1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Backup/Restore failure.

Discussion in 'Malware and Virus Removal Archive' started by BobbyScot, 2014/12/12.

  1. 2014/12/17
    BobbyScot

    BobbyScot Geek Member Thread Starter

    Joined:
    2009/09/22
    Messages:
    2,372
    Likes Received:
    18
    .
    ==== Installed Programs ======================
    .
    AC3Filter 2.6.0b
    Adobe Flash Player 15 ActiveX
    Adobe Reader XI (11.0.10)
    Application Verifier (x64)
    ArcSoft MediaImpression 2
    µTorrent
    Auslogics BoostSpeed
    Auslogics Disk Defrag
    Auslogics Disk Defrag Touch
    Bing Bar
    CCleaner
    Clean Master
    D3DX10
    Data Lifeguard Diagnostic for Windows 1.27
    Debugging Tools for Windows (x64)
    eReg
    FileLocator Lite 2010 (64-bit)
    Google Chrome
    Google Update Helper
    Hotfix for Microsoft Document Explorer 2008 (KB953196)
    HP Deskjet 1000 J110 series Basic Device Software
    HP Deskjet 1000 J110 series Help
    HP Photo Creations
    HP Support Solutions Framework
    HP Update
    HPDiagnosticAlert
    Junk Mail filter update
    LibreOffice 4.2.5.2
    Logitech SetPoint 6.65
    Malwarebytes Anti-Malware version 2.0.4.1028
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft .NET Framework 4.5.1
    Microsoft Choice Guard
    Microsoft Document Explorer 2008
    Microsoft IntelliPoint 8.2
    Microsoft Search Enhancement Pack
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x64
    Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86
    Microsoft Windows SDK for Windows 7 (7.0)
    Microsoft Windows SDK for Windows 7 (7.1)
    MSVCRT
    MSVCRT_amd64
    NTI Backup Now EZ
    NVIDIA PhysX
    Platform
    Realtek High Definition Audio Driver
    Revo Uninstaller Pro 3.1.2
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
    Skype Click to Call
    Skypeâ„¢ 6.22
    TakeOwnershipPro 1.5
    VIA Platform Device Manager
    VLC media player
    Volume Shadow Copy Service SDK, v7.2
    Weather Pulse 2.2.4.4
    WeatherMate
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live MIME IFilter
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Upload Tool
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Diagnostic Tool
    Windows SDK Intellidocs
    Windows SDK IntellisenseNFX
    YoWindow
    .
    ==== End Of File ===========================
     
  2. 2014/12/17
    BobbyScot

    BobbyScot Geek Member Thread Starter

    Joined:
    2009/09/22
    Messages:
    2,372
    Likes Received:
    18
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17496
    Run by Robert at 17:14:33 on 2014-12-17
    .
    ============== Running Processes ================
    .
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\YoWindow\yowindow.exe
    C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
    C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://bbc.com/
    uSearch Bar = Preserve
    mWinlogon: Userinit = userinit.exe,
    BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    mRun: [BackupNowEZtray] "C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" -k
    dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink: "http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    uPolicies-Explorer: NoResolveTrack = dword:1
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    mPolicies-System: SoftwareSASGeneration = dword:1
    IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    TCP: NameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{B78FF94D-5389-4551-9270-BF5D9A9DB15F} : DHCPNameServer = 194.168.4.100 194.168.8.100
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
    x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? BBSvc;BingBar Service
    R? BBUpdate;BBUpdate
    R? c2cautoupdatesvc;Skype Click to Call Updater
    R? c2cpnrsvc;Skype Click to Call PNR Service
    R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
    R? cmcore;Clean Master Core Service
    R? GfExperienceService;NVIDIA GeForce Experience Service
    R? HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service
    R? IEEtwCollectorService;Internet Explorer ETW Collector Service
    R? ksapi64;ksapi64
    R? NvNetworkService;NVIDIA Network Service
    R? NvStreamKms;NvStreamKms
    R? NvStreamSvc;NVIDIA Streamer Service
    R? RdpVideoMiniport;Remote Desktop Video Miniport Driver
    R? Revoflt;Revoflt
    R? SkypeUpdate;Skype Updater
    R? TsUsbFlt;TsUsbFlt
    R? Uim_DEVIM;UIM Direct Device Image Plugin
    R? WatAdminSvc;Windows Activation Technologies Service
    S? LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter
    S? LHidEqd;Logitech SetPoint Unifying KMDF HID Filter
    S? MBAMProtector;MBAMProtector
    S? MBAMScheduler;MBAMScheduler
    S? MBAMService;MBAMService
    S? MBAMSwissArmy;MBAMSwissArmy
    S? MBAMWebAccessControl;MBAMWebAccessControl
    S? MpFilter;Microsoft Malware Protection Driver
    S? NisDrv;Microsoft Network Inspection System
    S? NisSrv;Microsoft Network Inspection
    S? NTI BackupNowEZSvr;NTI BackupNowEZSvr
    S? nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
    S? RTL8167;Realtek 8167 NT Driver
    S? VUSB3HUB;VIA USB 3.0 Root Hub Service
    S? WDC_SAM;WD SCSI Pass Thru driver
    S? xhcdrv;VIA USB eXtensible Host Controller Service
    .
    =============== Created Last 30 ================
    .
    2014-12-17 16:22:23 -------- d-----w- C:\Users\Robert\AppData\Local\{610A1091-7A0E-465D-9DAE-48C78E0ED338}
    2014-12-17 16:15:03 -------- d-----w- C:\Program Files (x86)\TakeOwnershipPro
    2014-12-17 15:40:28 574384 ----a-w- C:\TakeOwnershipPro.exe
    2014-12-17 12:07:54 -------- d-----w- C:\Users\Robert\AppData\Local\{710C1F7C-4057-4A76-B9F0-2D818E16E7A6}
    2014-12-17 11:14:26 -------- d-----w- C:\Users\Robert\AppData\Local\Deployment
    2014-12-17 11:14:26 -------- d-----w- C:\Users\Robert\AppData\Local\Apps
    2014-12-17 11:01:38 16896 ----a-w- C:\Windows\System32\sasnative64.exe
    2014-12-17 10:46:22 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C507FC26-D461-49D1-8932-62E9A6F4383D}\mpengine.dll
    2014-12-16 23:29:04 -------- d-----w- C:\Users\Robert\AppData\Local\{D97DD996-E404-4E0B-9811-4164282EA47D}
    2014-12-16 23:26:29 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-12-16 20:19:34 -------- d-----w- C:\ProgramData\NTIReg
    2014-12-16 20:15:46 18432 ----a-w- C:\Windows\System32\drivers\NTIDrvr.sys
    2014-12-16 20:15:45 16896 ----a-w- C:\Windows\System32\drivers\UBHelper.sys
    2014-12-16 20:15:34 -------- d-----w- C:\Windows\SysWow64\drivers\nti\Xp_x86
    2014-12-16 20:15:34 -------- d-----w- C:\Windows\SysWow64\drivers\nti\w2k_x86
    2014-12-16 20:15:34 -------- d-----w- C:\Windows\SysWow64\drivers\nti\Vista_x86
    2014-12-16 20:15:34 -------- d-----w- C:\Windows\SysWow64\drivers\nti\Vista_ia64
    2014-12-16 20:15:34 -------- d-----w- C:\Windows\SysWow64\drivers\nti\Vista_amd64
    2014-12-16 20:15:34 -------- d-----w- C:\Windows\SysWow64\drivers\nti\2003_x86
    2014-12-16 20:15:34 -------- d-----w- C:\Windows\SysWow64\drivers\nti\2003_ia64
    2014-12-16 20:15:34 -------- d-----w- C:\Windows\SysWow64\drivers\nti\2003_amd64
    2014-12-16 20:15:20 -------- d-----w- C:\Windows\SysWow64\drivers\nti
    2014-12-16 20:15:20 -------- d-----w- C:\Program Files (x86)\NTI
    2014-12-16 10:27:25 -------- d-----w- C:\Users\Robert\AppData\Local\{B007B2DD-DF44-4332-9D8D-7B4B61BE3936}
    2014-12-15 12:47:52 -------- d-----w- C:\Users\Robert\AppData\Local\{357BCB2A-9326-4BCF-A539-AF668BA0F079}
    2014-12-14 15:06:11 -------- d-----w- C:\Users\Robert\AppData\Local\{2F6EB4F2-2D85-4925-A7FE-136F9AAE248D}
    2014-12-13 14:29:56 -------- d-----w- C:\Users\Robert\AppData\Local\{49A72CF3-F81C-4268-8896-4C921F2186BD}
    2014-12-13 13:49:08 -------- d-----w- C:\Users\Robert\AppData\Local\Mozilla
    2014-12-12 23:45:28 -------- d-----w- C:\Users\Robert\AppData\Local\{709F0C13-E6B9-458B-8AD1-5915D5176465}
    2014-12-12 20:20:52 -------- d-----w- C:\Program Files (x86)\Windows Media Components
    2014-12-12 20:10:03 -------- d-----w- C:\Program Files\Debugging Tools for Windows (x64)
    2014-12-12 20:09:52 -------- d-----w- C:\Program Files (x86)\Application Verifier
    2014-12-12 20:09:49 -------- d-----w- C:\Program Files\Application Verifier (x64)
    2014-12-12 19:59:22 -------- d-----w- C:\Users\Robert\AppData\Local\Microsoft Help
    2014-12-12 14:24:54 -------- d-----w- C:\Program Files\Malwarebytes tools
    2014-12-12 13:32:01 -------- d-----w- C:\Users\Robert\AppData\Local\Adobe
    2014-12-12 11:47:32 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-12-12 11:46:57 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-12-12 11:46:57 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-12-12 11:46:57 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-12-12 11:46:57 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-12-12 11:46:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-12-12 11:39:42 -------- d-----w- C:\Users\Robert\AppData\Local\{1158F5A7-E274-4691-BE70-900B284561B4}
    2014-12-12 11:07:56 -------- d-----w- C:\Program Files\Mythicsoft
    2014-12-11 23:56:44 -------- d-----w- C:\Users\Robert\AppData\Local\{2E54FC38-0A94-46FB-BB04-FF868E7AD473}
    2014-12-11 23:18:17 -------- d-----w- C:\perflogs
    2014-12-11 12:53:41 509264 ----a-w- C:\Program Files\winsdk_web.exe
    2014-12-11 11:09:05 -------- d-----w- C:\Users\Robert\AppData\Local\{1B619F72-7CE2-40DC-A405-5EC6CEE3EB00}
    2014-12-10 20:13:02 1024 ---ha-w- C:\SYSTAG.BIN
    2014-12-10 20:12:38 -------- d-----w- C:\ProgramData\AomeiBR
    2014-12-10 20:12:31 30648 ----a-w- C:\Windows\System32\ambakdrv.sys
    2014-12-10 20:12:31 17848 ----a-w- C:\Windows\System32\amwrtdrv.sys
    2014-12-10 20:12:31 151480 ----a-w- C:\Windows\System32\ammntdrv.sys
    2014-12-10 20:00:42 -------- d-----w- C:\ProgramData\launcher
    2014-12-10 20:00:42 -------- d-----w- C:\ProgramData\explauncher
    2014-12-10 19:57:21 -------- d-----w- C:\Users\Robert\AppData\Local\Downloaded Installations
    2014-12-10 16:45:00 24875963 ----a-w- C:\Program Files\setup VSS Copy Service SD 7.2.exe
    2014-12-10 16:43:05 -------- d-----w- C:\Windows\Downloaded Installations
    2014-12-10 12:00:55 -------- d-----w- C:\Users\Robert\AppData\Local\{B7D5D885-20F2-492B-AE76-1C51CD45AF58}
    2014-12-10 10:57:18 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6F9BEA8C-3D3E-4F4E-8A3A-A554030A1B87}\gapaengine.dll
    2014-12-10 00:00:29 -------- d-----w- C:\Users\Robert\AppData\Local\{5D6E199A-4E1A-4F28-8FA5-BF905D24B224}
    2014-12-09 23:22:42 -------- d-----w- C:\Windows\System32\appraiser
    2014-12-09 23:17:47 4121600 ----a-w- C:\Windows\System32\mf.dll
    2014-12-09 23:17:47 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
    2014-12-09 23:15:27 346624 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll
    2014-12-09 23:15:27 310272 ----a-w- C:\Windows\System32\WsmWmiPl.dll
    2014-12-09 23:15:27 266240 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe
    2014-12-09 23:15:27 248832 ----a-w- C:\Windows\SysWow64\WSManMigrationPlugin.dll
    2014-12-09 23:15:27 214016 ----a-w- C:\Windows\SysWow64\WsmWmiPl.dll
    2014-12-09 23:15:27 2020352 ----a-w- C:\Windows\System32\WsmSvc.dll
    2014-12-09 23:15:27 198656 ----a-w- C:\Windows\SysWow64\WSManHTTPConfig.exe
    2014-12-09 23:15:27 181248 ----a-w- C:\Windows\System32\WsmAuto.dll
    2014-12-09 23:15:27 145920 ----a-w- C:\Windows\SysWow64\WsmAuto.dll
    2014-12-09 23:15:27 1177088 ----a-w- C:\Windows\SysWow64\WsmSvc.dll
    2014-12-09 23:15:24 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2014-12-09 23:15:24 2048 ----a-w- C:\Windows\System32\tzres.dll
    2014-12-09 14:19:50 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
    2014-12-09 14:09:12 9216 ----a-w- C:\Windows\SysWow64\ftlx0411.dll
    2014-12-09 14:09:12 9216 ----a-w- C:\Windows\System32\ftlx0411.dll
    2014-12-09 14:09:12 296960 ----a-w- C:\Windows\winhlp32.exe
    2014-12-09 14:09:12 195072 ----a-w- C:\Windows\SysWow64\ftsrch.dll
    2014-12-09 14:09:12 195072 ----a-w- C:\Windows\System32\ftsrch.dll
    2014-12-09 14:09:12 10240 ----a-w- C:\Windows\SysWow64\ftlx041e.dll
    2014-12-09 14:09:12 10240 ----a-w- C:\Windows\System32\ftlx041e.dll
    2014-12-09 13:31:08 -------- d-----w- C:\Program Files (x86)\Western Digital Corporation
    2014-12-09 12:00:04 -------- d-----w- C:\Users\Robert\AppData\Local\{1A1C13BF-5996-423D-9763-EA4E864EBC62}
    2014-12-08 18:48:43 -------- d-----w- C:\Users\Robert\AppData\Local\{53131963-A035-4E9C-831C-6E47699EA3FB}
    2014-12-08 14:53:03 -------- d-----w- C:\Users\Robert\AppData\Local\4Neurons
    2014-12-08 11:22:33 -------- d-----w- C:\Users\Robert\AppData\Local\{C205AAF2-7106-4491-BD30-FAEE26F7FBB2}
    2014-12-08 11:22:33 -------- d-----w- C:\Users\Robert\AppData\Local\{15FC29F0-7DA0-40CC-B7E3-B787D9DD851B}
    2014-12-07 13:38:32 -------- d-----w- C:\Users\Robert\AppData\Local\{35C2B721-6DF2-4534-8C51-895371235A7A}
    2014-12-07 11:11:31 -------- d-----w- C:\Users\Robert\AppData\Local\{F6378888-AEAA-480D-957B-BA6CE9F698E4}
    2014-12-06 16:22:03 -------- d-----w- C:\Users\Robert\AppData\Local\{83596ED2-4497-4A94-9D26-2011CE787CDA}
    2014-12-06 12:04:46 -------- d-----w- C:\Users\Robert\AppData\Local\{7A34FAC9-5947-43B2-A830-C6276669E445}
    2014-12-05 16:43:22 -------- d-----w- C:\Users\Robert\AppData\Local\{673BA4BE-F7EB-4129-90FF-6B15799346BA}
    2014-12-05 12:28:20 -------- d-----w- C:\Users\Robert\AppData\Local\{9F61C1B3-FC74-4F4A-98D0-E89BCC0FC153}
    2014-12-05 10:57:58 -------- d-----w- C:\Users\Robert\AppData\Roaming\uTorrent
    2014-12-05 10:34:39 -------- d-----w- C:\Users\Robert\AppData\Local\LogMeIn Rescue Applet
    2014-12-04 23:17:33 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2014-12-04 19:29:28 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2014-12-04 19:29:24 -------- d-----w- C:\Program Files\Microsoft Security Client
    2014-12-04 19:09:47 -------- d-s---w- C:\Windows\SysWow64\Microsoft
    2014-12-04 18:42:15 -------- d-----w- C:\Users\Robert\AppData\Local\{14CD820D-FB65-469F-9E49-E8D99D473F71}
    2014-12-04 15:09:04 -------- d-----w- C:\Users\Robert\AppData\Local\{877BC61B-FF2E-411C-8BBB-3309C8224938}
    2014-12-04 15:08:50 -------- d-----w- C:\Users\Robert\Tracing
    2014-12-04 15:03:35 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
    2014-12-04 15:03:35 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
    2014-12-04 15:03:34 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
    2014-12-04 15:03:34 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
    2014-12-04 15:03:14 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
    2014-12-04 15:03:14 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
    2014-12-04 10:47:46 -------- d-----w- C:\Users\Robert\AppData\Local\{7477A4D1-BD5E-4A3A-92B0-17E160793D57}
    2014-12-04 01:12:26 -------- d-----w- C:\Users\Robert\AppData\Local\{45B5C8B2-3C0A-4BE2-9C80-A46746A97D1A}
    2014-12-04 01:04:38 -------- d-----w- C:\Users\Robert\AppData\Local\{622D61E5-B388-4416-9CEE-75B2D7038559}
    2014-12-04 01:03:20 -------- d-----w- C:\Users\Robert\AppData\Local\{35A268B0-96FB-47D7-A192-339B6608C912}
    2014-12-04 01:03:08 1287528 ----a-w- C:\Program Files\wlsetup-web Live mail..exe
    2014-12-04 00:30:17 14087848 ----a-w- C:\Program Files\mseinstall.exe
    2014-12-04 00:19:40 2665608 ----a-w- C:\Program Files\EIE11_EN-GB_MSE_WIN7L.EXE
    2014-12-03 23:28:31 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2014-12-03 23:28:27 11632448 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AFA3B07A-B146-4277-BF7B-E1CAD9F79F66}\mpengine.dll
    2014-12-03 16:04:46 -------- d-----w- C:\Users\Robert\AppData\Local\Google
    2014-12-03 15:50:27 -------- d-----w- C:\ProgramData\AVAST Software
    2014-12-03 15:49:39 132469808 ------w- C:\Program Files\avast_free_antivirus_setup.exe
    2014-12-03 00:16:04 17335984 ----a-w- C:\Program Files\Adobe_Flash_Player_(IE)_v15.0.0.239.exe
    2014-11-27 00:01:08 -------- d-----w- C:\Program Files (x86)\WeatherMate
    2014-11-26 23:31:32 1304576 ----a-w- C:\Program Files\weathermate 3.4.6.(64-bit)..msi
    2014-11-24 15:30:08 -------- d-----w- C:\Users\Robert\AppData\Local\ElevatedDiagnostics
    2014-11-20 23:59:43 -------- d-----w- C:\ProgramData\Kingsoft
    2014-11-20 23:27:13 -------- d-----w- C:\Users\Robert\AppData\Local\Programs
    2014-11-20 17:12:35 -------- d-----w- C:\searchplugins
    2014-11-20 17:12:22 358736 ----a-w- C:\Windows\System32\LavasoftTcpService64.dll
    2014-11-20 17:12:19 312424 ----a-w- C:\Windows\SysWow64\LavasoftTcpService.dll
    2014-11-20 16:19:11 19736 ----a-w- C:\Windows\System32\roboot64.exe
    2014-11-19 14:17:18 28960 ----a-w- C:\Windows\System32\RegBootDefrag.exe
    2014-11-19 12:11:25 -------- d-----w- C:\ProgramData\Trusteer
    2014-11-18 23:19:41 728064 ----a-w- C:\Windows\System32\kerberos.dll
    2014-11-18 23:19:41 241152 ----a-w- C:\Windows\System32\pku2u.dll
    2014-11-18 23:19:41 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
    2014-11-18 23:19:40 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2014-11-18 00:04:17 -------- d-----w- C:\Program Files (x86)\LibreOffice 4
    2014-11-17 20:01:37 -------- d-----w- C:\ProgramData\GlarySoft
    .
    ==================== Find3M ====================
    .
    2014-12-04 20:11:36 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-12-04 20:11:36 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-12-04 02:50:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
    2014-12-04 02:50:45 741376 ----a-w- C:\Windows\System32\invagent.dll
    2014-12-04 02:50:40 396800 ----a-w- C:\Windows\System32\devinv.dll
    2014-12-04 02:50:38 830976 ----a-w- C:\Windows\System32\appraiser.dll
    2014-12-04 02:50:37 227328 ----a-w- C:\Windows\System32\aepdu.dll
    2014-12-04 02:50:37 192000 ----a-w- C:\Windows\System32\aepic.dll
    2014-12-04 02:44:48 1083392 ----a-w- C:\Windows\System32\aeinv.dll
    2014-12-01 23:28:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
    2014-11-24 14:04:56 275080 ------w- C:\Windows\System32\MpSigStub.exe
    2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
    2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
    2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2014-11-22 02:35:43 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
    2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2014-11-22 01:55:16 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
    2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-11-18 20:21:43 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
    2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
    2014-11-01 14:31:32 31766800 ----a-w- C:\Program Files\GeForce_Experience_v2.1.3.0.exe
    2014-10-30 15:25:40 25611537 ----a-w- C:\Program Files\vlc-2.1.5-win64.exe
    2014-10-30 02:10:36 6880968 ----a-w- C:\Windows\System32\nvcpl.dll
    2014-10-30 02:10:36 3533632 ----a-w- C:\Windows\System32\nvsvc64.dll
    2014-10-30 02:10:34 935232 ----a-w- C:\Windows\System32\nvvsvc.exe
    2014-10-30 02:10:34 61640 ----a-w- C:\Windows\System32\nvshext.dll
    2014-10-30 02:10:34 2558792 ----a-w- C:\Windows\System32\nvsvcr.dll
    2014-10-30 02:10:33 385352 ----a-w- C:\Windows\System32\nvmctray.dll
    2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
    2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
    2014-10-29 23:10:44 556552 ----a-w- C:\Windows\System32\drivers\UimFIO.sys
    2014-10-29 23:10:44 25992 ----a-w- C:\Windows\System32\drivers\uim_devim.sys
    2014-10-29 23:10:42 700680 ----a-w- C:\Windows\System32\drivers\uim_im.sys
    2014-10-29 23:10:42 102664 ----a-w- C:\Windows\System32\drivers\UimBus.sys
    2014-10-29 23:10:38 944904 ----a-w- C:\Windows\System32\Vim.RWBlock.dll
    2014-10-29 23:10:38 86792 ----a-w- C:\Windows\System32\vimbase.dll
    2014-10-29 23:10:38 531720 ----a-w- C:\Windows\System32\drivers\UMDF\blockmounter.dll
    2014-10-29 23:10:38 2152176 ----a-w- C:\Windows\System32\WudfUpdate_01009.dll
    2014-10-29 23:10:38 2065160 ----a-w- C:\Windows\System32\vimsdk.dll
    2014-10-27 00:34:52 4066553 ----a-w- C:\Windows\System32\nvcoproc.bin
    2014-10-26 15:32:05 81768 ----a-w- C:\Windows\System32\drivers\ksapi.sys
    2014-10-26 15:32:05 56680 ----a-w- C:\Windows\System32\drivers\ksapi64.sys
    2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
    2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
    2014-10-21 17:57:48 2134584 ----a-w- C:\Program Files\Wise Registry Cleaner.exe
    2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
    2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2014-10-16 16:54:03 1876296 ----a-w- C:\Windows\System32\nvdispco6434448.dll
    2014-10-16 16:54:03 1539272 ----a-w- C:\Windows\System32\nvdispgenco6434448.dll
    2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
    2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
    2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
    2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
    2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
    2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
    2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
    2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
    2014-10-04 08:55:29 122584 ----a-w- C:\Windows\System32\drivers\48230029.sys
    2014-10-04 06:35:37 2197680 ----a-w- C:\Windows\SysWow64\nvspcap.dll
    2014-10-04 06:35:37 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
    2014-10-04 06:34:26 2800296 ----a-w- C:\Windows\System32\nvspcap64.dll
    2014-10-04 06:34:26 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
    2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
    2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
    2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
    2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
    2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
    2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
    2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
    2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
    2014-10-02 12:45:44 1839910 ----a-w- C:\Program Files\ShellFolderFixSetup Position window.exe
    2014-09-30 00:10:07 878080 ----a-w- C:\Windows\System32\advapi32.dll
    2014-09-30 00:10:07 859648 ----a-w- C:\Windows\System32\tdh.dll
    2014-09-30 00:10:07 1732032 ----a-w- C:\Windows\System32\ntdll.dll
    .
    ============= FINISH: 17:14:44.51 ===============
     

  3. to hide this advert.

  4. 2014/12/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit (MBAR) to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan ".
    • When the scan is finished and no malware has been found select "Exit ".
    • If malware was detected, make sure to check all the items and click "Cleanup ". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt "
      • "system-log.txt "
    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
     
  5. 2014/12/17
    BobbyScot

    BobbyScot Geek Member Thread Starter

    Joined:
    2009/09/22
    Messages:
    2,372
    Likes Received:
    18
    I am sorry, this is becoming to confusing, last RogueKiller requires a payment as all types of this similar software require a download and installation then require a fee to suppose clean computer. I appreciate the time taken by you to try and solve error, but I have decided to just leave well alone. Thanks Bobby..
     
  6. 2014/12/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    RogueKiller is totally free but...
    ...no problem...
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.