Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus, MBAM disabled, getting blue screen of death


  • This topic is locked This topic is locked

#1
mango_nj

mango_nj

    Member

  • Member
  • PipPipPip
  • 206 posts

I let my nephew use my computer for school, when I got it back I noticed it was running a little slow. Malwarebytes alerted me that something was trying to access my pc and blocked it several times.  I started getting the blue screen of death, while surfing and sometimes while voicing in skype [facebook] it would freeze my pc. I'd have to hit the power button and then restart. I noticed some adult sites in my history and a few things were saved to my system which I deleted. Today when I turned my pc on...Malwarebytes would not load. I kept getting a microsoft error that the program was being closed. I ran CHAMELEON within MBAM and it would not work. I tried all 13 tests and then retried them all in safe mode.  MBAM is still inoperative.  Highly likely my puter is infected! Would greatly appreciate help in fixing this problem. I also noticed Audacity software showing in the OTL log. I never used it and deleted that program. If there are remnants, I would like it completely deleted.  Thanks so much in advance for all your help!!!

 

 

OTL LOG

 

OTL logfile created on: 6/22/2014 2:14:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Desktop\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.43 Gb Total Physical Memory | 0.54 Gb Available Physical Memory | 37.34% Memory free
3.12 Gb Paging File | 1.94 Gb Available in Paging File | 62.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 65.26 Gb Total Space | 21.11 Gb Free Space | 32.34% Space Free | Partition Type: NTFS
Drive D: | 9.27 Gb Total Space | 3.58 Gb Free Space | 38.61% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/22 14:13:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\Desktop\OTL.exe
PRC - [2014/06/10 16:16:09 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/09/26 16:41:52 | 000,153,776 | ---- | M] (WinZip Computing International, LLC) -- C:\Program Files\File Association Helper\FAHWindow.exe
PRC - [2013/05/29 15:50:52 | 001,734,144 | ---- | M] (AimerSoft) -- C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
PRC - [2012/09/07 02:40:01 | 000,952,496 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
PRC - [2010/11/02 23:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
PRC - [2010/06/28 07:54:38 | 000,339,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/10 16:16:02 | 003,852,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/09/19 06:06:23 | 000,025,600 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\LMADIQ40.DLL
MOD - [2012/09/19 06:06:22 | 000,431,104 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\LMADIQ4A.DLL
MOD - [2012/09/07 02:40:01 | 000,952,496 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
MOD - [2012/08/22 06:05:46 | 001,490,944 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMabdrs.dll
MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2007/01/25 21:11:36 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Windows\system32\wbengine.exe -- (wbengine)
SRV - [2014/05/14 02:39:33 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/05/06 19:27:01 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/02/02 12:00:32 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/11/02 23:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014/05/12 07:26:04 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014/05/12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/11/07 15:15:35 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/10/01 11:37:42 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010/04/22 19:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/11/02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2007/04/11 15:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 15:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 15:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/04/11 15:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/04/11 15:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/01/25 21:19:46 | 002,387,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 00:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 00:30:56 | 000,311,808 | ---- | M] (Realtek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2006/10/06 15:59:06 | 000,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: youtubemp3podcaster%40jeremy.d.gregorio.com:3.3.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [2013/11/12 17:39:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [2013/11/12 17:39:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2014/05/22 05:46:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2014/06/17 05:34:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c47bhyj3.default\extensions
[2014/06/17 05:34:15 | 000,000,000 | ---D | M] (Youtube MP3 Podcaster) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c47bhyj3.default\extensions\[email protected]
[2014/06/04 18:18:07 | 000,967,387 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c47bhyj3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/06/10 16:15:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/06/10 16:16:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2014/02/13 02:14:51 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe (AimerSoft)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BrowserPlugInHelper] C:\Program Files\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe File not found
O4 - HKLM..\Run: [FAHConsole] C:\Program Files\File Association Helper\FAHConsole.exe (WinZip Computing International, LLC)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LMADImon] C:\Program Files\Lexmark Pro710 Series\LMADImon.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [LMADImon] C:\Program Files\Lexmark Pro710 Series\LMADImon.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FBD5B69-E619-4515-84DD-5ACB9E1CE4DC}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7304F139-455B-4604-934F-3AE9A180E444}: NameServer = 208.69.150.252,208.69.150.250
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/22 14:13:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Desktop
[2014/06/22 13:10:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Aimersoft
[2014/06/22 06:00:13 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\77AD22D4.sys
[2014/06/19 05:01:50 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\285E2B0A.sys
[2014/06/18 01:04:28 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\39D92AFE.sys
[2014/06/17 06:12:52 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\4AE47D20.sys
[2014/06/11 05:20:35 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\309F4696.sys
[2014/06/10 16:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/06/10 15:34:32 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\6AE74167.sys
[2014/06/09 14:18:28 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\5E71306C.sys
[2014/06/02 08:02:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\PotPlayerMini
[2014/06/02 07:58:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daum
[2014/06/02 07:58:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
[2014/06/02 07:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\Daum
[2014/06/01 23:20:17 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\18E114C1.sys
[2014/06/01 08:27:01 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\28D37C66.sys
[2014/05/25 02:52:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Facebook
[2014/05/24 19:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\WizTree
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/22 14:03:59 | 000,003,648 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/22 14:03:59 | 000,003,648 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/22 14:01:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/22 13:58:54 | 000,074,456 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/06/22 12:52:41 | 346,020,908 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/06/22 12:50:42 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/06/22 06:39:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/22 06:36:25 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2753939306-2592966707-3986022943-1000UA.job
[2014/06/22 06:00:13 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\77AD22D4.sys
[2014/06/22 03:36:17 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2753939306-2592966707-3986022943-1000Core.job
[2014/06/21 21:17:40 | 000,189,191 | ---- | M] () -- C:\Users\Owner\Documents\drew drew.rtf
[2014/06/19 05:01:50 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\285E2B0A.sys
[2014/06/18 01:04:30 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\39D92AFE.sys
[2014/06/17 13:47:57 | 000,010,518 | ---- | M] () -- C:\Users\Owner\Documents\a.rtf
[2014/06/17 06:12:52 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\4AE47D20.sys
[2014/06/15 12:15:03 | 000,002,597 | ---- | M] () -- C:\Users\Owner\Desktop\Paint Shop Pro 7.lnk
[2014/06/14 14:17:48 | 000,068,492 | ---- | M] () -- C:\Users\Owner\Documents\quotes.rtf
[2014/06/11 05:31:12 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\309F4696.sys
[2014/06/10 15:34:32 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\6AE74167.sys
[2014/06/09 14:18:28 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\5E71306C.sys
[2014/06/06 04:39:20 | 000,042,247 | ---- | M] () -- C:\Users\Owner\Documents\recipes.rtf
[2014/06/04 03:01:01 | 000,089,877 | ---- | M] () -- C:\Users\Owner\Documents\experience p.rtf
[2014/06/02 08:00:52 | 000,000,931 | ---- | M] () -- C:\Users\Owner\Desktop\PotPlayer.lnk
[2014/06/02 05:21:05 | 000,003,339 | ---- | M] () -- C:\Users\Owner\Documents\friends phone numbers.rtf
[2014/06/01 23:20:17 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\18E114C1.sys
[2014/06/01 08:27:01 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\28D37C66.sys
[2014/05/31 22:26:20 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/27 23:53:24 | 000,005,246 | ---- | M] () -- C:\Users\Owner\Documents\computer HOW TO.rtf
[2014/05/24 23:19:58 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/05/24 23:19:58 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/05/24 22:13:58 | 000,483,467 | ---- | M] () -- C:\Users\Owner\Desktop\IMG_3145.MOV
[2014/05/24 07:32:25 | 000,051,740 | ---- | M] () -- C:\Users\Owner\Documents\lights.rtf
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/06/06 22:55:04 | 346,020,908 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/06/02 08:00:52 | 000,000,931 | ---- | C] () -- C:\Users\Owner\Desktop\PotPlayer.lnk
[2014/05/27 23:01:34 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2753939306-2592966707-3986022943-1000UA.job
[2014/05/27 23:01:31 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2753939306-2592966707-3986022943-1000Core.job
[2014/05/24 22:13:51 | 000,483,467 | ---- | C] () -- C:\Users\Owner\Desktop\IMG_3145.MOV
[2013/11/14 22:02:23 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2013/11/12 17:17:06 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2013/11/12 17:17:06 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2013/11/07 10:26:10 | 000,000,408 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\CamShapes.ini
[2013/11/07 10:26:10 | 000,000,408 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\CamLayout.ini
[2013/11/07 10:26:10 | 000,000,100 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Camdata.ini
[2013/11/07 10:20:49 | 000,000,096 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\version2.xml
[2013/10/02 17:16:23 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/09/26 12:14:34 | 000,006,169 | -H-- | C] () -- C:\Windows\System32\BTImages.dat
[2013/06/22 20:58:01 | 000,000,114 | -H-- | C] () -- C:\Users\Owner\AppData\Local\tokdet56.dat
[2013/05/19 00:01:40 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2013/05/19 00:01:40 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2013/04/27 13:58:00 | 000,000,235 | ---- | C] () -- C:\Windows\WinInit.Ini
[2013/04/19 23:43:38 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lexlog.dll
[2013/04/19 23:36:49 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Nlang.dll
[2013/04/19 23:36:49 | 000,430,080 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Ncomc.dll
[2013/04/19 23:36:49 | 000,204,800 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Ninpa.dll
[2013/04/19 23:35:55 | 001,077,248 | ---- | C] ( ) -- C:\Windows\System32\LMADIQlang.dll
[2013/04/19 23:35:55 | 000,430,080 | ---- | C] ( ) -- C:\Windows\System32\LMADIQcomc.dll
[2013/04/19 23:35:55 | 000,204,800 | ---- | C] ( ) -- C:\Windows\System32\LMADIQinpa.dll
[2013/03/19 20:58:38 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-OWNER-PC-Microsoft®-Windows-Vista™-Home-Basic-(32-bit).dat
[2013/01/19 02:52:09 | 000,000,022 | ---- | C] () -- C:\Users\Owner\AppData\Local\xftredahs.dat
[2011/08/20 22:57:13 | 000,017,408 | ---- | C] () -- C:\Users\Owner\AppData\Local\WebpageIcons.db
[2010/01/26 14:22:21 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/12/13 14:59:46 | 000,000,560 | ---- | C] () -- C:\ProgramData\lxdf
[2007/10/14 19:26:28 | 000,005,632 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/11 02:04:24 | 000,000,682 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 05:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\Windows\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008/12/14 00:30:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\6500 Series
[2013/12/30 18:12:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Audacity
[2014/03/29 21:45:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Foxit Software
[2014/03/30 01:32:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\iDealshare VideoGo
[2008/12/13 14:55:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Lexmark Productivity Studio
[2014/06/02 08:02:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PotPlayerMini
[2013/06/28 06:35:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SanDisk
[2007/10/11 02:04:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2014/03/30 03:52:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
 


Edited by mango_nj, 22 June 2014 - 04:21 PM.

  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hello,

Not seeing much, will remove some left overs, check the blue screen info.

There's a proxy set in Internet Explorer, is that from the school maybe, sometimes a school requires it? I put it in the fix list.

Next

We need to do a fix to delete some files using OTL
  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [BrowserPlugInHelper] C:\Program Files\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe File not found
    
    :Files
    
    ipconfig /flushdns /c
    C:\Users\Owner\AppData\Roaming\Audacity
    
    :Commands
    
    [emptytemp]
    [resethosts]
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.
Next

Lets see if we can see what's causing or caused the Blue Screen.

Download WhoCrashed
This program checks for any drivers which may have been causing your computer to crash....

Click on the file you just downloaded and run it.
  • Put a tick in Accept then click on Next.
  • Put a tick in the Don't create a start menu folder then click Next.
  • Put a tick in Create a Desktop Icon.
  • then click on Install and make sure there is a tick in Launch Whocrashed before clicking Finish.
  • Click Analyze
  • It will want to download the Debugger and install it Say Yes
WhoCrashed will create report but you have to scroll down to see it.
Copy and paste it into your next reply.

In your next reply post:

1-The OTL Fix log, it should pop up in front of you, if not located here->C:\_OTL\Moved Files
2-New OTL after Quick scan.
3-Who crashed report.
4-Uninstall Malwarebytes and reinstall it.

Thanks
Joe :)
  • 0

#3
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

Hi Joe! Thank you for such a quick reply. I know you guys are busy and I really appreciate it!!

 

Here are the logs you requested...

 

 

OTL LOG after FIX

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BrowserPlugInHelper deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\Desktop\cmd.txt deleted successfully.
C:\Users\Owner\AppData\Roaming\Audacity\AutoSave folder moved successfully.
C:\Users\Owner\AppData\Roaming\Audacity folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Owner
->Temp folder emptied: 165464 bytes
->Temporary Internet Files folder emptied: 12437525 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 20913245 bytes
->Flash cache emptied: 4261 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 93420 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 32.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 06222014_200445

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

 

OTL LOG  After Quick Scan

 

 

OTL logfile created on: 6/22/2014 9:16:00 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Desktop\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.43 Gb Total Physical Memory | 0.66 Gb Available Physical Memory | 46.05% Memory free
3.12 Gb Paging File | 2.15 Gb Available in Paging File | 69.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 65.26 Gb Total Space | 20.74 Gb Free Space | 31.79% Space Free | Partition Type: NTFS
Drive D: | 9.27 Gb Total Space | 3.58 Gb Free Space | 38.61% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/22 14:13:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\Desktop\OTL.exe
PRC - [2013/09/26 16:41:52 | 000,153,776 | ---- | M] (WinZip Computing International, LLC) -- C:\Program Files\File Association Helper\FAHWindow.exe
PRC - [2013/05/29 15:50:52 | 001,734,144 | ---- | M] (AimerSoft) -- C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
PRC - [2012/09/07 02:40:01 | 000,952,496 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
PRC - [2010/11/02 23:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
PRC - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/09/07 02:40:01 | 000,952,496 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
MOD - [2012/08/22 06:05:46 | 001,490,944 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMabdrs.dll
MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2007/01/25 21:11:36 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Windows\system32\wbengine.exe -- (wbengine)
SRV - [2014/05/14 02:39:33 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/05/06 19:27:01 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/02/02 12:00:32 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/11/02 23:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014/05/12 07:26:04 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014/05/12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/11/07 15:15:35 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/10/01 11:37:42 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010/04/22 19:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/11/02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2007/04/11 15:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 15:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 15:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/04/11 15:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/04/11 15:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/01/25 21:19:46 | 002,387,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 00:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 00:30:56 | 000,311,808 | ---- | M] (Realtek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2006/10/06 15:59:06 | 000,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: youtubemp3podcaster%40jeremy.d.gregorio.com:3.3.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [2013/11/12 17:39:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [2013/11/12 17:39:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2014/05/22 05:46:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2014/06/17 05:34:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c47bhyj3.default\extensions
[2014/06/17 05:34:15 | 000,000,000 | ---D | M] (Youtube MP3 Podcaster) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c47bhyj3.default\extensions\[email protected]
[2014/06/04 18:18:07 | 000,967,387 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c47bhyj3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/06/10 16:15:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/06/10 16:16:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2014/06/22 20:06:21 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe (AimerSoft)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [FAHConsole] C:\Program Files\File Association Helper\FAHConsole.exe (WinZip Computing International, LLC)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LMADImon] C:\Program Files\Lexmark Pro710 Series\LMADImon.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [LMADImon] C:\Program Files\Lexmark Pro710 Series\LMADImon.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FBD5B69-E619-4515-84DD-5ACB9E1CE4DC}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7304F139-455B-4604-934F-3AE9A180E444}: NameServer = 208.69.150.252,208.69.150.250
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/22 20:04:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/22 14:13:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Desktop
[2014/06/22 13:10:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Aimersoft
[2014/06/22 06:00:13 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\77AD22D4.sys
[2014/06/19 05:01:50 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\285E2B0A.sys
[2014/06/18 01:04:28 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\39D92AFE.sys
[2014/06/17 06:12:52 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\4AE47D20.sys
[2014/06/11 05:20:35 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\309F4696.sys
[2014/06/10 16:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/06/10 15:34:32 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\6AE74167.sys
[2014/06/09 14:18:28 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\5E71306C.sys
[2014/06/02 08:02:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\PotPlayerMini
[2014/06/02 07:58:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daum
[2014/06/02 07:58:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
[2014/06/02 07:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\Daum
[2014/06/01 23:20:17 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\18E114C1.sys
[2014/06/01 08:27:01 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\28D37C66.sys
[2014/05/25 02:52:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Facebook
[2014/05/24 19:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\WizTree
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/22 21:13:45 | 000,082,126 | ---- | M] () -- C:\Users\Owner\Desktop\MBAM_stopped.jpg
[2014/06/22 21:04:18 | 000,003,648 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/22 21:04:18 | 000,003,648 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/22 21:03:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/22 20:39:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/22 20:06:21 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/06/22 20:02:01 | 000,001,502 | ---- | M] () -- C:\Users\Owner\Documents\geeks.rtf
[2014/06/22 18:36:06 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2753939306-2592966707-3986022943-1000UA.job
[2014/06/22 16:52:48 | 000,192,933 | ---- | M] () -- C:\Users\Owner\Documents\drew drew.rtf
[2014/06/22 13:58:54 | 000,074,456 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/06/22 12:52:41 | 346,020,908 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/06/22 12:50:42 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/06/22 06:00:13 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\77AD22D4.sys
[2014/06/22 03:36:17 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2753939306-2592966707-3986022943-1000Core.job
[2014/06/19 05:01:50 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\285E2B0A.sys
[2014/06/18 01:04:30 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\39D92AFE.sys
[2014/06/17 13:47:57 | 000,010,518 | ---- | M] () -- C:\Users\Owner\Documents\a.rtf
[2014/06/17 06:12:52 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\4AE47D20.sys
[2014/06/15 12:15:03 | 000,002,597 | ---- | M] () -- C:\Users\Owner\Desktop\Paint Shop Pro 7.lnk
[2014/06/14 14:17:48 | 000,068,492 | ---- | M] () -- C:\Users\Owner\Documents\quotes.rtf
[2014/06/11 05:31:12 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\309F4696.sys
[2014/06/10 15:34:32 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\6AE74167.sys
[2014/06/09 14:18:28 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\5E71306C.sys
[2014/06/06 04:39:20 | 000,042,247 | ---- | M] () -- C:\Users\Owner\Documents\recipes.rtf
[2014/06/04 03:01:01 | 000,089,877 | ---- | M] () -- C:\Users\Owner\Documents\experience p.rtf
[2014/06/02 08:00:52 | 000,000,931 | ---- | M] () -- C:\Users\Owner\Desktop\PotPlayer.lnk
[2014/06/02 05:21:05 | 000,003,339 | ---- | M] () -- C:\Users\Owner\Documents\friends phone numbers.rtf
[2014/06/01 23:20:17 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\18E114C1.sys
[2014/06/01 08:27:01 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\28D37C66.sys
[2014/05/31 22:26:20 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/27 23:53:24 | 000,005,246 | ---- | M] () -- C:\Users\Owner\Documents\computer HOW TO.rtf
[2014/05/24 23:19:58 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/05/24 23:19:58 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/05/24 22:13:58 | 000,483,467 | ---- | M] () -- C:\Users\Owner\Desktop\IMG_3145.MOV
[2014/05/24 07:32:25 | 000,051,740 | ---- | M] () -- C:\Users\Owner\Documents\lights.rtf
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/06/22 21:13:45 | 000,082,126 | ---- | C] () -- C:\Users\Owner\Desktop\MBAM_stopped.jpg
[2014/06/06 22:55:04 | 346,020,908 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/06/02 08:00:52 | 000,000,931 | ---- | C] () -- C:\Users\Owner\Desktop\PotPlayer.lnk
[2014/05/27 23:01:34 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2753939306-2592966707-3986022943-1000UA.job
[2014/05/27 23:01:31 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2753939306-2592966707-3986022943-1000Core.job
[2014/05/24 22:13:51 | 000,483,467 | ---- | C] () -- C:\Users\Owner\Desktop\IMG_3145.MOV
[2013/11/14 22:02:23 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2013/11/12 17:17:06 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2013/11/12 17:17:06 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2013/11/07 10:26:10 | 000,000,408 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\CamShapes.ini
[2013/11/07 10:26:10 | 000,000,408 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\CamLayout.ini
[2013/11/07 10:26:10 | 000,000,100 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Camdata.ini
[2013/11/07 10:20:49 | 000,000,096 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\version2.xml
[2013/10/02 17:16:23 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/09/26 12:14:34 | 000,006,169 | -H-- | C] () -- C:\Windows\System32\BTImages.dat
[2013/06/22 20:58:01 | 000,000,114 | -H-- | C] () -- C:\Users\Owner\AppData\Local\tokdet56.dat
[2013/05/19 00:01:40 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2013/05/19 00:01:40 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2013/04/27 13:58:00 | 000,000,235 | ---- | C] () -- C:\Windows\WinInit.Ini
[2013/04/19 23:43:38 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lexlog.dll
[2013/04/19 23:36:49 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Nlang.dll
[2013/04/19 23:36:49 | 000,430,080 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Ncomc.dll
[2013/04/19 23:36:49 | 000,204,800 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Ninpa.dll
[2013/04/19 23:35:55 | 001,077,248 | ---- | C] ( ) -- C:\Windows\System32\LMADIQlang.dll
[2013/04/19 23:35:55 | 000,430,080 | ---- | C] ( ) -- C:\Windows\System32\LMADIQcomc.dll
[2013/04/19 23:35:55 | 000,204,800 | ---- | C] ( ) -- C:\Windows\System32\LMADIQinpa.dll
[2013/03/19 20:58:38 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-OWNER-PC-Microsoft®-Windows-Vista™-Home-Basic-(32-bit).dat
[2013/01/19 02:52:09 | 000,000,022 | ---- | C] () -- C:\Users\Owner\AppData\Local\xftredahs.dat
[2011/08/20 22:57:13 | 000,017,408 | ---- | C] () -- C:\Users\Owner\AppData\Local\WebpageIcons.db
[2010/01/26 14:22:21 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/12/13 14:59:46 | 000,000,560 | ---- | C] () -- C:\ProgramData\lxdf
[2007/10/14 19:26:28 | 000,005,632 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/11 02:04:24 | 000,000,682 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 05:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\Windows\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008/12/14 00:30:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\6500 Series
[2014/03/29 21:45:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Foxit Software
[2014/03/30 01:32:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\iDealshare VideoGo
[2008/12/13 14:55:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Lexmark Productivity Studio
[2014/06/02 08:02:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PotPlayerMini
[2013/06/28 06:35:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SanDisk
[2007/10/11 02:04:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2014/03/30 03:52:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
 

 

 

WhoCrashed Log

 

 

Crash Dump Analysis


Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

On Sun 6/22/2014 7:51:17 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini062214-01.dmp
This was probably caused by the following module: netio.sys (NETIO+0x6882)
Bugcheck code: 0xD1 (0x3F638F7B, 0x2, 0x1, 0xFFFFFFFF9B014882)
Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\drivers\netio.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Network I/O Subsystem
Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.



On Sun 6/22/2014 7:51:17 PM GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: netio.sys (NETIO+0x6882)
Bugcheck code: 0xD1 (0x3F638F7B, 0x2, 0x1, 0xFFFFFFFF9B014882)
Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\drivers\netio.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Network I/O Subsystem
Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.



On Thu 6/19/2014 11:14:52 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini061914-01.dmp
This was probably caused by the following module: tcpip.sys (tcpip+0x4E488)
Bugcheck code: 0xD1 (0x0, 0x2, 0x1, 0xFFFFFFFF9B091488)
Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\drivers\tcpip.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: TCP/IP Driver
Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.



On Sat 6/7/2014 5:40:35 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini060614-01.dmp
This was probably caused by the following module: tcpip.sys (tcpip+0x4E488)
Bugcheck code: 0xBE (0xFFFFFFFF9B08C88B, 0x16A2D121, 0xFFFFFFFF806F4C2C, 0xA)
Error: ATTEMPTED_WRITE_TO_READONLY_MEMORY
file path: C:\Windows\system32\drivers\tcpip.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: TCP/IP Driver
Bug check description: This is issued if a driver attempts to write to a read-only memory segment.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.





Conclusion

4 crash dumps have been found and analyzed. No offending third party drivers have been found. Connsider using WhoCrashed Professional which offers more detailed analysis using symbol resolution. Also configuring your system to produce a full memory dump may help you.

 


  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hello,

Can you get malwarebytes to work, by uninstalling and reinstalling?

Joe
  • 0

#5
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

HI Joe!

 

I uninstalled MBAM and tried to reinstall it and now I am getting a run time error. I have attached a screen shot #2.  I was able to install it despite the errors....but it will not open and keeps giving me a Microsoft is closing the program message - screen shot #1.  The program worked completely fine, until today when it stopped opening. Yesterday I got several alerts in a row that someting was trying to access my system and MBAM stopped it. Now it will not work.  I could not find my disk...so I went to the Malwarebytes download page and downloaded the software from there...since I still have my key.  What is causing this?? Seems like a trojan. Thanks again for your help.
 

Attached Thumbnails

  • MBAM_#1.jpg
  • MBAM_#2.jpg

Edited by mango_nj, 22 June 2014 - 11:56 PM.

  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Lets look at another log file, and see if we can identify anything there.

Please download Farbar Recovery Scan Tool and save it to your Desktop. Make sure it ends up on the desktop, not the downloads folder.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#7
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

Hi Joe!

 

Here are both of the logs.  I uninstalled Malwarebytes since it was getting error messages & was unusable.

When you want me to reinstall, let me know. Thanks again!

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-06-2014
Ran by Owner (administrator) on OWNER-PC on 23-06-2014 13:45:55
Running from C:\Users\Owner\Desktop
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
(AimerSoft) C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(WinZip Computing International, LLC) C:\Program Files\File Association Helper\FAHWindow.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
() C:\Windows\System32\PSIService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [56928 2006-11-23] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [58928 2006-11-29] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-17] (Synaptics, Inc.)
HKLM\...\Run: [LMADImon] => C:\Program Files\Lexmark Pro710 Series\LMADImon.exe [952496 2012-09-07] ()
HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [365336 2010-11-02] (Kaspersky Lab ZAO)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [239288 2013-09-26] (WinZip Computing International, LLC)
HKLM\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1734144 2013-05-29] (AimerSoft)
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *‮* <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll (Kaspersky Lab ZAO)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\Run: [LMADImon] => C:\Program Files\Lexmark Pro710 Series\LMADImon.exe [952496 2012-09-07] ()
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\Run: [Facebook Update] => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-05-28] (Facebook Inc.)
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2753939306-2592966707-3986022943-1000\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!
AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll => C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll [109240 2010-10-05] (Kaspersky Lab ZAO)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
ShellExecuteHooks:  - {4F07DA45-8170-4859-9B5F-037EF2970034} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{7304F139-455B-4604-934F-3AE9A180E444}: [NameServer]208.69.150.252,208.69.150.250

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c47bhyj3.default
FF Homepage: hxxp://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Extension: Youtube MP3 Podcaster - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c47bhyj3.default\Extensions\[email protected] [2014-06-17]
FF Extension: Adblock Plus - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c47bhyj3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-17]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected]
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [2013-11-12]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected]
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [2013-11-12]

========================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [365336 2010-11-02] (Kaspersky Lab ZAO)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-07] () [File not signed]
S3 wbengine; "%systemroot%\system32\wbengine.exe" [X]

==================== Drivers (Whitelisted) ====================

S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [44224 2006-10-06] (BVRP Software) [File not signed]
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [132184 2010-06-09] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11352 2010-06-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [488536 2010-10-01] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [22104 2010-04-22] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19984 2009-11-02] (Kaspersky Lab)
R3 RTL85n86; C:\Windows\System32\DRIVERS\RTL85n86.sys [311808 2006-11-02] (Realtek)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2013-11-07] () [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-23 13:45 - 2014-06-23 13:47 - 00022409 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-06-23 13:44 - 2014-06-23 13:46 - 00000000 ____D () C:\FRST
2014-06-23 13:39 - 2014-06-23 13:40 - 01073152 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
2014-06-22 21:41 - 2014-06-22 21:41 - 00000828 _____ () C:\Users\Owner\Desktop\WhoCrashed.lnk
2014-06-22 21:40 - 2014-06-22 21:41 - 00000000 ____D () C:\Program Files\WhoCrashed
2014-06-22 20:04 - 2014-06-22 20:04 - 00000000 ____D () C:\_OTL
2014-06-22 12:52 - 2014-06-22 12:53 - 00131072 _____ () C:\Windows\Minidump\Mini062214-01.dmp
2014-06-22 06:00 - 2014-06-22 06:00 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\77AD22D4.sys
2014-06-19 05:01 - 2014-06-19 05:01 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\285E2B0A.sys
2014-06-19 04:17 - 2014-06-19 04:18 - 00159664 _____ () C:\Windows\Minidump\Mini061914-01.dmp
2014-06-18 01:04 - 2014-06-18 01:04 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\39D92AFE.sys
2014-06-17 06:12 - 2014-06-17 06:12 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\4AE47D20.sys
2014-06-11 05:20 - 2014-06-11 05:31 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\309F4696.sys
2014-06-10 16:15 - 2014-06-10 16:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-10 15:34 - 2014-06-10 15:34 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\6AE74167.sys
2014-06-09 14:18 - 2014-06-09 14:18 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\5E71306C.sys
2014-06-06 22:55 - 2014-06-22 12:52 - 346020908 _____ () C:\Windows\MEMORY.DMP
2014-06-06 22:55 - 2014-06-06 22:55 - 00159664 _____ () C:\Windows\Minidump\Mini060614-01.dmp
2014-06-02 08:53 - 2014-06-02 08:53 - 00003488 _____ () C:\Users\Owner\Documents\archive.txt
2014-06-02 08:02 - 2014-06-02 08:02 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\PotPlayerMini
2014-06-02 08:00 - 2014-06-02 08:00 - 00000931 _____ () C:\Users\Owner\Desktop\PotPlayer.lnk
2014-06-02 07:58 - 2014-06-02 07:58 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daum
2014-06-02 07:58 - 2014-06-02 07:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
2014-06-02 07:58 - 2014-06-02 07:58 - 00000000 ____D () C:\Program Files\Daum
2014-06-01 23:20 - 2014-06-01 23:20 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\18E114C1.sys
2014-06-01 08:27 - 2014-06-01 08:27 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\28D37C66.sys
2014-05-27 23:01 - 2014-06-23 03:36 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2753939306-2592966707-3986022943-1000UA.job
2014-05-27 23:01 - 2014-06-23 03:36 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2753939306-2592966707-3986022943-1000Core.job
2014-05-25 02:52 - 2014-05-27 23:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\Facebook
2014-05-24 22:13 - 2014-05-24 22:13 - 00483467 _____ () C:\Users\Owner\Desktop\IMG_3145.MOV
2014-05-24 19:56 - 2014-06-19 18:17 - 00000000 ____D () C:\Program Files\WizTree

==================== One Month Modified Files and Folders =======

2014-06-23 13:47 - 2014-06-23 13:45 - 00022409 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-06-23 13:46 - 2014-06-23 13:44 - 00000000 ____D () C:\FRST
2014-06-23 13:40 - 2014-06-23 13:39 - 01073152 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
2014-06-23 13:39 - 2013-06-18 23:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-23 12:53 - 2013-11-12 17:09 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-23 12:47 - 2006-11-02 05:49 - 01719564 _____ () C:\Windows\WindowsUpdate.log
2014-06-23 12:45 - 2006-11-02 05:45 - 00003648 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-23 12:45 - 2006-11-02 05:45 - 00003648 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-23 12:42 - 2007-10-08 13:43 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-06-23 12:42 - 2006-11-02 05:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-23 06:03 - 2006-11-02 05:58 - 00032522 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-23 03:36 - 2014-05-27 23:01 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2753939306-2592966707-3986022943-1000UA.job
2014-06-23 03:36 - 2014-05-27 23:01 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2753939306-2592966707-3986022943-1000Core.job
2014-06-22 21:41 - 2014-06-22 21:41 - 00000828 _____ () C:\Users\Owner\Desktop\WhoCrashed.lnk
2014-06-22 21:41 - 2014-06-22 21:40 - 00000000 ____D () C:\Program Files\WhoCrashed
2014-06-22 20:04 - 2014-06-22 20:04 - 00000000 ____D () C:\_OTL
2014-06-22 13:10 - 2007-10-08 20:15 - 01549954 _____ () C:\Windows\PFRO.log
2014-06-22 12:53 - 2014-06-22 12:52 - 00131072 _____ () C:\Windows\Minidump\Mini062214-01.dmp
2014-06-22 12:52 - 2014-06-06 22:55 - 346020908 _____ () C:\Windows\MEMORY.DMP
2014-06-22 12:52 - 2008-12-23 21:52 - 00000000 ____D () C:\Windows\Minidump
2014-06-22 06:00 - 2014-06-22 06:00 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\77AD22D4.sys
2014-06-21 16:08 - 2011-12-01 22:30 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-06-21 16:08 - 2008-04-05 20:47 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-19 18:17 - 2014-05-24 19:56 - 00000000 ____D () C:\Program Files\WizTree
2014-06-19 05:01 - 2014-06-19 05:01 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\285E2B0A.sys
2014-06-19 04:18 - 2014-06-19 04:17 - 00159664 _____ () C:\Windows\Minidump\Mini061914-01.dmp
2014-06-18 01:04 - 2014-06-18 01:04 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\39D92AFE.sys
2014-06-17 06:12 - 2014-06-17 06:12 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\4AE47D20.sys
2014-06-15 12:15 - 2014-02-05 18:57 - 00002597 _____ () C:\Users\Owner\Desktop\Paint Shop Pro 7.lnk
2014-06-11 05:31 - 2014-06-11 05:20 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\309F4696.sys
2014-06-10 16:16 - 2014-06-10 16:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-10 15:34 - 2014-06-10 15:34 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\6AE74167.sys
2014-06-09 14:18 - 2014-06-09 14:18 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\5E71306C.sys
2014-06-06 22:55 - 2014-06-06 22:55 - 00159664 _____ () C:\Windows\Minidump\Mini060614-01.dmp
2014-06-02 08:53 - 2014-06-02 08:53 - 00003488 _____ () C:\Users\Owner\Documents\archive.txt
2014-06-02 08:02 - 2014-06-02 08:02 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\PotPlayerMini
2014-06-02 08:00 - 2014-06-02 08:00 - 00000931 _____ () C:\Users\Owner\Desktop\PotPlayer.lnk
2014-06-02 07:58 - 2014-06-02 07:58 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daum
2014-06-02 07:58 - 2014-06-02 07:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
2014-06-02 07:58 - 2014-06-02 07:58 - 00000000 ____D () C:\Program Files\Daum
2014-06-01 23:20 - 2014-06-01 23:20 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\18E114C1.sys
2014-06-01 08:27 - 2014-06-01 08:27 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\28D37C66.sys
2014-06-01 06:31 - 2014-03-30 05:57 - 00000000 ____D () C:\Program Files\VideoLAN
2014-05-27 23:01 - 2014-05-25 02:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\Facebook
2014-05-27 04:14 - 2009-07-10 21:20 - 00000000 ____D () C:\Users\Owner\MiT
2014-05-27 03:45 - 2007-08-28 14:19 - 00000000 ____D () C:\TEMP
2014-05-25 08:52 - 2014-03-29 23:53 - 00000000 ____D () C:\Windows\system32\directx
2014-05-25 08:51 - 2013-12-19 14:28 - 00000000 ____D () C:\Users\Owner\Desktop\Important
2014-05-24 23:19 - 2013-03-10 04:59 - 00703388 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-24 22:13 - 2014-05-24 22:13 - 00483467 _____ () C:\Users\Owner\Desktop\IMG_3145.MOV

Files to move or delete:
====================
C:\Users\Owner\AppData\Roaming\Camdata.ini
C:\Users\Owner\AppData\Roaming\CamLayout.ini
C:\Users\Owner\AppData\Roaming\CamShapes.ini
C:\Users\Owner\AppData\Roaming\desktop.ini


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-23 12:49

==================== End Of Log ============================

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:22-06-2014
Ran by Owner at 2014-06-23 13:47:54
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Anti-Virus (Enabled - Up to date) {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

==================== Installed Programs ======================

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House)
ABBYY FineReader 9.0 Sprint (HKLM\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.595.5857 - ABBYY)
ABBYY FineReader 9.0 Sprint (Version: 9.00.595.5857 - ABBYY) Hidden
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.99 - NOS Microsystems Ltd.)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.4.1.0 - Auslogics Labs Pty Ltd)
CryptoPrevent v4.3.0 (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
Daum PotPlayer 1.6.47995 (HKLM\...\PotPlayer) (Version:  - )
DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version:  - )
Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
File Association Helper (HKLM\...\{936B9029-265A-45CB-88DA-B00EAB4DD14C}) (Version: 1.1.6.53763 - WinZip Computing International, LLC)
Kaspersky Anti-Virus 2011 (HKLM\...\InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}) (Version: 11.0.2.556 - Kaspersky Lab)
Kaspersky Anti-Virus 2011 (Version: 11.0.2.556 - Kaspersky Lab) Hidden
Lexmark Pro710 Series Uninstaller (HKLM\...\Lexmark Pro710 Series) (Version:  - Lexmark International, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Digital Image Library 9 - Blocker (Version: 9.00.0000 - Microsoft Corporation) Hidden
Microsoft Digital Image Starter Edition 2006 (HKLM\...\PictureItSuiteTrial_v12) (Version: 11.0.2018 - Microsoft Corporation)
Microsoft Digital Image Starter Edition 2006 Editor (Version: 11.0.2018 - Microsoft Corporation) Hidden
Microsoft Digital Image Starter Edition 2006 Library (Version: 11.0.2018 - Microsoft Corporation) Hidden
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Paint Shop Pro 7 ESD (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.0.0000 - Jasc Software Inc)
Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:  - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2407.0 - CyberLink Corporation)
Speccy (HKLM\...\Speccy) (Version: 1.24 - Piriform)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.3.0 - Synaptics)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
WhoCrashed 5.01 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Restore Points  =========================

16-06-2014 20:56:44 Scheduled Checkpoint
17-06-2014 14:09:43 Scheduled Checkpoint
18-06-2014 03:38:38 Scheduled Checkpoint
18-06-2014 20:16:14 Scheduled Checkpoint
20-06-2014 03:19:43 Scheduled Checkpoint
20-06-2014 22:17:30 Scheduled Checkpoint
22-06-2014 04:05:19 Scheduled Checkpoint
23-06-2014 01:04:39 Scheduled Checkpoint
23-06-2014 03:05:00 OTL Restore Point - 6/22/2014 8:04:59 PM

==================== Hosts content: ==========================

2006-11-02 03:23 - 2014-06-22 20:06 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {20D4FFF1-3DC5-413C-BDBE-2C5FC4964EDD} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {34A7D7A4-65DC-4A10-B4ED-6C8290EFAEFB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2753939306-2592966707-3986022943-1000UA => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-05-28] (Facebook Inc.)
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {5CB197ED-456C-4E00-A110-6E52063BCB13} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {CBD40E1A-253C-4D50-BFC6-7865506D2BC5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2753939306-2592966707-3986022943-1000Core => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-05-28] (Facebook Inc.)
Task: {E207AF04-F765-4C45-8114-465EDF713F42} - System32\Tasks\LexmarkPUDCTask => C:\Program Files\Lexmark\ProductUpdate\LMprodupdate.exe [2012-09-11] ()
Task: {EF56C7DD-D48F-4566-AEAA-BAB53BAF82B6} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2753939306-2592966707-3986022943-1000Core.job => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2753939306-2592966707-3986022943-1000UA.job => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (whitelisted) =============

2006-11-02 03:25 - 2007-01-25 21:11 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2013-04-19 23:39 - 2012-09-07 02:40 - 00952496 _____ () C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
2013-04-19 23:39 - 2012-08-22 06:05 - 01490944 _____ () C:\Program Files\Lexmark Pro710 Series\lmabdrs.dll
2010-10-05 21:26 - 2010-10-05 21:26 - 02111160 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avzkrnl.dll
2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\Windows\system32\PSIService.exe
2007-10-08 13:43 - 2005-08-07 06:54 - 00167936 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2014-05-22 06:34 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
2014-06-10 16:15 - 2014-06-10 16:16 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-04-19 23:35 - 2012-09-19 06:06 - 00431104 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\LMADIQ4A.DLL
2013-04-19 23:35 - 2012-09-19 06:06 - 00025600 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\LMADIQ40.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
MSCONFIG\startupreg: BigFix => c:\program files\Bigfix\bigfix.exe /atstartup
MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
MSCONFIG\startupreg: DW6 => "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => KHALMNPR.EXE
MSCONFIG\startupreg: Logitech Hardware Abstraction Layer => KHALMNPR.EXE
MSCONFIG\startupreg: lxdfamon => "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"
MSCONFIG\startupreg: lxdfmon.exe => "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: NapsterShell => C:\Program Files\Napster\napster.exe /systray
MSCONFIG\startupreg: Power2GoExpress => NA

==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter #3
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #4
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #5
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #6
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #7
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #10
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #11
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #13
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #14
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #15
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #16
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #14
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #18
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (06/23/2014 05:55:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application YAHOOM~1.EXE, version 11.5.0.228, time stamp 0x4fbf6b79, faulting module Flash32_13_0_0_214.ocx_unloaded, version 0.0.0.0, time stamp 0x5359c422, exception code 0xc0000005, fault offset 0x63238c4d,
process id 0xdb8, application start time 0xYAHOOM~1.EXE0.

Error: (06/22/2014 10:42:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,
process id 0xab4, application start time 0xmbam.exe0.

Error: (06/22/2014 10:41:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,
process id 0x664, application start time 0xmbam.exe0.

Error: (06/22/2014 09:11:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,
process id 0xd48, application start time 0xmbam.exe0.

Error: (06/22/2014 09:04:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbamservice.exe, version 3.0.2.0, time stamp 0x5318d363, faulting module mbamservice.exe, version 3.0.2.0, time stamp 0x5318d363, exception code 0x40000015, fault offset 0x0007da8a,
process id 0x984, application start time 0xmbamservice.exe0.

Error: (06/22/2014 09:04:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbamscheduler.exe, version 3.0.2.0, time stamp 0x5339cec3, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,
process id 0x200, application start time 0xmbamscheduler.exe0.

Error: (06/22/2014 08:05:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service wbengine since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (06/22/2014 07:48:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbamservice.exe, version 3.0.2.0, time stamp 0x5318d363, faulting module mbamservice.exe, version 3.0.2.0, time stamp 0x5318d363, exception code 0x40000015, fault offset 0x0007da8a,
process id 0xadc, application start time 0xmbamservice.exe0.

Error: (06/22/2014 07:47:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbamscheduler.exe, version 3.0.2.0, time stamp 0x5339cec3, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e, exception code 0x40000015, fault offset 0x0008d6fd,
process id 0x4c8, application start time 0xmbamscheduler.exe0.

Error: (06/22/2014 06:05:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service wbengine since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (06/23/2014 05:55:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: YAHOOM~1.EXE11.5.0.2284fbf6b79Flash32_13_0_0_214.ocx_unloaded0.0.0.05359c422c000000563238c4ddb801cf8ead5492d419

Error: (06/22/2014 10:42:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdab401cf8ea5dd01ea5e

Error: (06/22/2014 10:41:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd66401cf8ea5c148a57d

Error: (06/22/2014 09:11:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdd4801cf8e994467b1bd

Error: (06/22/2014 09:04:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8a98401cf8e98498b3594

Error: (06/22/2014 09:04:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.0.2.05339cec3MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd20001cf8e9837a0092c

Error: (06/22/2014 08:05:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service wbengine since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (06/22/2014 07:48:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8aadc01cf8e8d9861a780

Error: (06/22/2014 07:47:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.0.2.05339cec3MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd4c801cf8e8d8664262f

Error: (06/22/2014 06:05:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service wbengine since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.


CodeIntegrity Errors:
===================================
  Date: 2014-06-23 13:46:31.912
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klmouflt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-23 13:46:31.287
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klmouflt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-23 13:46:30.615
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klmouflt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-23 13:46:29.990
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klmouflt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-23 13:46:28.912
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klif.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-23 13:46:28.271
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klif.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-23 13:46:27.615
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klif.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-23 13:46:26.943
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klif.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-22 21:44:46.117
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klif.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-22 21:44:45.336
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klif.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 55%
Total physical RAM: 1469.39 MB
Available physical RAM: 658.74 MB
Total Pagefile: 3196.29 MB
Available Pagefile: 2083.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:65.26 GB) (Free:20.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:9.27 GB) (Free:3.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 75 GB) (Disk ID: 9AEED03F)
Partition 1: (Not Active) - (Size=9 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=65 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hello,

There are various sources of Group Policy restrictions. In some cases malware uses them to enforce restriction on security programs and prevent them from functioning normally. In some cases those restrictions are set by the system administrators or you to prevent the users or the malware from doing harm. Have you ever installed CryptoPrevent software? or anyone else for that matter. Because that software would produce the policy restrictions we see in the frst log.

Lets run another scan for a different look at things.

Next
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again
Thanks
Joe :)
  • 0

#9
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

Hi Joe!

Yes, I installed Crypto Prevent, when I was in here getting assistance a long time ago and I never uninstalled it. I thought it may be a good thing to keep. Should I uninstall this software??? Pls advise.  In the meantime, I will download and run roguekiller. You've been so helpful!!! :D


  • 0

#10
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

RogueKiller V9.1.0.0 [Jun 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 06/23/2014  22:06:31

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 11 ¤¤¤
[Shell.HJ] HKEY_LOCAL_MACHINE\RK_Software_ON_D_0283\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7304F139-455B-4604-934F-3AE9A180E444} | NameServer : 208.69.150.252,208.69.150.250  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7304F139-455B-4604-934F-3AE9A180E444} | NameServer : 208.69.150.252,208.69.150.250  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7304F139-455B-4604-934F-3AE9A180E444} | NameServer : 208.69.150.252,208.69.150.250  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7304F139-455B-4604-934F-3AE9A180E444} | NameServer : 208.69.150.252,208.69.150.250  -> FOUND
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorUser : 0  -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2753939306-2592966707-3986022943-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_0283\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_0283\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[Suspicious.Path] \\{3CD730F0-A3E6-4066-AE1C-AB6B3545B53E} -- C:\Windows\system32\pcalua.exe (-a "C:\windows\temp\apps\app000888\install flash player 9 ax.exe" -d C:\Windows\Temp\APPS\APP000888\ -c /S) -> FOUND
[Suspicious.Path] \\{A3FFDBAF-6F3A-4B4B-BFA8-141C3CF2BB87} -- C:\Windows\system32\pcalua.exe (-a C:\Users\Owner\Desktop\cdex_151.exe -d C:\Users\Owner\Desktop) -> FOUND

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 3 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] ÿþ1
[C:\Windows\System32\drivers\etc\hosts]
[C:\Windows\System32\drivers\etc\hosts]

¤¤¤ Antirootkit : 7 ¤¤¤
[IRP:Addr] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0x9867b1f8
[IRP:Addr] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x9867b1f8
[IRP:Addr] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x9867b1f8
[IRP:Addr] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x9867b1f8
[IRP:Addr] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0x9867b1f8
[IRP:Addr] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x9867b1f8
[IRP:Addr] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0x9867b1f8

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HTS421280H9AT00 ATA Device +++++
--- User ---
[MBR] d0b72b823fe1bfc2948963e66ef5aaa2
[BSP] 58783cb1c1094f2629d30a0a79844c6a : HP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 9491 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 19438650 | Size: 66825 MB
User = LL1 ... OK
User = LL2 ... OK
 


  • 0

Advertisements


#11
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Thanks for the logs, let me review them. Keep Crypto Prevent installed.

While I review the logs:

Please run the clean removal tool, and then reinstall Malwarebytes and see if that helps. If it works run a scan and post the log.

https://forums.malwa...emoval-process/

Need to attend a meeting tonite so will be late, and may not reply till Tomorrow.

Thanks
Joe :)
  • 0

#12
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

Hi Joe!!!

 

No problemo!  I'll run the clean removal tool and look for you tomorrow. Take your time looking over my logs :yes:


  • 0

#13
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

HI JOE!

 

The Malwarebytes clean program worked well and I was able to reinstall the program and it's running.

 

Here is the MBAM LOG

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/24/2014
Scan Time: 9:28:40 PM
Logfile: MBAM scan.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.25.02
Rootkit Database: v2014.06.23.02
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 275829
Time Elapsed: 17 min, 3 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hello,

Good news! and the Log is clean as a whistle :)

I'm working my way back to you.

Thanks
Joe :)
  • 0

#15
mango_nj

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts

Hey Joe!

 

I know you're super busy helping others...I'll check back tomorrow for further instructions.  I did encounter the blue screen of death today....but once I rebooted it went away and everything loaded normally. Not sure what is causing this. Thanks again....I really appreciate the help.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP