse
Device ID: HID\ASUSVTOUCHDEV&COL02\2&22FC1D96&0&0001
Manufacturer: Microsoft
Name: HID-compliant mouse
PNP Device ID: HID\ASUSVTOUCHDEV&COL02\2&22FC1D96&0&0001
Service: mouhid
.
==== System Restore Points ===================
.
RP235: 2/11/2015 3:00:52 AM - Windows Update
.
==== Installed Programs ======================
.
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Reader XI (11.0.10)
Adobe Refresh Manager
Anodyne
AoA Audio Extractor
Apple Application Support (32-bit)
Apple Application Support (64-bit)
Apple Mobile Device Support
Apple Software Update
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS Smart Gesture
ASUS Splendid Video Enhancement Technology
ASUS USB Charger Plus
ATK Package
Audiosurf
AVG 2015
AVG PC TuneUp 2015
AVG PC TuneUp 2015 (en-US)
Bastion
Battle.net
BattleBlock Theater
Blackguards
Bonjour
Borderlands 2
Broken Age
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Child of Light
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
Corel PDF Fusion
Corel PDF Fusion - Creator
Corel PDF Fusion - ICA
Corel PDF Fusion - Program
Corel PDF Fusion - Setup
D3DX10
Darkest Dungeon
DivX Setup
Don't Starve
DriverUpdate
DuckTales Remastered
Dust: An Elysian Tail
Easy Phone Tunes
Evoland
FEZ
FINAL FANTASY VII
Free YouTube Download version 3.2.2.430
FTL: Faster Than Light
Galeria de Fotografias do Windows Live
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Garry's Mod
Google Chrome
Google Update Helper
Hearthstone
InstantOn for NB
Intel(R) Management Engine Components
Intel(R) OpenCL CPU Runtime
Intel(R) Processor Graphics
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
iTunes
Java 8 Update 31
Java Auto Updater
Junk Mail filter update
K-Lite Codec Pack 9.8.5 (64-bit)
Kingdom Rush
League of Legends
Malwarebytes Anti-Malware version 2.0.4.1028
Mesh Runtime
Microsoft .NET Framework 4.5.2
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Xbox 360 Accessories 1.2
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0 Refresh
Mozilla Firefox 35.0.1 (x86 en-US)
Mozilla Maintenance Service
MPC-HC 1.7.7 (64-bit)
MSVCRT
MSVCRT_amd64
myBitCast 1.0.0.4
OpenAL
Panda USB Vaccine 1.0.1.4
Pando Media Booster
Pokémon Trading Card Game Online
Qualcomm Atheros WiFi Driver Installation
QuickTime 7
Realtek Card Reader
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Reus
Rogue Legacy
RollerCoaster Tycoon: Deluxe
RPG Maker VX Ace
RPG MAKER VX Ace RTP
SceneSwitch
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596927) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2920795) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2956097) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2956098) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2920788) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2956099) 32-Bit Edition
Shared C Run-time for x64
Shelter
Shovel Knight
Sid Meier's Civilization V
Skype™ 6.20
Sony Picture Utility
Sony USB Driver
Spelunky
Star Wars: Knights of the Old Republic
Starbound
Steam
Super Amazing Wagon Adventure
Super Meat Boy
Terraria
The Banner Saga
The Binding of Isaac
The Sims(TM) 3
Torchlight II
Trojan Killer
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office PowerPoint 2007 (KB2597972) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Uplay
Valdis Story: Abyssal City
Valiant Hearts: The Great War™ / Soldats Inconnus : Mémoires de la Grande Guerre™
VC80CRTRedist - 8.0.50727.6195
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VLC media player 2.0.6
Warcraft III
Windows Driver Package - ASUS (ATP) Mouse  (07/08/2012 1.0.0.93)
Windows Live
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
WinRAR 4.20 (64-bit)
Wireless Console 3
Wondershare Video Editor(Build 4.8.0)
.
==== Event Viewer Messages From Past Week ========
.
2/8/2015 1:07:31 PM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
2/11/2015 4:58:51 AM, Error: Service Control Manager [7034]  - The Canon Camera Access Library 8 service terminated unexpectedly.  It has done this 1 time(s).
2/11/2015 4:00:26 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
2/11/2015 12:49:44 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  PxHelp20
2/11/2015 12:49:00 PM, Error: Application Popup [1060]  - \SystemRoot\SysWow64\Drivers\PxHelp20.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================
Title: Re: [In Progress] mrstub.exe potential threat?
Post by: Hoov on February 11, 2015, 04:28:13 PM
Because you have AVG on your computer I would like you to run a scan with a different scanner, just to make sure there is no problem.

[/b]To run the ESET online scanner click on esetsmartinstaller_enu.exe (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe) to download the ESET Smart Installer. Save it to your desktop.
Title: Re: [In Progress] mrstub.exe potential threat?
Post by: mooseboy018 on February 12, 2015, 03:48:37 PM
No threats were found.
Title: Re: [In Progress] mrstub.exe potential threat?
Post by: Hoov on February 12, 2015, 06:13:36 PM
Please follow these steps:

1.- Download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) by Xplode onto your Desktop.
2.- Download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
3.- Please download RogueKiller (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) and Save to the desktop.
Title: Re: [In Progress] mrstub.exe potential threat?
Post by: mooseboy018 on February 12, 2015, 10:06:39 PM
# AdwCleaner v4.110 - Logfile created 12/02/2015 at 23:00:58
# Updated 05/02/2015 by Xplode
# Database : 2015-02-12.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Zack - ZACK-PC
# Running from : C:\Users\Zack\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKCU\Software\DriverTuner_Init
Key Deleted : HKCU\Software\DriverTuner
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v35.0.1 (x86 en-US)


-\\ Google Chrome v40.0.2214.111

[C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1559 bytes] - [12/02/2015 22:57:42]
AdwCleaner[S0].txt - [1405 bytes] - [12/02/2015 23:00:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1464  bytes] ##########
Title: Re: [In Progress] mrstub.exe potential threat?
Post by: mooseboy018 on February 12, 2015, 10:13:01 PM
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional x64
Ran by Zack on Thu 02/12/2015 at 23:08:26.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Zack\appdata\local\{54A153BE-D261-4920-8754-97F13B962C9D}
Successfully deleted: [Empty Folder] C:\Users\Zack\appdata\local\{7D8AFD09-8486-472E-A341-8F73CAF96F12}
Successfully deleted: [Empty Folder] C:\Users\Zack\appdata\local\{7E595DD7-8396-4003-8AE1-9C46227D39D5}
Successfully deleted: [Empty Folder] C:\Users\Zack\appdata\local\{B0831BEB-0A2E-4738-A7F6-C2DEC5F00E5B}
Successfully deleted: [Empty Folder] C:\Users\Zack\appdata\local\{B9DF0BF3-8780-4CBE-B7B2-64842E33B986}
Successfully deleted: [Empty Folder] C:\Users\Zack\appdata\local\{C95C3FB4-13AC-4499-866F-1BE7E8C0B0A1}
Successfully deleted: [Empty Folder] C:\Users\Zack\appdata\local\{E5AE8C0A-7AED-444E-B589-B81B28C3D703}
Successfully deleted: [Empty Folder] C:\Users\Zack\appdata\local\{F5CCD869-819E-4510-8FB6-FE7E74F2919C}
Successfully deleted: [Empty Folder] C:\Users\Zack\appdata\local\{FAD95D15-3885-4F19-9C8E-FD5BB7520FBD}
Successfully deleted: [Empty Folder] C:\Users\Zack\appdata\local\{FF2FE689-150A-4F40-A2C0-5225BDE83FEB}



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Zack\appdata\local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/12/2015 at 23:11:30.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Title: Re: [In Progress] mrstub.exe potential threat?
Post by: mooseboy018 on February 12, 2015, 10:26:42 PM
RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Zack [Administrator]
Mode : Delete -- Date : 02/12/2015  23:23:08

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 19 ¤¤¤
[PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://go.microsoft.com  -> Not selected
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://go.microsoft.com  -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-913676279-1143746095-4277644156-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://go.microsoft.com  -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-913676279-1143746095-4277644156-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://go.microsoft.com  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | NameServer : 184.172.114.130,208.43.110.90 [(Unknown Country?) (XX)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | NameServer : 184.172.114.130,208.43.110.90 [(Unknown Country?) (XX)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | NameServer : 184.172.114.130,208.43.110.90 [(Unknown Country?) (XX)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B8594177-8815-4E1B-9D1F-E4F340E512BE} | NameServer : 184.172.114.130,208.43.110.90 [(Unknown Country?) (XX)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F9205CE0-11F9-4E16-8724-AB577FD654D0} | NameServer : 184.172.114.130,208.43.110.90 [(Unknown Country?) (XX)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B8594177-8815-4E1B-9D1F-E4F340E512BE} | NameServer : 184.172.114.130,208.43.110.90 [(Unknown Country?) (XX)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F9205CE0-11F9-4E16-8724-AB577FD654D0} | NameServer : 184.172.114.130,208.43.110.90 [(Unknown Country?) (XX)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B8594177-8815-4E1B-9D1F-E4F340E512BE} | NameServer : 184.172.114.130,208.43.110.90 [(Unknown Country?) (XX)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F9205CE0-11F9-4E16-8724-AB577FD654D0} | NameServer : 184.172.114.130,208.43.110.90 [(Unknown Country?) (XX)][UNITED STATES (US)]  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-913676279-1143746095-4277644156-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-913676279-1143746095-4277644156-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-913676279-1143746095-4277644156-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-913676279-1143746095-4277644156-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] 36c739f96f2db8795cba06bf95b84cdd
[BSP] 78dbbe245901969d52fcf797261aac99 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_02122015_231833.log
Title: Re: [In Progress] mrstub.exe potential threat?
Post by: Hoov on February 13, 2015, 02:28:47 PM
Do you know who softlayer.com is?
Title: Re: [In Progress] mrstub.exe potential threat?
Post by: mooseboy018 on February 13, 2015, 10:05:02 PM
No I don't. Why?
Title: Re: [In Progress] mrstub.exe potential threat?
Post by: Hoov on February 14, 2015, 10:26:40 AM
That is who your DNS entries are pointed to. Who is your ISP?
Title: Re: [In Progress] mrstub.exe potential threat?
Post by: mooseboy018 on February 14, 2015, 10:39:56 AM
AT&T
Title: Re: [In Progress] mrstub.exe potential threat?
Post by: Hoov on February 14, 2015, 11:05:17 AM
From what I can find out there may be some issues with AT&T's DNS servers. There is a way to get better DNS servers. There is a program from Google called Namebench (https://code.google.com/p/namebench/). If you run it, it will scan all the DNS servers it can find and tell you which ones are best for you. To actually change the settings there are instructions here (http://www.opennicproject.org/configure-your-dns/how-to-change-dns-servers-in-windows-7/) on  how to do it.

Other than that, there were a few small things on your system,
Title: Re: [In Progress] mrstub.exe potential threat?
Post by: mooseboy018 on February 14, 2015, 11:13:21 AM
So there are no huge threats though? I won't have a chance to do much with my computer today.
Title: Re: [In Progress] mrstub.exe potential threat?
Post by: Hoov on February 14, 2015, 11:19:18 AM
I will go thru the logs again this afternoon but your problems looked to be more irritating than large problems. Once you get the DNS issue resolved, if I don't find anything else, we can do a bit of house cleaning and call it done, unless you run into a problem.
Title: Re: [In Progress] mrstub.exe potential threat?
Post by: mooseboy018 on February 17, 2015, 12:39:30 AM
It will be a few days before I have a chance to really do much. Just letting you know. Thanks for the help so far. :t
Title: Re: [In Progress] mrstub.exe potential threat?
Post by: mooseboy018 on March 04, 2015, 03:53:32 PM
I adjusted my DNS settings. What other things did you think I should address?
Title: Re: [In Progress] mrstub.exe potential threat?
Post by: Hoov on March 04, 2015, 05:28:31 PM
How is your computer running?
Title: Re: [In Progress] mrstub.exe potential threat?
Post by: mooseboy018 on March 04, 2015, 08:27:22 PM
Good. I haven't noticed anything irregular. :t
Title: Re: [In Progress] mrstub.exe potential threat?
Post by: Hoov on March 05, 2015, 10:51:01 AM
Good, now  there are a few thing's you need to do to fully clean your system and keep it secure.

Run OTC
Download OTC (http://oldtimer.geekstogo.com/OTC.exe) to your desktop and run it
Click Yes to beginning the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Cleaning out Temporary Files etc. There are several different products that you can use for this. You can go thru the Internet Options in the windows Control Panel. There are several programs that also do the job better than windows does it, in my opinion. There is System Security Suite (http://www.igorshpak.net/software/3ssetup104.zip), EasyCleaner (http://personal.inet.fi/business/toniarts/ecleane.htm), Ccleaner (http://www.ccleaner.com). Also sometimes other program sometimes do it as well as what you originally got it for like ZoneAlarm Security Suite. Just make sure to keep them updated and use them regularly.

Disable and Enable System Restore.
I recommend you turn off System restore, and then turn it back on so that you will not be able to restore your problems to a clean computer.
For Vista use these instructions, Windows Vista Restore Guide (http://www.bleepingcomputer.com/tutorials/tutorial143.html)
For XP use these instructions, Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/index.php?showtutorial=56)
Reboot
Re-enable system restore with instructions from tutorial above
Create a System Restore Point
Go to all programs, then to accessories, then to system tools, then to system restore. Check the box for create restore point (not select a restore point), then click next and follow the instructions.

Make your Internet Explorer more secure - This can be done by following these simple instructions: (unless you are using ZoneAlarm Security Suite or something similar, then you would secure the browser thru the firewall). There are some good basic instructions for that here (http://www.us-cert.gov/reading_room/securing_browser/).

Use a different browser other than  IE (most exploits are pointed towards IE). One of them is
Firefox (http://www.mozilla.org/products/firefox/).
It is also worth trying Thunderbird (http://www.mozilla.org/products/thunderbird/) for controlling spam in your e-mail.

Always use an UPDATED anti-virus program Make sure you update this at least weekly, if not more often. This is one thing that may save you more than anything else.

Run malware scanners. Three free ones are Spybot Search and Destroy (http://www.safer-networking.org), and AdAware (http://www.lavasoftusa.com) and Malwarebytes' Anti-Malware (http://www.besttechie.net/mbam/mbam-setup.exe)

Always use a firewall.
Any firewall is better than none, and you should pick a firewall that you will use, as even the best firewall is worthless if you turn it off.
 
Learn how to use your firewall Only programs that need it should have access to the net. But these are specific to the firewall you use, so you will need to learn how. Several firewalls have support forums here. My page will help you with ZoneAlarm if that is what you choose. 


Never run two Antivirus programs or two Firewalls  at the same time. They can interfere with each other and cause problems. Some people swear that more protection is provided, but the reverse is true. They tend to argue amongst themselves and end up leaving holes. Now I have more than 1 AV installed on my computer, and I keep them up to date. I only run one at a time, but each program has weakness's, so I keep a backup in case my computer starts acting up.


 MOST IMPORTANT : Windows and IE, and whatever other software that you have that connects to the net, needs to be kept updated. The reason is, these programs connect to the net, and if there is an internal security problem, you have already told your firewall to allow the communication, and thus you will have allowed a hole. UPDATES are important. I suggest that you make sure that Windows Updates and the updates for your antivirus and antimalware programs are set for automatic updates. I also suggest running Secunia PSI (http://secunia.com/products/consumer/psi/sys_req/). Download version 2. It is not the download button, but just underneath it. It will monitor the software you have installed and let you know when something needs to be updated.

Don't ever use P2P or filesharing software Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple. File sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection. That is because the files you are downloading may actually contain a disguised threat. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.

Before using any malware detection / removal software Check with Rogue/Suspect Spyware List (http://www.spywarewarrior.com/rogue_anti-spyware.htm) That way you will know if the program you are looking at is on the up and up. If you want to know how it stacks up against other programs check out SpywareWarrior (http://www.spywarewarrior.com/asw-test-guide.htm)

We have a good guide here at Spyware Hammer (http://spywarehammer.com/simplemachinesforum/index.php?topic=398.0) on how to prevent Malware in the Future. You might want to peruse this and follow the recommendations in there.
PLEASE READ IT AND FOLLOW THE RECOMMENDATIONS TO PROTECT YOURSELF.

Let us know if you have any more problems, either new or old.
Have a good time surfing the net, but stay safe.
If you have no more problems, let me know and I will mark this as resolved. Or if you have more questions, ask away, that is why I am here.
Title: Re: [In Progress] mrstub.exe potential threat?
Post by: mooseboy018 on March 05, 2015, 07:01:18 PM
Nothing happens when I try to download OTC.
Title: Re: [In Progress] mrstub.exe potential threat?
Post by: Hoov on March 05, 2015, 07:23:21 PM
Not sure what happened to it. Instead of OTC try,

Run Delfix

This program will remove the tools used and its logs. If anything remains, you can delete manually delete them.
Please download Delfix (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix) and save it to your desktop.
Double click on Delfix.exe to run the tool and click on the Run button.
Title: Re: [In Progress] mrstub.exe potential threat?
Post by: mooseboy018 on March 08, 2015, 08:16:31 PM
Alright, I've gone through your suggestions. I think I'm all set. :t
Title: Re: [In Progress] mrstub.exe potential threat?
Post by: mooseboy018 on March 15, 2015, 07:34:54 PM
You can close this thread, unless there's anything else I should do.
Title: Re: [In Progress] mrstub.exe potential threat?
Post by: Hoov on March 15, 2015, 09:28:21 PM
Thanks.