1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Office files corrupt after malware/virus

Discussion in 'Malware and Virus Removal Archive' started by steveo65, 2014/11/12.

Thread Status:
Not open for further replies.
  1. 2014/11/12
    steveo65

    steveo65 Well-Known Member Thread Starter

    Joined:
    2008/10/21
    Messages:
    135
    Likes Received:
    0
    [Inactive] Office files corrupt after malware/virus

    Office files are un-readable after malware/virus. Here are the logs.

    MBAM
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 11/12/2014
    Scan Time: 12:56:41 PM
    Logfile: mbam log.txt
    Administrator: Yes

    Version: 2.00.3.1025
    Malware Database: v2014.11.11.06
    Rootkit Database: v2014.11.10.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Laura

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 340632
    Time Elapsed: 25 min, 34 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 17
    PUP.Optional.Delta.A, C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\o2nxdf3i.default\prefs.js, Good: (), Bad: (user_pref( "extensions.delta.appId ", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} ");), Replaced,[6c16a991d6a61f17b48cf783b94c25db]
    PUP.Optional.Delta.A, C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\o2nxdf3i.default\prefs.js, Good: (), Bad: (ty.typeaheadfind.flashBar ", 0);
    user_pref( "app.), Replaced,[740eda605824ce6854ec76041ee70ff1]
    PUP.Optional.Delta.A, C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\o2nxdf3i.default\prefs.js, Good: (), Bad: (
    */

    user_pref( "accessibility.typeaheadfi), Replaced,[245ead8dd4a8cc6af749ccae996ce917]
    PUP.Optional.Delta.A, C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\o2nxdf3i.default\prefs.js, Good: (), Bad: (eig
    */

    user_pref( "accessibility.typeahea), Replaced,[443e88b2512b1a1cf8481367679e738d]
    PUP.Optional.Delta.A, C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\o2nxdf3i.default\prefs.js, Good: (), Bad: (ig
    */

    user_pref( "accessibility.typeaheadfind.flashBar ", 0);
    use), Replaced,[433fd86276064aec55ebe09aa0657a86]
    PUP.Optional.Delta.A, C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\o2nxdf3i.default\prefs.js, Good: (), Bad: (cessibility.typeaheadfind.flashBar ", 0);
    user_p), Replaced,[31510c2e7efe3ff74cf4d7a3fb0a21df]
    PUP.Optional.Delta.A, C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\o2nxdf3i.default\prefs.js, Good: (), Bad: (
    */

    user_pref( "accessibility.typeaheadfind), Replaced,[7c0644f64d2fe650e35de991040137c9]
    PUP.Optional.Delta.A, C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\o2nxdf3i.default\prefs.js, Good: (), Bad: (g
    */

    user_pref( "accessibility.typeaheadf), Replaced,[a2e0003a324a0d2948f8047641c431cf]
    PUP.Optional.Delta.A, C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\o2nxdf3i.default\prefs.js, Good: (), Bad: (ig
    */

    user_pref( "accessibility.typeaheadfi), Replaced,[3d451d1d9fdd65d1c17f552515f00ef2]
    PUP.Optional.Delta.A, C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\o2nxdf3i.default\prefs.js, Good: (), Bad: (
    */

    user_pref( "accessibility.typeaheadf), Replaced,[1e644eec6418e2540a360971a75e1fe1]
    PUP.Optional.Delta.A, C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\o2nxdf3i.default\prefs.js, Good: (), Bad: (ig
    */

    user_pref( "accessibility.typeaheadf), Replaced,[2959c575423a83b39da3f387d82df808]
    PUP.Optional.Delta.A, C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\o2nxdf3i.default\prefs.js, Good: (), Bad: (g
    */

    user_pref( "accessibility.typeaheadfi), Replaced,[e1a1a09adf9d4de9004038422ed7629e]
    PUP.Optional.Delta.A, C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\o2nxdf3i.default\prefs.js, Good: (), Bad: (g
    */

    user_pref( "accessibility.typeaheadfin), Replaced,[1e640d2dd8a44de9310fd4a6ae57a65a]
    PUP.Optional.Delta.A, C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\o2nxdf3i.default\prefs.js, Good: (), Bad: (
    */

    user_pref( "accessibility.typeaheadfind), Replaced,[641e1129225a5dd9211f5f1b669f37c9]
    PUP.Optional.Delta.A, C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\o2nxdf3i.default\prefs.js, Good: (), Bad: (
    */

    user_pref( "accessibility.typeaheadfin), Replaced,[f2908baff4883bfb162af783e223bf41]
    PUP.Optional.Delta.A, C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\o2nxdf3i.default\prefs.js, Good: (), Bad: (g
    */

    user_pref( "accessibility.typeaheadfind), Replaced,[344e5fdbe19b999deb552357699ca759]
    PUP.Optional.Delta.A, C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\o2nxdf3i.default\prefs.js, Good: (), Bad: (
    */

    user_pref( "accessibility.typeaheadfind.flashBar ", ), Replaced,[85fd2d0db0cc3ff758e8acce61a4c13f]

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  2. 2014/11/12
    steveo65

    steveo65 Well-Known Member Thread Starter

    Joined:
    2008/10/21
    Messages:
    135
    Likes Received:
    0
    DDS
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/3/2011 3:41:51 PM
    System Uptime: 11/12/2014 10:08:02 AM (6 hours ago)
    .
    Motherboard: Hewlett-Packard | | 1641
    Processor: AMD Phenom(tm) II P960 Quad-Core Processor | Socket S1G4 | 1800/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 572 GiB total, 473.743 GiB free.
    D: is FIXED (NTFS) - 24 GiB total, 3.553 GiB free.
    E: is CDROM ()
    G: is FIXED (FAT32) - 0 GiB total, 0.087 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP485: 11/11/2014 4:51:54 PM - Removed Times Reader
    RP486: 11/11/2014 5:12:05 PM - Removed PlayReady PC Runtime x86
    RP487: 11/11/2014 5:12:35 PM - Removed PlayReady PC Runtime x86
    RP488: 11/11/2014 5:15:36 PM - Configured SmartSound Quicktracks for Premiere Elements 9.0
    RP489: 11/11/2014 5:16:36 PM - Removed RoxioNow Player.
    RP490: 11/11/2014 5:18:35 PM - Configured LabelPrint
    RP491: 11/11/2014 5:19:33 PM - Removed HP Support Assistant.
    RP492: 11/11/2014 5:22:29 PM - Windows Modules Installer
    RP493: 11/11/2014 5:23:53 PM - Windows Modules Installer
    RP494: 11/11/2014 5:36:35 PM - Removed HP Setup
    RP495: 11/11/2014 8:36:23 PM - Configured HP
    RP496: 11/11/2014 8:43:17 PM - Removed HP Documentation
    RP498: 11/12/2014 12:36:21 PM - Removed HP Documentation
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 15 ActiveX
    Adobe Flash Player 15 Plugin
    Adobe Premiere Elements 9
    Adobe Premiere Elements 9 Content
    Adobe Premiere Elements 9 Content 1
    Adobe Premiere Elements 9 Content 2
    Adobe Premiere Elements 9 Content 3
    Adobe Reader XI (11.0.09)
    Adobe Shockwave Player 11.5
    Agatha Christie - Peril at End House
    ATI Catalyst Install Manager
    Bejeweled 2 Deluxe
    Bing Rewards Client Installer
    Blackhawk Striker 2
    Blasterball 3
    Bounce Symphony
    Broadcom 2070 Bluetooth 3.0
    Broadcom 802.11 Wireless LAN Adapter
    Build-a-lot 2
    Cake Mania
    Canon MX880 series MP Drivers
    Carbonite
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    Chuzzle Deluxe
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Diner Dash 2 Restaurant Rescue
    Dora's World Adventure
    Elements 9 Organizer
    Elements STI Installer
    Energy Star Digital Logo
    Escape Rosecliff Island
    ESU for Microsoft Windows 7
    Farm Frenzy
    FATE
    Final Drive Nitro
    Heroes of Hellas 2 - Olympia
    HP 3D DriveGuard
    HP Auto
    HP Client Services
    HP CloudDrive
    HP Customer Experience Enhancements
    HP DVB-T TV Tuner 8.0.64.43
    HP Game Console
    HP Games
    HP MediaSmart Movies and TV
    HP MediaSmart Music
    HP MediaSmart Photo
    HP MediaSmart SmartMenu
    HP MediaSmart Video
    HP MediaSmart Webcam
    HP MediaSmart/TouchSmart Netflix
    HP Photo Creations
    HP Power Manager
    HP Quick Launch
    HP Setup Manager
    HP SimplePass Identity Protection
    HP Software Framework
    HP Wireless Assistant
    IDT Audio
    Java 8 Update 25
    Java Auto Updater
    Jewel Quest Solitaire 2
    Junk Mail filter update
    LightScribe System Software
    Malwarebytes Anti-Malware version 2.0.3.1025
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft WSE 3.0 Runtime
    Mozilla Firefox 33.0.3 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Mystery P.I. - The London Caper
    PaintShop Photo Pro X3 Registration Incentive
    Penguins!
    Plants vs. Zombies
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    QuickBooks Premier: Accountant Edition 2007
    QuickBooks Product Listing Service
    Realtek Ethernet Controller Driver For Windows 7
    Realtek USB 2.0 Card Reader
    Recovery Manager
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
    Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2883013) 32-Bit Edition
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
    SupportSoft Assisted Service
    Synaptics Pointing Device Driver
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
    Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition
    Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
    Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
    Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
    Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
    Validity Sensors DDK
    Virtual Families
    Virtual Villagers 4 - The Tree of Life
    Wheel of Fortune 2
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Encoder 9 Series
    Yahoo! Detect
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/12/2014 10:10:05 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
    11/11/2014 9:22:39 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    11/11/2014 9:13:16 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
    11/11/2014 8:28:42 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error: An instance of the service is already running.
    11/11/2014 8:27:42 PM, Error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/11/2014 5:46:33 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    11/11/2014 5:46:33 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
    11/11/2014 5:46:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments " " in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
    11/11/2014 10:23:29 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.187.1947.0).
    11/11/2014 10:20:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070643 Error description: Fatal error during installation.
    11/11/2014 10:19:56 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: Error code: 0x80070002 Error description: The system cannot find the file specified.
    11/11/2014 10:19:56 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: Error code: 0x80070002 Error description: The system cannot find the file specified.
    .
    ==== End Of File ===========================
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17344 BrowserJavaVersion: 11.25.2
    Run by Laura at 16:20:50 on 2014-11-12
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2149 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\vcsFPService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
    C:\Program Files\DigitalPersona\Bin\DPAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Program Files\CCleaner\CCleaner64.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\syswow64\dllhost.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\System32\MsSpellCheckingFacility.exe
    C:\Windows\syswow64\dllhost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\syswow64\dllhost.exe
    C:\Windows\syswow64\dllhost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit = userinit.exe,
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
    uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{78D88E1A-606C-4A19-8ADC-AC010E77CE05} : DHCPNameServer = 192.168.0.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    LSA: Notification Packages = DPPassFilter scecli
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe "
    x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\o2nxdf3i.default\
    FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/?cid=mtmh01222013
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.delta.tlbrSrchUrl -
    FF - user.js: extensions.delta.id - 8afe366f000000000000e02a82443954
    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    FF - user.js: extensions.delta.instlDay - 15727
    FF - user.js: extensions.delta.vrsn - 1.8.8.8
    FF - user.js: extensions.delta.vrsni - 1.8.8.8
    FF - user.js: extensions.delta_i.vrsnTs - 1.8.8.817:01:50
    FF - user.js: extensions.delta.prtnrId - delta
    FF - user.js: extensions.delta.prdct - delta
    FF - user.js: extensions.delta.aflt - babsst
    FF - user.js: extensions.delta_i.smplGrp - none
    FF - user.js: extensions.delta.tlbrId - base
    FF - user.js: extensions.delta.instlRef - sst
    FF - user.js: extensions.delta.dfltLng - en
    FF - user.js: extensions.delta_i.excTlbr - false
    FF - user.js: extensions.delta.excTlbr - false
    FF - user.js: extensions.delta.admin - false
    FF - user.js: extensions.delta.autoRvrt - false
    FF - user.js: extensions.delta.rvrt - false
    FF - user.js: extensions.delta_i.newTab - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-8-17 55856]
    R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-3-3 89600]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-8 203264]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
    R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2010-6-15 30520]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-6-14 26680]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-7-17 125584]
    R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 2192176]
    R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-3-3 344616]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-3-3 39464]
    R3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-9-3 31088]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-3-3 38528]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2011-4-3 35840]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-15 111616]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-3-3 239136]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-3 344680]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-22 59392]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-5 1255736]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    .
    =============== Created Last 30 ================
    .
    2014-11-12 03:40:35 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A171CDD3-A718-4312-833C-B72DA06CA746}\offreg.dll
    2014-11-12 03:22:20 11627712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A171CDD3-A718-4312-833C-B72DA06CA746}\mpengine.dll
    2014-11-12 03:19:56 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BF55BA3D-C080-408C-B45B-CB20D29DDD35}\gapaengine.dll
    2014-11-12 03:17:06 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2014-11-12 03:17:01 -------- d-----w- C:\Program Files\Microsoft Security Client
    2014-11-12 02:51:21 -------- d-sh--w- C:\found.000
    2014-11-12 01:01:32 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8DB0C412-88AB-423B-B9BC-98AA91AE20AC}\offreg.dll
    2014-11-12 01:00:34 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-11-12 00:59:25 -------- d-----w- C:\ProgramData\Oracle
    2014-11-12 00:50:33 -------- d-----w- C:\Program Files\CCleaner
    2014-11-11 22:34:39 -------- d-----w- C:\Users\Laura\AppData\Roaming\Roxio Log Files
    2014-11-11 19:58:07 -------- d-----w- C:\Users\Laura\AppData\Local\HuluDesktop
    2014-11-11 19:47:25 0 ----a-w- C:\Windows\SysWow64\sho4422.tmp
    2014-11-11 18:41:55 -------- d-----w- C:\Users\Laura\AppData\Local\Apps
    2014-11-11 18:10:08 -------- d-----w- C:\Users\Laura\AppData\Local\PackageAware
    2014-11-11 14:24:23 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-11-11 14:24:02 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-11-11 14:24:02 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-11-11 14:24:02 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-11-11 14:24:02 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-11-11 14:24:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-11-11 14:23:36 -------- d-----w- C:\Users\Laura\AppData\Local\Programs
    2014-11-11 14:09:26 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8DB0C412-88AB-423B-B9BC-98AA91AE20AC}\mpengine.dll
    2014-11-03 13:42:36 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
    2014-11-03 09:17:17 -------- d--h--w- C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
    2014-10-29 20:51:00 -------- d-----w- C:\Users\Laura\AppData\Local\{D3EAD658-2000-43A7-84DC-5F9133440C6F}
    2014-10-27 23:02:44 -------- d-----w- C:\Users\Laura\AppData\Local\{883358A3-CC95-4010-8D61-B156C991F0D7}
    2014-10-27 07:31:14 -------- d-----w- C:\Users\Laura\AppData\Local\{647C0938-9BFD-4646-98A5-2E11A1E3D694}
    2014-10-26 09:57:11 -------- d-----w- C:\Users\Laura\AppData\Local\{CE318EAA-0D42-4691-B566-649C074A7E74}
    2014-10-25 11:32:43 -------- d-----w- C:\Users\Laura\AppData\Local\{BA361EEE-A299-4B82-939D-B41D08E41EA3}
    2014-10-22 23:20:23 -------- d-----w- C:\Users\Laura\AppData\Local\{9562EA8D-66DD-4302-82FA-0CFB6E9B7292}
    2014-10-15 18:26:24 3198976 ----a-w- C:\Windows\System32\win32k.sys
    2014-10-15 18:21:51 276480 ----a-w- C:\Windows\System32\generaltel.dll
    2014-10-15 18:20:57 3241472 ----a-w- C:\Windows\System32\msi.dll
    2014-10-15 18:19:59 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
    2014-10-15 18:19:04 77312 ----a-w- C:\Windows\System32\packager.dll
    2014-10-15 18:19:04 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    .
    ==================== Find3M ====================
    .
    2014-10-30 11:25:26 275080 ------w- C:\Windows\System32\MpSigStub.exe
    2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
    2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-10-09 23:05:03 1890 --sha-w- C:\ProgramData\KGyGaAvL.sys
    2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
    2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2014-09-23 22:37:38 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-09-23 22:37:37 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
    2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
    2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
    2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
    2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
    2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
    2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
    2014-08-28 08:29:17 0 ----a-w- C:\Windows\SysWow64\sho1088.tmp
    2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
    2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
    2014-08-19 03:11:28 693176 ----a-w- C:\Windows\System32\winload.efi
    2014-08-19 03:10:10 616352 ----a-w- C:\Windows\System32\winresume.efi
    2014-08-19 03:08:04 503808 ----a-w- C:\Windows\System32\srcore.dll
    2014-08-19 03:08:04 50176 ----a-w- C:\Windows\System32\srclient.dll
    2014-08-19 03:08:03 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
    2014-08-19 03:07:51 58880 ----a-w- C:\Windows\System32\appidapi.dll
    2014-08-19 03:07:51 32256 ----a-w- C:\Windows\System32\appidsvc.dll
    2014-08-19 03:07:33 296960 ----a-w- C:\Windows\System32\rstrui.exe
    2014-08-19 03:07:11 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
    2014-08-19 03:07:11 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
    2014-08-19 02:41:39 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
    2014-08-19 02:41:22 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
    2014-08-19 02:06:56 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
    2014-08-16 07:54:30 0 ----a-w- C:\Windows\SysWow64\sho4F83.tmp
    .
    ============= FINISH: 16:22:52.30 ===============
     

  3. to hide this advert.

  4. 2014/11/12
    steveo65

    steveo65 Well-Known Member Thread Starter

    Joined:
    2008/10/21
    Messages:
    135
    Likes Received:
    0
    just scanned with MSE and found "Trojan:win32/powessere.A!reg ". This was found and supposedly removed yesterday
     
  5. 2014/11/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================

    [​IMG] Please disable "word wrap" in Notepad because some of your logs are hard to read.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan ".
    • When the scan is finished and no malware has been found select "Exit ".
    • If malware was detected, make sure to check all the items and click "Cleanup ". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt "
      • "system-log.txt "
     
  6. 2014/11/13
    steveo65

    steveo65 Well-Known Member Thread Starter

    Joined:
    2008/10/21
    Messages:
    135
    Likes Received:
    0
    Computer completely crashed last night. It wouldn't even boot up. I did a factory reset. so far so good. Any ideas where the virus/malware came from? Thank you so much for the help. The computer had ESET paid security and apparently it went right through it. As soon as I installed MSE it found the Trojan in 32 seconds.
     
  7. 2014/11/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    There is really no way to say what the infection source was/is.

    Re-run DDS, MBAM, RogueKIller and MBAR.
     
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.