Author Topic: [Inactive] NUM LOCK OFF + KEYBOARD STUCK ON ShIFT + NO NUMBERS + HIgHLIGHTS  (Read 3154 times)

Offline GOLDIEBLUEKAT

  • Bronze Member
  • Posts: 12
NUM LOCK OFF + KEYBOARD STUCK ON SHIFT + NO NUMBERS + HIGHLIGHTS EVERYTHING:

HAVE READ THROUGH LOTS OF WEBSITES AND A FEW SpECIFICALLY ON YOUR FORUMS

HaVE ALREADY RUN MICROSOFT SECURITY SCANNER THAT DETECTED SOME TROJANS
HAVE ALREADY RUN ANITMALWARE BYTES THAT DETECTED THIRTY NINE ITEMS
HAVE ALREADY DOWNLOADED SOME OF THE OTHER PROGRAMS YOU SUGGESTED OTHERS EXPERIENCING THE SAME PROBLEM< HAVN"T RUN THEM BECAUSE I READ ON THE SERIOUS CONSEQUENCES>

HERE IS THE DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:
Run by Pastor at 7:42:57 on 2015-02-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3891.1726 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\nacl64.exe
C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\nacl64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Pastor\Downloads\spywareblastersetup50.exe
C:\Users\Pastor\AppData\Local\Temp\is-S2NNL.tmp\spywareblastersetup50.tmp
C:\windows\system32\consent.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.coupons.com/
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
mStart Page = hxxp://search.coupons.com/
mWinlogon: Userinit = userinit.exe,
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
dRunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{6078A991-68B4-44E8-962F-2A5A9AF90138} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{7B68A721-53B1-4B78-9557-28613AEFEF6A} : NameServer = 0.0.0.0
TCP: Interfaces\{C03F025F-A6B3-4E16-A05D-FF0AF26357EB} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{C03F025F-A6B3-4E16-A05D-FF0AF26357EB}\C696E6B6379737 : DHCPNameServer = 24.248.137.30 68.105.28.11
TCP: Interfaces\{C03F025F-A6B3-4E16-A05D-FF0AF26357EB}\E4544574541425132333 : DHCPNameServer = 10.0.0.1
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files (x86)\Libronix DLS\System\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files (x86)\Libronix DLS\System\ResProt.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - <orphaned>
x64-Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2014-11-15 274696]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2010-9-9 482384]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-2-18 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-2-18 969016]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2014-11-15 124560]
R3 bpenum;bpenum;C:\windows\System32\drivers\bpenum.sys [2010-5-16 71168]
R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\windows\System32\drivers\bpmp.sys [2010-5-16 175104]
R3 bpusb;bpusb;C:\windows\System32\drivers\bpusb.sys [2010-5-16 81920]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-9-9 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-26 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2015-2-18 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2015-2-18 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2015-2-18 63704]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\drivers\NETw5s64.sys [2010-5-31 7689216]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-1-30 366512]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-9-9 331880]
R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-6-18 39832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S3 acpials;ALS Sensor Filter;C:\windows\System32\drivers\acpials.sys [2009-7-14 9728]
S3 BrSerIb;Brother Serial Interface Driver(WDM);C:\windows\System32\drivers\BrSerIb.sys [2013-4-30 95344]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\windows\System32\drivers\BrUsbSib.sys [2013-4-30 21872]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2013-4-18 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 HTCAND64;HTC Device Driver;C:\windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 HtcVCom32;HTC Diagnostic Port;C:\windows\System32\drivers\HtcVComV64.sys [2010-3-8 121800]
S3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2010-5-18 164464]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2015-2-16 19456]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2015-2-16 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2014-8-15 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-12-8 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;C:\windows\System32\drivers\CT_ZTEMT_U_USBSER.sys [2012-12-7 120704]
S4 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-4-30 282112]
S4 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]
S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-7-28 267192]
S4 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-9 2320920]
S4 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-02-22 08:03:03   75888   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{84DEFC2C-EFCC-48EA-BC48-C718ABCBEDDD}\offreg.dll
2015-02-22 08:01:22   11910896   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{84DEFC2C-EFCC-48EA-BC48-C718ABCBEDDD}\mpengine.dll
2015-02-21 19:24:05   1188440   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-02-21 19:24:04   1188440   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CE870ABB-74A5-47D1-B73D-8BAECEEBB04B}\gapaengine.dll
2015-02-21 19:23:32   11910896   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-02-18 19:24:25   --------   d-----w-   C:\ProgramData\Licenses
2015-02-18 19:24:18   --------   d-----w-   C:\Program Files (x86)\SpywareBlaster
2015-02-18 17:43:34   129752   ----a-w-   C:\windows\System32\drivers\MBAMSwissArmy.sys
2015-02-18 17:40:55   93400   ----a-w-   C:\windows\System32\drivers\mbamchameleon.sys
2015-02-18 17:40:55   63704   ----a-w-   C:\windows\System32\drivers\mwac.sys
2015-02-18 17:40:55   25816   ----a-w-   C:\windows\System32\drivers\mbam.sys
2015-02-18 17:40:54   --------   d-----w-   C:\ProgramData\Malwarebytes
2015-02-18 17:40:54   --------   d-----w-   C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-18 09:03:54   465920   ----a-w-   C:\windows\System32\WMPhoto.dll
2015-02-18 09:03:54   417792   ----a-w-   C:\windows\SysWow64\WMPhoto.dll
2015-02-18 09:03:53   2565120   ----a-w-   C:\windows\System32\d3d10warp.dll
2015-02-18 09:03:53   1987584   ----a-w-   C:\windows\SysWow64\d3d10warp.dll
2015-02-18 09:03:44   3928064   ----a-w-   C:\windows\System32\d2d1.dll
2015-02-18 09:03:44   3419136   ----a-w-   C:\windows\SysWow64\d2d1.dll
2015-02-18 09:03:35   87040   ----a-w-   C:\windows\System32\TSWbPrxy.exe
2015-02-18 09:00:36   2777088   ----a-w-   C:\windows\System32\msmpeg2vdec.dll
2015-02-18 09:00:36   2285056   ----a-w-   C:\windows\SysWow64\msmpeg2vdec.dll
2015-02-17 13:53:56   3179520   ----a-w-   C:\windows\System32\rdpcorets.dll
2015-02-17 13:53:56   16384   ----a-w-   C:\windows\System32\RdpGroupPolicyExtension.dll
2015-02-17 13:53:48   5703168   ----a-w-   C:\windows\SysWow64\mstscax.dll
2015-02-17 13:53:45   6584320   ----a-w-   C:\windows\System32\mstscax.dll
2015-02-16 17:46:15   1424384   ----a-w-   C:\windows\System32\WindowsCodecs.dll
2015-02-16 17:46:14   1230336   ----a-w-   C:\windows\SysWow64\WindowsCodecs.dll
2015-02-16 17:30:52   19456   ----a-w-   C:\windows\System32\drivers\rdpvideominiport.sys
2015-02-16 17:30:49   243200   ----a-w-   C:\windows\System32\rdpudd.dll
2015-02-16 17:30:49   192000   ----a-w-   C:\windows\SysWow64\rdpendp_winip.dll
2015-02-16 17:30:48   228864   ----a-w-   C:\windows\System32\rdpendp_winip.dll
2015-02-16 17:25:33   950272   ----a-w-   C:\windows\System32\perftrack.dll
2015-02-16 17:25:33   91136   ----a-w-   C:\windows\System32\wdi.dll
2015-02-16 17:25:33   76800   ----a-w-   C:\windows\SysWow64\wdi.dll
2015-02-16 17:25:33   29696   ----a-w-   C:\windows\System32\powertracker.dll
2015-02-16 17:14:17   --------   d-----w-   C:\Users\Pastor\AppData\Local\ElevatedDiagnostics
2015-02-14 22:13:46   1188440   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F58A6A5D-43FD-4B4C-9931-803E692B14E1}\gapaengine.dll
2015-02-14 22:01:47   --------   d-----w-   C:\Program Files (x86)\Microsoft Security Client
2015-02-14 22:01:28   --------   d-----w-   C:\Program Files\Microsoft Security Client
2015-02-13 15:36:28   11870360   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{81EE9C02-9152-4CEA-A40F-C370257FEC39}\mpengine.dll
2015-02-11 02:33:37   229376   ----a-w-   C:\windows\System32\wintrust.dll
2015-02-11 02:33:37   187904   ----a-w-   C:\windows\System32\cryptsvc.dll
2015-02-11 02:33:37   179200   ----a-w-   C:\windows\SysWow64\wintrust.dll
2015-02-11 02:33:37   1480192   ----a-w-   C:\windows\System32\crypt32.dll
2015-02-11 02:33:37   143872   ----a-w-   C:\windows\SysWow64\cryptsvc.dll
2015-02-11 02:33:37   1174528   ----a-w-   C:\windows\SysWow64\crypt32.dll
2015-02-11 02:32:31   861696   ----a-w-   C:\windows\System32\oleaut32.dll
2015-02-11 02:32:31   571904   ----a-w-   C:\windows\SysWow64\oleaut32.dll
2015-02-11 02:32:30   406528   ----a-w-   C:\windows\System32\scesrv.dll
2015-02-11 02:32:30   308224   ----a-w-   C:\windows\SysWow64\scesrv.dll
2015-02-11 02:32:13   5554112   ----a-w-   C:\windows\System32\ntoskrnl.exe
2015-02-11 02:32:12   503808   ----a-w-   C:\windows\System32\srcore.dll
2015-02-11 02:32:12   50176   ----a-w-   C:\windows\System32\srclient.dll
2015-02-11 02:32:12   43008   ----a-w-   C:\windows\SysWow64\srclient.dll
2015-02-11 02:32:12   3972544   ----a-w-   C:\windows\SysWow64\ntkrnlpa.exe
2015-02-11 02:32:12   3917760   ----a-w-   C:\windows\SysWow64\ntoskrnl.exe
2015-02-11 02:32:12   296960   ----a-w-   C:\windows\System32\rstrui.exe
2015-02-11 02:31:54   3201536   ----a-w-   C:\windows\System32\win32k.sys
.
==================== Find3M  ====================
.
2015-02-04 03:16:29   609280   ----a-w-   C:\windows\System32\generaltel.dll
2015-02-04 03:16:20   762368   ----a-w-   C:\windows\System32\invagent.dll
2015-02-04 03:16:16   414720   ----a-w-   C:\windows\System32\devinv.dll
2015-02-04 03:16:14   894976   ----a-w-   C:\windows\System32\appraiser.dll
2015-02-04 03:16:13   227328   ----a-w-   C:\windows\System32\aepdu.dll
2015-02-04 03:16:13   192000   ----a-w-   C:\windows\System32\aepic.dll
2015-02-04 03:13:28   1098752   ----a-w-   C:\windows\System32\aeinv.dll
2015-01-27 23:36:21   1239720   ----a-w-   C:\windows\System32\aitstatic.exe
2015-01-15 08:14:17   155072   ----a-w-   C:\windows\System32\drivers\ksecpkg.sys
2015-01-15 08:14:16   95680   ----a-w-   C:\windows\System32\drivers\ksecdd.sys
2015-01-15 08:09:58   29184   ----a-w-   C:\windows\System32\sspisrv.dll
2015-01-15 08:09:58   136192   ----a-w-   C:\windows\System32\sspicli.dll
2015-01-15 08:09:57   28160   ----a-w-   C:\windows\System32\secur32.dll
2015-01-15 08:09:51   1461760   ----a-w-   C:\windows\System32\lsasrv.dll
2015-01-15 08:09:15   31232   ----a-w-   C:\windows\System32\lsass.exe
2015-01-15 08:08:59   64000   ----a-w-   C:\windows\System32\auditpol.exe
2015-01-15 08:06:22   60416   ----a-w-   C:\windows\System32\msobjs.dll
2015-01-15 08:06:11   146432   ----a-w-   C:\windows\System32\msaudite.dll
2015-01-15 08:04:23   686080   ----a-w-   C:\windows\System32\adtschema.dll
2015-01-15 07:42:59   22016   ----a-w-   C:\windows\SysWow64\secur32.dll
2015-01-15 07:42:05   50176   ----a-w-   C:\windows\SysWow64\auditpol.exe
2015-01-15 07:41:53   96768   ----a-w-   C:\windows\SysWow64\sspicli.dll
2015-01-15 07:39:53   60416   ----a-w-   C:\windows\SysWow64\msobjs.dll
2015-01-15 07:39:36   146432   ----a-w-   C:\windows\SysWow64\msaudite.dll
2015-01-15 07:37:55   686080   ----a-w-   C:\windows\SysWow64\adtschema.dll
2015-01-15 04:22:18   458824   ----a-w-   C:\windows\System32\drivers\cng.sys
2015-01-08 15:55:52   298120   ------w-   C:\windows\System32\MpSigStub.exe
2015-01-02 15:29:22   175616   ----a-w-   C:\windows\System32\msclmd.dll
2015-01-02 15:29:22   152576   ----a-w-   C:\windows\SysWow64\msclmd.dll
2014-12-19 03:06:55   210432   ----a-w-   C:\windows\System32\profsvc.dll
2014-12-19 01:46:45   141312   ----a-w-   C:\windows\System32\drivers\mrxdav.sys
2014-12-06 04:17:27   303616   ----a-w-   C:\windows\System32\nlasvc.dll
2014-12-06 03:50:19   52224   ----a-w-   C:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50:18   156672   ----a-w-   C:\windows\SysWow64\ncsi.dll
.
============= FINISH:  7:43:31.12 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/7/2010 4:06:01 PM
System Uptime: 2/18/2015 1:09:44 PM (90 hours ago)
.
Motherboard: TOSHIBA |  | NWQAA
Processor: Intel(R) Core(TM) i3 CPU       M 370  @ 2.40GHz | CPU | 2399/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 337.693 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Photosmart eStn C510 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer:
Name: Photosmart eStn C510 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP612: 2/18/2015 3:00:11 AM - Windows Update
RP613: 2/18/2015 10:14:09 AM - Removed Microsoft SQL Server 2005 Compact Edition [ENU]
RP614: 2/18/2015 10:23:07 AM - Windows Modules Installer
RP615: 2/18/2015 10:23:25 AM - Windows Modules Installer
RP616: 2/18/2015 11:20:44 AM - Windows Update
RP617: 2/21/2015 1:23:06 PM - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.3
Apple Software Update
Batch Update
Best Buy pc app
Bible Data Type System Files
Bonjour
Brother MFL-Pro Suite MFC-J6720DW
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MX340 series MP Drivers
Cisco Connect
Common System Files
D3DX10
Google Chrome
Google Update Helper
Graphical Query Editor
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Rapid Storage Technology
Intel® PROSet/Wireless WiMAX Software
Intel® Wireless Display
Java Auto Updater
Java(TM) 6 Update 20
JMicron Flash Media Controller Driver
Junk Mail filter update
Libronix Digital Library System
Libronix DLS Application
Libronix DLS Shortcuts
LibronixUpdate
LLS Resource Driver
Malwarebytes Anti-Malware version 2.0.4.1028
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4.5.2
Microsoft Application Error Reporting
Microsoft Office File Validation Add-In
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Nuance PDF Viewer Plus
OEB Resource Driver
PaperPort Image Printer 64-bit
Paradox Runtime
PDF Resource Driver
PlayReady PC Runtime amd64
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Scansoft PDF Professional
Sentence Diagramming
SpywareBlaster 5.0
Synaptics Pointing Device Driver
TOSHIBA eco Utility
TOSHIBA Hardware Setup
TOSHIBA Sleep Utility
Utility Common Driver
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
2/21/2015 8:04:18 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 113.69.0.0     Update Source: Microsoft Malware Protection Center     Update Stage: Search     Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=2.1.11005.0&sig=113.69.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094     Signature Type: Network Inspection System     Update Type: Full     User: NT AUTHORITY\NETWORK SERVICE     Current Engine Version:      Previous Engine Version: 2.1.11005.0     Error code: 0x80072ee7     Error description: The server name or address could not be resolved
2/21/2015 8:04:13 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.193.301.0     Update Source: Microsoft Malware Protection Center     Update Stage: Search     Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.11400.0&avdelta=1.193.301.0&asdelta=1.193.301.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\NETWORK SERVICE     Current Engine Version:      Previous Engine Version: 1.1.11400.0     Error code: 0x80072ee7     Error description: The server name or address could not be resolved
2/21/2015 8:04:13 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.193.301.0     Update Source: Microsoft Malware Protection Center     Update Stage: Search     Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.11400.0&avdelta=1.193.301.0&asdelta=1.193.301.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094     Signature Type: AntiSpyware     Update Type: Full     User: NT AUTHORITY\NETWORK SERVICE     Current Engine Version:      Previous Engine Version: 1.1.11400.0     Error code: 0x80072ee7     Error description: The server name or address could not be resolved
2/21/2015 8:04:08 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.193.301.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.11400.0     Error code: 0x8024402c     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/21/2015 7:34:19 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 113.69.0.0     Update Source: Microsoft Malware Protection Center     Update Stage: Search     Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=2.1.11005.0&sig=113.69.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094     Signature Type: Network Inspection System     Update Type: Full     User: NT AUTHORITY\NETWORK SERVICE     Current Engine Version:      Previous Engine Version: 2.1.11005.0     Error code: 0x80072ee7     Error description: The server name or address could not be resolved
2/21/2015 7:34:14 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.193.301.0     Update Source: Microsoft Malware Protection Center     Update Stage: Search     Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.11400.0&avdelta=1.193.301.0&asdelta=1.193.301.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\NETWORK SERVICE     Current Engine Version:      Previous Engine Version: 1.1.11400.0     Error code: 0x80072ee7     Error description: The server name or address could not be resolved
2/21/2015 7:34:14 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.193.301.0     Update Source: Microsoft Malware Protection Center     Update Stage: Search     Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.11400.0&avdelta=1.193.301.0&asdelta=1.193.301.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094     Signature Type: AntiSpyware     Update Type: Full     User: NT AUTHORITY\NETWORK SERVICE     Current Engine Version:      Previous Engine Version: 1.1.11400.0     Error code: 0x80072ee7     Error description: The server name or address could not be resolved
2/21/2015 7:34:09 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.193.301.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.11400.0     Error code: 0x8024402c     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/20/2015 1:20:54 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 113.69.0.0     Update Source: Microsoft Malware Protection Center     Update Stage: Search     Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=2.1.11005.0&sig=113.69.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094     Signature Type: Network Inspection System     Update Type: Full     User: NT AUTHORITY\NETWORK SERVICE     Current Engine Version:      Previous Engine Version: 2.1.11005.0     Error code: 0x80072ee7     Error description: The server name or address could not be resolved
2/20/2015 1:20:49 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.193.301.0     Update Source: Microsoft Malware Protection Center     Update Stage: Search     Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.11400.0&avdelta=1.193.301.0&asdelta=1.193.301.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\NETWORK SERVICE     Current Engine Version:      Previous Engine Version: 1.1.11400.0     Error code: 0x80072ee7     Error description: The server name or address could not be resolved
2/20/2015 1:20:49 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.193.301.0     Update Source: Microsoft Malware Protection Center     Update Stage: Search     Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.11400.0&avdelta=1.193.301.0&asdelta=1.193.301.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094     Signature Type: AntiSpyware     Update Type: Full     User: NT AUTHORITY\NETWORK SERVICE     Current Engine Version:      Previous Engine Version: 1.1.11400.0     Error code: 0x80072ee7     Error description: The server name or address could not be resolved
2/20/2015 1:20:44 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.193.301.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.11400.0     Error code: 0x8024402c     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/18/2015 3:03:01 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070308: Update for Windows 7 for x64-based Systems (KB2978092).
2/18/2015 3:03:01 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070308: Update for Windows 7 for x64-based Systems (KB2913152).
2/18/2015 3:01:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070308: Update for Windows 7 for x64-based Systems (KB2923545).
2/18/2015 3:01:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070308: Security Update for Windows 7 for x64-based Systems (KB2965788).
2/18/2015 3:01:24 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070308: Security Update for Windows 7 for x64-based Systems (KB2984981).
2/18/2015 3:01:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070308: Security Update for Windows 7 for x64-based Systems (KB3020388).
2/18/2015 3:01:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070308: Security Update for Windows 7 for x64-based Systems (KB2912390).
2/18/2015 2:20:22 AM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
2/18/2015 10:40:51 AM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureCommand with the following error:  Access is denied.
2/18/2015 10:40:49 AM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for Start with the following error:  Access is denied.
2/15/2015 5:19:09 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
2/15/2015 5:15:42 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
2/15/2015 5:15:07 PM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
2/15/2015 5:13:25 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/15/2015 5:13:25 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
2/15/2015 5:13:25 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
2/15/2015 5:13:24 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/15/2015 5:13:24 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/15/2015 5:13:12 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/15/2015 5:13:07 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
2/15/2015 5:13:03 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: On Access     Error Code: 0x8007043c     Error description: This service cannot be started in Safe Mode      Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
2/15/2015 5:13:02 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
2/15/2015 5:13:02 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
2/15/2015 5:13:02 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
2/15/2015 5:13:02 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
2/15/2015 5:13:02 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
2/15/2015 5:13:02 PM, Error: Service Control Manager [7001]  - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
2/15/2015 5:13:02 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
2/15/2015 5:13:01 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
2/15/2015 5:13:01 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
2/15/2015 5:13:01 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
2/15/2015 5:13:01 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
.
==== End Of File ===========================
« Last Edit: February 22, 2015, 11:46:28 AM by Hoov »

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27138
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Rootk will be assisting you with your problem, please await his first post.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline GOLDIEBLUEKAT

  • Bronze Member
  • Posts: 12

Offline Rootk

  • Malware Removal Staff
  • Silver Member
  • Posts: 878
  • ...
Please do the following:

Download Farbar Recovery Scan Tool and save it to your desktop. http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Offline GOLDIEBLUEKAT

  • Bronze Member
  • Posts: 12
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2015
Ran by Pastor (administrator) on PASTOR-PC on 23-02-2015 16:42:07
Running from C:\Users\Pastor\Downloads
Loaded Profiles: Pastor (Available profiles: Pastor)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1623423162-1612560618-3580028150-1001\...\MountPoints2: {42d0e245-3fee-11e2-b993-88ae1d546ed0} - E:\Setup.exe /Auto
HKU\S-1-5-21-1623423162-1612560618-3580028150-1001\...\MountPoints2: {4572657a-a7df-11e4-a140-88ae1d546ed0} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1623423162-1612560618-3580028150-1001\...\MountPoints2: {a260ec00-6a84-11e4-aa00-88ae1d546ed0} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1623423162-1612560618-3580028150-1001\...\MountPoints2: {c7c6ab7b-fbab-11e3-9756-88ae1d546ed0} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1623423162-1612560618-3580028150-1001\...\MountPoints2: {d6b6d20b-4a3e-11e0-abd8-88ae1d546ed0} - E:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2015-01-02] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-1623423162-1612560618-3580028150-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-1623423162-1612560618-3580028150-1001] => Internet Explorer proxy is enabled.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1623423162-1612560618-3580028150-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
HKU\S-1-5-21-1623423162-1612560618-3580028150-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig?brand=TSND&bmod=TSND
HKU\S-1-5-21-1623423162-1612560618-3580028150-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/
SearchScopes: HKLM -> DefaultScope {7D997369-4AF4-4AF0-9FA9-AFEAB3615B8C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
SearchScopes: HKLM -> {7D997369-4AF4-4AF0-9FA9-AFEAB3615B8C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
SearchScopes: HKLM-x32 -> DefaultScope {16CB1FAC-6224-4162-83AB-8A19C2A0493E} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {16CB1FAC-6224-4162-83AB-8A19C2A0493E} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
SearchScopes: HKU\S-1-5-21-1623423162-1612560618-3580028150-1001 -> DefaultScope {16CB1FAC-6224-4162-83AB-8A19C2A0493E} URL = http://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1623423162-1612560618-3580028150-1001 -> 1EFED2407F1D422BB50FF1168CA00D0A URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND_enUS409US410
SearchScopes: HKU\S-1-5-21-1623423162-1612560618-3580028150-1001 -> {16CB1FAC-6224-4162-83AB-8A19C2A0493E} URL = http://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1623423162-1612560618-3580028150-1001 -> {29688A0C-576A-4862-96E1-5993A78FAF96} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
SearchScopes: HKU\S-1-5-21-1623423162-1612560618-3580028150-1001 -> {7D997369-4AF4-4AF0-9FA9-AFEAB3615B8C} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1623423162-1612560618-3580028150-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1623423162-1612560618-3580028150-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
Handler-x32: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files (x86)\Libronix DLS\System\FileProt.dll (Libronix Corporation)
Handler-x32: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files (x86)\Libronix DLS\System\ResProt.dll (Libronix Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{7B68A721-53B1-4B78-9557-28613AEFEF6A}: [NameServer] 0.0.0.0

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-03]
CHR Extension: (Google Docs) - C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-03]
CHR Extension: (No Name) - C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-03]
CHR Extension: (YouTube) - C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-03]
CHR Extension: (No Name) - C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-03]
CHR Extension: (Google Play Music) - C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-01-04]
CHR Extension: (No Name) - C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-03]
CHR Extension: (No Name) - C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-03]
CHR Extension: (Gmail) - C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
S4 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-06-07] (Red Bend Ltd.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S4 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-06-07] (Intel(R) Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Apple Inc.) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S3 ztemtusbser; C:\Windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys [120704 2010-11-04] (ZTEMT Incorporated)
S3 connctfy; system32\DRIVERS\connctfy.sys [X]
S3 connctfyMP; system32\DRIVERS\connctfy.sys [X]
U2 wuaserv; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 16:42 - 2015-02-23 16:42 - 00014435 _____ () C:\Users\Pastor\Downloads\FRST.txt
2015-02-23 16:41 - 2015-02-23 16:42 - 00000000 ____D () C:\FRST
2015-02-23 16:36 - 2015-02-23 16:36 - 02087424 _____ (Farbar) C:\Users\Pastor\Desktop\FRST64.exe
2015-02-18 13:24 - 2015-02-18 13:24 - 00001094 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-02-18 13:24 - 2015-02-18 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-02-18 13:24 - 2015-02-18 13:24 - 00000000 ____D () C:\ProgramData\Licenses
2015-02-18 13:24 - 2015-02-18 13:24 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2015-02-18 13:23 - 2015-02-18 13:23 - 04095448 _____ (BrightFort LLC ) C:\Users\Pastor\Downloads\spywareblastersetup50.exe
2015-02-18 13:11 - 2015-02-22 07:44 - 00018596 _____ () C:\Users\Pastor\Desktop\dds.txt
2015-02-18 13:11 - 2015-02-22 07:43 - 00020794 _____ () C:\Users\Pastor\Desktop\attach.txt
2015-02-18 13:10 - 2015-02-18 13:10 - 00688992 ____R (Swearware) C:\Users\Pastor\Downloads\dds.com
2015-02-18 13:08 - 2015-02-18 13:08 - 00000000 ____D () C:\Users\Pastor\Documents\INDIA TRIP
2015-02-18 13:05 - 2015-02-18 13:06 - 00688992 _____ (Swearware) C:\Users\Pastor\Desktop\dds.com
2015-02-18 12:46 - 2015-02-18 12:46 - 05611903 _____ (Swearware) C:\Users\Pastor\Desktop\ComboFix.exe
2015-02-18 11:43 - 2015-02-23 16:31 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-18 11:41 - 2015-02-18 11:41 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-18 11:41 - 2015-02-18 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-18 11:40 - 2015-02-18 11:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-18 11:40 - 2015-02-18 11:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Pastor\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-18 11:40 - 2015-02-18 11:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-18 11:40 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-18 11:40 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-18 11:40 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-02-18 03:03 - 2014-12-11 11:47 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-02-18 03:03 - 2014-06-23 21:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2015-02-18 03:03 - 2014-06-23 20:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2015-02-18 03:03 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2015-02-18 03:03 - 2013-11-23 12:26 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2015-02-18 03:03 - 2013-11-23 11:47 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-02-18 03:03 - 2013-11-22 16:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2015-02-18 03:00 - 2014-06-26 20:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2015-02-18 03:00 - 2014-06-26 19:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2015-02-17 07:53 - 2014-09-04 20:11 - 06584320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-02-17 07:53 - 2014-09-04 19:52 - 05703168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-02-17 07:53 - 2014-08-28 20:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-02-17 07:53 - 2014-05-08 03:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2015-02-16 11:46 - 2015-01-12 21:10 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-16 11:46 - 2015-01-12 20:49 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-02-16 11:32 - 2013-10-01 20:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2015-02-16 11:32 - 2013-10-01 20:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-02-16 11:32 - 2013-10-01 20:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-02-16 11:32 - 2013-10-01 19:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2015-02-16 11:32 - 2013-10-01 19:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2015-02-16 11:32 - 2013-10-01 19:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-02-16 11:32 - 2013-10-01 19:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2015-02-16 11:32 - 2013-10-01 18:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2015-02-16 11:32 - 2013-10-01 18:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2015-02-16 11:32 - 2013-10-01 18:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2015-02-16 11:32 - 2013-10-01 18:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2015-02-16 11:32 - 2013-10-01 17:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2015-02-16 11:32 - 2013-10-01 17:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2015-02-16 11:32 - 2013-10-01 17:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2015-02-16 11:32 - 2013-10-01 16:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2015-02-16 11:30 - 2012-08-23 08:13 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2015-02-16 11:30 - 2012-08-23 08:10 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2015-02-16 11:30 - 2012-08-23 05:12 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll
2015-02-16 11:30 - 2012-08-23 04:51 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2015-02-16 11:26 - 2013-09-24 20:23 - 01030144 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2015-02-16 11:26 - 2013-09-24 19:57 - 00792576 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2015-02-16 11:26 - 2013-01-13 15:17 - 00009728 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-02-16 11:26 - 2013-01-13 15:17 - 00002560 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-02-16 11:26 - 2013-01-13 15:16 - 00010752 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-02-16 11:26 - 2013-01-13 15:12 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-02-16 11:26 - 2013-01-13 15:11 - 00005632 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-02-16 11:26 - 2013-01-13 15:11 - 00005632 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-02-16 11:26 - 2013-01-13 15:11 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-02-16 11:26 - 2013-01-13 15:11 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2015-02-16 11:26 - 2013-01-13 15:11 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-02-16 11:26 - 2013-01-13 14:35 - 00010752 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-02-16 11:26 - 2013-01-13 14:35 - 00009728 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-02-16 11:26 - 2013-01-13 14:35 - 00002560 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-02-16 11:26 - 2013-01-13 14:32 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-02-16 11:26 - 2013-01-13 14:31 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-02-16 11:26 - 2013-01-13 14:31 - 00005632 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-02-16 11:26 - 2013-01-13 14:31 - 00005632 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-02-16 11:26 - 2013-01-13 14:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-02-16 11:26 - 2013-01-13 14:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-02-16 11:26 - 2013-01-13 14:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-02-16 11:26 - 2013-01-13 14:20 - 00293376 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxgi.dll
2015-02-16 11:26 - 2013-01-13 14:09 - 00249856 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10_1core.dll
2015-02-16 11:26 - 2013-01-13 14:08 - 01504768 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll
2015-02-16 11:26 - 2013-01-13 14:08 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10core.dll
2015-02-16 11:26 - 2013-01-13 13:59 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-02-16 11:26 - 2013-01-13 13:58 - 01175552 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-02-16 11:26 - 2013-01-13 13:54 - 00604160 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10level9.dll
2015-02-16 11:26 - 2013-01-13 13:53 - 00207872 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecsExt.dll
2015-02-16 11:26 - 2013-01-13 13:53 - 00187392 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAnimation.dll
2015-02-16 11:26 - 2013-01-13 13:49 - 00363008 _____ (Microsoft Corporation) C:\windows\system32\dxgi.dll
2015-02-16 11:26 - 2013-01-13 13:48 - 00161792 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10_1.dll
2015-02-16 11:26 - 2013-01-13 13:46 - 01080832 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10.dll
2015-02-16 11:26 - 2013-01-13 13:38 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll
2015-02-16 11:26 - 2013-01-13 13:38 - 00333312 _____ (Microsoft Corporation) C:\windows\system32\d3d10_1core.dll
2015-02-16 11:26 - 2013-01-13 13:38 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\d3d10core.dll
2015-02-16 11:26 - 2013-01-13 13:25 - 00245248 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecsExt.dll
2015-02-16 11:26 - 2013-01-13 13:24 - 00648192 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll
2015-02-16 11:26 - 2013-01-13 13:24 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\UIAnimation.dll
2015-02-16 11:26 - 2013-01-13 13:20 - 01238528 _____ (Microsoft Corporation) C:\windows\system32\d3d10.dll
2015-02-16 11:26 - 2013-01-13 13:20 - 00194560 _____ (Microsoft Corporation) C:\windows\system32\d3d10_1.dll
2015-02-16 11:26 - 2013-01-13 12:34 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2015-02-16 11:26 - 2013-01-13 12:09 - 00522752 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2015-02-16 11:26 - 2013-01-13 11:26 - 01158144 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsPrint.dll
2015-02-16 11:26 - 2013-01-13 11:05 - 01682432 _____ (Microsoft Corporation) C:\windows\system32\XpsPrint.dll
2015-02-16 11:25 - 2015-01-08 21:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-16 11:25 - 2015-01-08 21:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-02-16 11:25 - 2015-01-08 21:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-02-16 11:25 - 2015-01-08 20:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-02-14 19:53 - 2015-02-18 12:01 - 00001120 _____ () C:\windows\setupact.log
2015-02-14 19:53 - 2015-02-14 19:53 - 00000000 _____ () C:\windows\setuperr.log
2015-02-14 16:01 - 2015-02-14 16:02 - 00002128 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-14 16:01 - 2015-02-14 16:02 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-14 16:01 - 2015-02-14 16:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-13 17:05 - 2015-02-13 17:05 - 00003158 _____ () C:\windows\System32\Tasks\{192F9DF9-A25B-479D-B0EA-5E121701D5F5}
2015-02-10 20:34 - 2015-02-03 21:16 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-10 20:34 - 2015-02-03 21:16 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-10 20:34 - 2015-02-03 21:16 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-10 20:34 - 2015-02-03 21:16 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-10 20:34 - 2015-02-03 21:16 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-10 20:34 - 2015-02-03 21:16 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-02-10 20:34 - 2015-02-03 21:13 - 01098752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-10 20:34 - 2015-01-27 17:36 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-02-10 20:34 - 2015-01-15 02:14 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-10 20:34 - 2015-01-15 02:14 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-10 20:34 - 2015-01-15 02:09 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-10 20:34 - 2015-01-15 02:09 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-10 20:34 - 2015-01-15 02:09 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-10 20:34 - 2015-01-15 02:09 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-10 20:34 - 2015-01-15 02:09 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-10 20:34 - 2015-01-15 02:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-10 20:34 - 2015-01-15 02:06 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-10 20:34 - 2015-01-15 02:06 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-10 20:34 - 2015-01-15 02:04 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-10 20:34 - 2015-01-15 01:42 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-02-10 20:34 - 2015-01-15 01:42 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-02-10 20:34 - 2015-01-15 01:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-02-10 20:34 - 2015-01-15 01:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-02-10 20:34 - 2015-01-15 01:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-02-10 20:34 - 2015-01-15 01:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-02-10 20:34 - 2015-01-14 22:22 - 00458824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-10 20:33 - 2014-12-11 23:31 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-10 20:33 - 2014-12-11 23:07 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-02-10 20:33 - 2014-07-06 20:07 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-02-10 20:33 - 2014-07-06 20:06 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-02-10 20:33 - 2014-07-06 19:40 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-02-10 20:33 - 2014-07-06 19:40 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-02-10 20:32 - 2015-01-14 00:09 - 05554112 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-10 20:32 - 2015-01-14 00:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-02-10 20:32 - 2015-01-14 00:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-02-10 20:32 - 2015-01-14 00:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-02-10 20:32 - 2015-01-13 23:44 - 03972544 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-02-10 20:32 - 2015-01-13 23:44 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-02-10 20:32 - 2015-01-13 23:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-02-10 20:32 - 2014-12-07 21:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-10 20:32 - 2014-12-07 20:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-02-10 20:32 - 2014-11-25 21:53 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-10 20:32 - 2014-11-25 21:32 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-02-10 20:31 - 2015-01-08 20:03 - 03201536 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-03 11:58 - 2015-02-03 11:58 - 00003146 _____ () C:\windows\System32\Tasks\{5BA9F0D1-2567-4127-AF5B-8A5DAC58B342}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 16:42 - 2015-01-03 14:24 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-23 16:30 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\tracing
2015-02-23 16:10 - 2010-09-09 12:45 - 01883804 _____ () C:\windows\WindowsUpdate.log
2015-02-23 16:00 - 2013-02-14 10:45 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-22 22:42 - 2015-01-03 14:24 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-20 19:15 - 2009-07-13 22:45 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-20 19:15 - 2009-07-13 22:45 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-18 18:04 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\rescache
2015-02-18 13:24 - 2012-03-11 11:02 - 00000000 ____D () C:\ProgramData\Temp
2015-02-18 12:09 - 2009-07-13 23:13 - 00805380 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-18 12:01 - 2015-01-04 04:16 - 00035790 _____ () C:\windows\PFRO.log
2015-02-18 12:01 - 2013-06-19 09:00 - 00065536 _____ () C:\windows\system32\Ikeext.etl
2015-02-18 12:01 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-18 12:01 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\Branding
2015-02-18 12:00 - 2013-06-19 10:00 - 00000000 ____D () C:\Users\Pastor\AppData\Local\Apps\Adobe
2015-02-18 10:30 - 2010-08-29 22:44 - 00000000 ____D () C:\Program Files\Google
2015-02-18 10:30 - 2010-08-29 22:43 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-18 10:30 - 2009-07-13 22:45 - 00476296 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-18 10:29 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2015-02-18 10:29 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\system32\Dism
2015-02-18 10:17 - 2014-02-12 08:56 - 00000000 ____D () C:\ChurchProDemos
2015-02-18 10:16 - 2014-10-24 08:17 - 00000000 ____D () C:\ProgramData\EPSON
2015-02-18 10:16 - 2014-02-12 08:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChurchPro
2015-02-18 10:13 - 2010-12-07 16:11 - 00000000 ____D () C:\Users\Pastor\AppData\Local\Google
2015-02-16 11:35 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-16 11:33 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\SysWOW64\zh-HK
2015-02-16 11:33 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\SysWOW64\tr-TR
2015-02-16 11:33 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\system32\zh-HK
2015-02-16 11:33 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\system32\tr-TR
2015-02-16 11:33 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-02-16 11:29 - 2014-02-12 09:03 - 00002034 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradox Runtime.lnk
2015-02-16 11:29 - 2014-02-12 09:03 - 00000145 _____ () C:\windows\SysWOW64\bdemerge.ini
2015-02-14 20:26 - 2013-06-13 14:11 - 00000000 ____D () C:\Users\Pastor\AppData\Local\CrashDumps
2015-02-14 20:06 - 2010-12-07 16:07 - 00000000 ____D () C:\Users\Pastor\AppData\Local\VirtualStore
2015-02-14 19:53 - 2010-09-09 13:07 - 00000050 _____ () C:\windows\system32\SupplicantTest.log
2015-02-14 17:34 - 2013-06-19 10:00 - 00000000 ____D () C:\Users\Pastor\AppData\Local\Netscape
2015-02-14 16:02 - 2013-06-17 21:50 - 00002125 _____ () C:\windows\epplauncher.mif
2015-02-13 16:25 - 2014-11-15 12:02 - 00000000 ____D () C:\ProgramData\MSScanAppDataDir
2015-02-13 16:25 - 2010-12-15 14:47 - 00000000 ____D () C:\Users\Pastor\AppData\Local\Microsoft Help
2015-02-10 21:46 - 2015-01-04 04:13 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-10 21:46 - 2014-07-12 02:02 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-10 21:13 - 2013-07-26 02:00 - 00000000 ____D () C:\windows\system32\MRT
2015-02-10 21:09 - 2011-02-20 05:00 - 116773704 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-02-07 21:39 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\system32\NDF
2015-02-05 22:44 - 2015-01-03 14:25 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-05 22:37 - 2015-01-03 14:24 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 22:37 - 2015-01-03 14:24 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-29 13:57 - 2014-11-04 00:32 - 00000000 ____D () C:\Users\Pastor\Documents\Adobe Photoshop CS5
2015-01-29 13:57 - 2014-09-10 14:58 - 00000000 ____D () C:\Users\Pastor\Documents\af doc_files
2015-01-29 13:57 - 2014-09-08 16:01 - 00000000 ____D () C:\Users\Pastor\Documents\AIRFORCE DD214_files
2015-01-29 13:57 - 2014-01-30 09:16 - 00000000 ____D () C:\Users\Pastor\Documents\NBFC fundrasier shirts
2015-01-29 13:57 - 2013-04-30 15:02 - 00000000 ____D () C:\Users\Pastor\AppData\Roaming\ControlCenter4
2015-01-29 13:57 - 2012-12-07 03:27 - 00000000 ____D () C:\Users\Pastor\AppData\Roaming\ZTEEVDO
2015-01-29 13:57 - 2011-12-28 18:05 - 00000000 ____D () C:\Users\Pastor\AppData\Roaming\redsn0w
2015-01-29 13:57 - 2011-07-07 11:31 - 00000000 ____D () C:\Users\Pastor\Documents\Nathan
2015-01-29 13:56 - 2014-11-04 00:30 - 00000000 ____D () C:\Users\Pastor\Documents\Adobe Photoshop Lightroom 4
2015-01-29 13:56 - 2014-09-08 16:01 - 00000000 ____D () C:\Users\Pastor\Documents\COAST GUARD DD214_files
2015-01-29 13:56 - 2011-03-04 12:11 - 00000000 ____D () C:\ProgramData\MembershipPlus
2015-01-29 13:56 - 2010-12-08 12:36 - 00000000 ____D () C:\7438619a817649360a5f1bfd78
2015-01-29 09:20 - 2014-01-09 10:41 - 00000000 ____D () C:\Users\Pastor\Documents\NBFC Information

==================== Files in the root of some directories =======

2011-02-26 09:50 - 2011-02-26 09:50 - 0003584 _____ () C:\Users\Pastor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-01 13:01 - 2012-05-01 13:01 - 0004096 ____H () C:\Users\Pastor\AppData\Local\keyfile3.drm
2011-08-28 10:37 - 2011-08-28 10:37 - 0000017 _____ () C:\Users\Pastor\AppData\Local\resmon.resmoncfg
2013-08-05 12:53 - 2014-12-30 09:40 - 0003245 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 00:18

==================== End Of Log ============================

Offline Rootk

  • Malware Removal Staff
  • Silver Member
  • Posts: 878
  • ...
Follow these steps:

1.- Please download the attached file and save it next to FRST64.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST64 and press the Fix button just once and wait.
The tool will make a log on your desktop (Fixlog.txt) please post it to your reply.

2.- Download AdwCleaner by Xplode onto your Desktop.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, this time click on the Clean button.
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[Sn].txt ('n' represents the most recent report).

Offline GOLDIEBLUEKAT

  • Bronze Member
  • Posts: 12
ONE:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-02-2015
Ran by Pastor at 2015-02-24 16:59:55 Run:1
Running from C:\Users\Pastor\Desktop
Loaded Profiles: Pastor (Available profiles: Pastor)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-1623423162-1612560618-3580028150-1001\...\MountPoints2: {42d0e245-3fee-11e2-b993-88ae1d546ed0} - E:\Setup.exe /Auto
HKU\S-1-5-21-1623423162-1612560618-3580028150-1001\...\MountPoints2: {4572657a-a7df-11e4-a140-88ae1d546ed0} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1623423162-1612560618-3580028150-1001\...\MountPoints2: {a260ec00-6a84-11e4-aa00-88ae1d546ed0} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1623423162-1612560618-3580028150-1001\...\MountPoints2: {c7c6ab7b-fbab-11e3-9756-88ae1d546ed0} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1623423162-1612560618-3580028150-1001\...\MountPoints2: {d6b6d20b-4a3e-11e0-abd8-88ae1d546ed0} - E:\LaunchU3.exe -a
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-1623423162-1612560618-3580028150-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-1623423162-1612560618-3580028150-1001] => Internet Explorer proxy is enabled.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
HKU\S-1-5-21-1623423162-1612560618-3580028150-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
Toolbar: HKU\S-1-5-21-1623423162-1612560618-3580028150-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1623423162-1612560618-3580028150-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S3 connctfy; system32\DRIVERS\connctfy.sys [X]
S3 connctfyMP; system32\DRIVERS\connctfy.sys [X]
U2 wuaserv; No ImagePath
Task: {55185679-0455-403C-BE7D-CFAD09CD45EA} - System32\Tasks\{5BA9F0D1-2567-4127-AF5B-8A5DAC58B342} => pcalua.exe -a C:\Users\Pastor\AppData\Local\Temp\Temp1_doublekiller.zip\DoubleKiller.exe
C:\Users\Pastor\AppData\Local\Temp\Temp1_doublekiller.zip
Task: {6E26C045-646A-4158-A2C4-023EF9AEBD28} - System32\Tasks\{192F9DF9-A25B-479D-B0EA-5E121701D5F5} => pcalua.exe -a "C:\Users\Pastor\AppData\Local\Temp\Temp1_doublekiller (1).zip\DoubleKiller.exe"
C:\Users\Pastor\AppData\Local\Temp\Temp1_doublekiller (1).zip
Task: {E7901673-3868-4A56-B0A5-83D6C88C8270} - System32\Tasks\{A7093351-E3D4-4FDC-B97E-D2E2B8843160} => pcalua.exe -a D:\setup.exe -d D:\
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
dir C:\ 7438619a817649360a5f1bfd78 /S
EmptyTemp:
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-1623423162-1612560618-3580028150-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42d0e245-3fee-11e2-b993-88ae1d546ed0}" => Key deleted successfully.
HKCR\CLSID\{42d0e245-3fee-11e2-b993-88ae1d546ed0} => Key not found.
"HKU\S-1-5-21-1623423162-1612560618-3580028150-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4572657a-a7df-11e4-a140-88ae1d546ed0}" => Key deleted successfully.
HKCR\CLSID\{4572657a-a7df-11e4-a140-88ae1d546ed0} => Key not found.
"HKU\S-1-5-21-1623423162-1612560618-3580028150-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a260ec00-6a84-11e4-aa00-88ae1d546ed0}" => Key deleted successfully.
HKCR\CLSID\{a260ec00-6a84-11e4-aa00-88ae1d546ed0} => Key not found.
"HKU\S-1-5-21-1623423162-1612560618-3580028150-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7c6ab7b-fbab-11e3-9756-88ae1d546ed0}" => Key deleted successfully.
HKCR\CLSID\{c7c6ab7b-fbab-11e3-9756-88ae1d546ed0} => Key not found.
"HKU\S-1-5-21-1623423162-1612560618-3580028150-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6b6d20b-4a3e-11e0-abd8-88ae1d546ed0}" => Key deleted successfully.
HKCR\CLSID\{d6b6d20b-4a3e-11e0-abd8-88ae1d546ed0} => Key not found.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => Moved successfully.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe => Moved successfully.
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk not found.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-1623423162-1612560618-3580028150-1001\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-1623423162-1612560618-3580028150-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-1623423162-1612560618-3580028150-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-1623423162-1612560618-3580028150-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKU\S-1-5-21-1623423162-1612560618-3580028150-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
Plugin-x32: @microsoft.com/GENUINE -> disabled No File => Error: No automatic fix found for this entry.
connctfy => Service deleted successfully.
connctfyMP => Service deleted successfully.
wuaserv => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{55185679-0455-403C-BE7D-CFAD09CD45EA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55185679-0455-403C-BE7D-CFAD09CD45EA}" => Key deleted successfully.
C:\Windows\System32\Tasks\{5BA9F0D1-2567-4127-AF5B-8A5DAC58B342} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5BA9F0D1-2567-4127-AF5B-8A5DAC58B342}" => Key deleted successfully.
"C:\Users\Pastor\AppData\Local\Temp\Temp1_doublekiller.zip" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E26C045-646A-4158-A2C4-023EF9AEBD28}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E26C045-646A-4158-A2C4-023EF9AEBD28}" => Key deleted successfully.
C:\Windows\System32\Tasks\{192F9DF9-A25B-479D-B0EA-5E121701D5F5} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{192F9DF9-A25B-479D-B0EA-5E121701D5F5}" => Key deleted successfully.
"C:\Users\Pastor\AppData\Local\Temp\Temp1_doublekiller (1).zip" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7901673-3868-4A56-B0A5-83D6C88C8270}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7901673-3868-4A56-B0A5-83D6C88C8270}" => Key deleted successfully.
C:\Windows\System32\Tasks\{A7093351-E3D4-4FDC-B97E-D2E2B8843160} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A7093351-E3D4-4FDC-B97E-D2E2B8843160}" => Key deleted successfully.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
dir C:\ 7438619a817649360a5f1bfd78 /S => Error: No automatic fix found for this entry.
EmptyTemp: => Removed 1.7 GB temporary data.


The system needed a reboot.

==== End of Fixlog 17:00:20 ====

Offline GOLDIEBLUEKAT

  • Bronze Member
  • Posts: 12
TWO:

# AdwCleaner v4.111 - Logfile created 24/02/2015 at 19:27:38
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Pastor - PASTOR-PC
# Running from : C:\Users\Pastor\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\Users\Pastor\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Pastor\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Pastor\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Pastor\AppData\Roaming\pccustubinstaller
File Deleted : C:\END

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C5D7930-FACC-4A25-AE26-51DDA83F3D75}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7C5D7930-FACC-4A25-AE26-51DDA83F3D75}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;<local>

***** [ Web browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Google Chrome v40.0.2214.115

[C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [15060 bytes] - [24/02/2015 19:17:17]
AdwCleaner[R1].txt - [15412 bytes] - [24/02/2015 19:26:14]
AdwCleaner[S0].txt - [15027 bytes] - [24/02/2015 19:27:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15087  bytes] ##########

Offline Rootk

  • Malware Removal Staff
  • Silver Member
  • Posts: 878
  • ...
Follow these steps:

1.- Please Open Malwarebytes Anti-Malware

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Please update the database by clicking on the Update Now button as shown below.
  • Following the update, Click Settings > Detection and Protection and make sure Scan for Rootkits it checked.
  • Click on Dashboard, then click on the large green Scan Now button to begin the Threat Scan.

If Malware or Potentially Unwanted Programs are found you will receive a Prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.
  • A window with an option to view the detailed log will appear. Click on View Detailed Log.
  • After viewing the results, please click on the Copy to Clipboard button > OK.
  • Return to our forum. Paste your log into your next reply.
  • Note: If you lose the Clipboard copy and need to retrieve the log again it can be found by opening Malwarebytes and clicking on History> Application Logs with the date of the scan. Simply double-click on that in order to see the options for Copying to Clipboard or to Export to a .txt file (Notepad). etc.. The .txt file can be saved and posted when you are ready.

2.- Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes and if it finds anything, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Offline GOLDIEBLUEKAT

  • Bronze Member
  • Posts: 12
ONE:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/25/2015
Scan Time: 10:45:13 AM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.25.05
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Pastor

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 334801
Time Elapsed: 12 min, 46 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Offline GOLDIEBLUEKAT

  • Bronze Member
  • Posts: 12
TWO:

NO THREATS FOUND WITH ESETSMARTINSTALLER

Offline Rootk

  • Malware Removal Staff
  • Silver Member
  • Posts: 878
  • ...
Your logs looks OK. How are things running?

Offline GOLDIEBLUEKAT

  • Bronze Member
  • Posts: 12
Yes, had just removed 6 trojans and 39 othert malware type files...

Still have the same issues with the keyboard, do you think they may have changed the values in the device manager?

or can we try to change some settings?

I am on another laptop right now, but have access to the infected one.

Offline GOLDIEBLUEKAT

  • Bronze Member
  • Posts: 12
Ok! So kept searching how to fix the Shift Keyboard option *which i suspected came from either virus/malware/ or a windows update... had been trying everything from keyboard combos to regedit (before i found this site and forum)

Well, was just reading on windows and saw suggested to create a new user profile and see if the problem still existed... well, my keyboard works on the new user profile!!! The letters are no longer stuck on shift and I can use my numbers!!! I have to use my right Shift key (for some reason the left Shift is not working) which was a common problem in a lot of the users experiencing the keyboard issues.

But does this make any since to you, why would it work on another profile?
Would this be cause my malware?
Do you think I fix my original profile?
 

Offline Rootk

  • Malware Removal Staff
  • Silver Member
  • Posts: 878
  • ...
A new user profile will create new registry keys with default settings, so if the problem was solved after creating a new one, then the issue was probably caused by a corruption in the registry, but I couldn't tell if it was caused by malware or not.

The best thing you could do now is to move your important files from your old profile to the new one and delete the older one...