SM7

CLOSED Will not Quarantine RASAP132 RASMANCS

Recommended Posts

EMIsoft could not quaratine HKEY_ LOCAL_MACHINE/Software/Microsoft/Training/AU_RASAP132

                                               "                                    "                                           "    _RASMANCS

 

Maleware bytes stops an OUTGOING message from my computer and message pops up from Malwarbytes. RASAP132 seems to have been quaritined.

 

Emsisoft Emergency Kit - Version 4.0
Last update: 7/17/2014 6:03:21 PM
User account: Scott-PC\Scott

Scan settings:

Scan type: Smart Scan
Objects: Rootkits, Memory, Traces, C:\Windows\, C:\Program Files\

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    7/17/2014 6:03:53 PM
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\AU__RASMANCS     detected: Application.Win32.InstallExt (A)

Scanned    131608
Found    1

Scan end:    7/17/2014 6:26:22 PM
Scan time:    0:22:29
 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
Ran by Scott (administrator) on SCOTT-PC on 17-07-2014 18:28:43
Running from C:\Users\Scott\Downloads
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Ellora Assets Corp.) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Safer Networking Ltd.) C:\Program Files\spybot - search & destroy\SDWinSec.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files\spybot - search & destroy\TeaTimer.exe
() C:\Program Files\EZ-DUB\EZ-DUB.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Microsoft Corporation) C:\Program Files\microsoft office\Office12\WINWORD.EXE
(Emsisoft GmbH) C:\EEK\Run\a2emergencykit.exe
(Adobe Systems Incorporated) C:\Program Files\adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\adobe\Reader 11.0\Reader\AcroRd32.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-08-10] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2010-09-01] (Apple Inc.)
HKLM\...\Run: [emsisoft anti-malware] => C:\Program Files\Emsisoft Anti-Malware\a2guard.exe [4841824 2014-07-09] (Emsisoft GmbH)
HKU\S-1-5-21-4044866103-2329573634-2605357377-1000\...\Run: [spybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EZ-DUB Finder.lnk
ShortcutTarget: EZ-DUB Finder.lnk -> C:\Program Files\EZ-DUB\EZ-DUB.exe ()
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCC703EB21F54CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ixquick.com/
SearchScopes: HKLM - DefaultScope {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL =
SearchScopes: HKCU - {0169E633-8781-F882-9BC7-7B014AE4DE4E} URL = http://www.bing.com/search?q={searchTerms}&pc=Z206&form=ZGAIDF&install_date=20111213&iesrc={referrer:source}
SearchScopes: HKCU - {09533787-AE1B-4686-AD2C-648367BFEF2B} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKCU - {454575F2-C92B-4CBB-B1F6-3D04AC434B77} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={28D50B71-BC4B-4D0F-9827-187BF65235E9}&mid=c42fa7dead4147d082f3d16daee5685a-b1ae052651faaa2bd6266dffd5921784f491617a〈=en&ds=AVG&pr=pr&d=2012-03-31 08:03:57&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\7a9e9569.default
FF Homepage: https://www.ixquick.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]
FF Extension: Freemake Video Downloader Plugin - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected] [2014-05-31]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]
FF Extension: Freemake Youtube Download Button - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected] [2014-05-31]

========================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4741384 2014-07-09] (Emsisoft GmbH)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-05-22] (Ellora Assets Corp.) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [199960 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
R3 cleanhlp; C:\EEK\Run\cleanhlp32.sys [50200 2014-07-17] (Emsisoft GmbH)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [74456 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
R3 ULCDRHlp; C:\Windows\System32\Drivers\ULCDRHlp.sys [27392 2004-12-22] (Ulead Systems, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-17 18:28 - 2014-07-17 18:29 - 00010614 _____ () C:\Users\Scott\Downloads\FRST.txt
2014-07-17 18:28 - 2014-07-17 18:28 - 00000000 ____D () C:\FRST
2014-07-17 18:27 - 2014-07-17 18:27 - 00001136 _____ () C:\Users\Scott\Desktop\1a2scan_140717-180353.txt
2014-07-17 18:01 - 2014-07-17 18:01 - 00000546 _____ () C:\Users\Scott\Desktop\Emsisoft Emergency Kit.lnk
2014-07-17 18:00 - 2014-07-17 18:01 - 00000000 ____D () C:\EEK
2014-07-17 17:52 - 2014-07-17 17:53 - 215983336 _____ () C:\Users\Scott\Downloads\EmsisoftEmergencyKit.exe
2014-07-17 17:52 - 2014-07-17 17:53 - 01077248 _____ (Farbar) C:\Users\Scott\Downloads\FRST.exe
2014-07-17 17:44 - 2014-07-17 17:44 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-07-17 15:19 - 2014-07-17 17:55 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-07-17 15:19 - 2014-07-17 15:19 - 00001053 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-07-17 15:19 - 2014-07-17 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-07-17 15:08 - 2014-07-17 15:12 - 222833152 _____ (Emsisoft GmbH ) C:\Users\Scott\Downloads\EmsisoftAntiMalwareSetup.exe
2014-07-17 13:03 - 2014-07-17 13:04 - 00001864 _____ () C:\Users\Scott\Desktop\Numbers Triplets.txt
2014-07-14 22:21 - 2014-07-14 22:21 - 00004386 _____ () C:\Windows\system32\.crusader
2014-07-14 22:12 - 2014-07-14 22:22 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-14 22:11 - 2014-07-17 14:56 - 10279264 _____ (SurfRight B.V.) C:\Users\Scott\Downloads\HitmanPro.exe
2014-07-14 10:47 - 2014-07-14 11:25 - 233793651 _____ () C:\Users\Scott\Downloads\af85.ASSlaves.TiaTanaka.rar
2014-07-12 09:36 - 2014-07-14 13:59 - 608264134 _____ () C:\Users\Scott\Downloads\birol-9-sc3.rar
2014-07-11 15:02 - 2012-09-02 16:55 - 00000050 _____ () C:\Users\Scott\Downloads\New Text Document.txt
2014-07-11 05:50 - 2014-06-18 17:54 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-11 05:50 - 2014-06-18 17:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-11 05:50 - 2014-06-18 17:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-11 05:50 - 2014-06-18 17:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-11 05:50 - 2014-06-18 17:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-11 05:50 - 2014-06-18 17:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-11 05:50 - 2014-06-18 17:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-11 05:50 - 2014-06-18 17:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-11 05:50 - 2014-06-18 17:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-11 05:50 - 2014-06-18 17:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-11 05:50 - 2014-06-18 17:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-11 05:50 - 2014-06-18 17:52 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-11 05:50 - 2014-06-18 17:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-11 05:50 - 2014-06-18 17:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-11 05:50 - 2014-06-18 17:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-11 05:50 - 2014-06-18 17:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-11 05:50 - 2014-06-18 17:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-11 05:50 - 2014-06-18 17:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-11 05:50 - 2014-06-18 17:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-11 05:49 - 2014-06-18 17:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-11 05:49 - 2014-06-18 17:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-11 05:49 - 2014-06-18 16:34 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-07-11 05:49 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-11 05:49 - 2014-06-17 17:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-11 05:49 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-11 05:49 - 2014-06-05 07:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-11 05:49 - 2014-05-29 23:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-11 05:48 - 2014-06-29 18:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-11 05:48 - 2014-06-29 18:36 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-11 05:48 - 2014-05-30 00:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-11 05:48 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-11 05:48 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-11 05:48 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-11 05:48 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-11 05:48 - 2014-05-30 00:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-11 05:48 - 2014-05-30 00:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-04 10:48 - 2014-07-04 11:01 - 00001459 _____ () C:\Users\Scott\Desktop\Snipping Tool.lnk
2014-06-27 12:58 - 2014-06-27 12:58 - 00556418 _____ (BibleSupport.com ) C:\Users\Scott\Downloads\THE NAG HAMMADI LIBRARY.topx(1).exe
2014-06-27 12:45 - 2014-06-27 12:45 - 03987795 _____ (BibleSupport.com ) C:\Users\Scott\Downloads\ModuleInstallerSetup04.exe
2014-06-27 12:35 - 2012-12-02 15:47 - 14729216 _____ () C:\Users\Scott\Downloads\kjva.bblx
2014-06-27 12:26 - 2014-06-27 12:26 - 02653049 _____ () C:\Users\Scott\Downloads\kjva.zip
2014-06-27 12:26 - 2014-06-27 12:26 - 02012230 _____ (BibleSupport.com ) C:\Users\Scott\Downloads\kjva.exe
2014-06-27 12:26 - 2014-06-27 12:26 - 00556418 _____ (BibleSupport.com ) C:\Users\Scott\Downloads\THE NAG HAMMADI LIBRARY.topx.exe
2014-06-24 08:30 - 2014-06-24 08:41 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-06-21 06:55 - 2014-06-21 06:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-17 16:22 - 2014-06-17 16:22 - 00188696 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2014-06-17 16:21 - 2014-06-17 16:21 - 00197400 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
2014-06-17 16:18 - 2014-06-17 16:18 - 00241944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2014-06-17 16:17 - 2014-06-17 16:17 - 00147736 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00199960 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00121624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiskx.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00098584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00027416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00021272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys

==================== One Month Modified Files and Folders =======

2014-07-17 18:29 - 2014-07-17 18:28 - 00010614 _____ () C:\Users\Scott\Downloads\FRST.txt
2014-07-17 18:28 - 2014-07-17 18:28 - 00000000 ____D () C:\FRST
2014-07-17 18:27 - 2014-07-17 18:27 - 00001136 _____ () C:\Users\Scott\Desktop\1a2scan_140717-180353.txt
2014-07-17 18:27 - 2014-04-10 20:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-17 18:01 - 2014-07-17 18:01 - 00000546 _____ () C:\Users\Scott\Desktop\Emsisoft Emergency Kit.lnk
2014-07-17 18:01 - 2014-07-17 18:00 - 00000000 ____D () C:\EEK
2014-07-17 17:55 - 2014-07-17 15:19 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-07-17 17:53 - 2014-07-17 17:52 - 215983336 _____ () C:\Users\Scott\Downloads\EmsisoftEmergencyKit.exe
2014-07-17 17:53 - 2014-07-17 17:52 - 01077248 _____ (Farbar) C:\Users\Scott\Downloads\FRST.exe
2014-07-17 17:44 - 2014-07-17 17:44 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-07-17 16:54 - 2014-04-09 11:32 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-17 15:19 - 2014-07-17 15:19 - 00001053 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-07-17 15:19 - 2014-07-17 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-07-17 15:12 - 2014-07-17 15:08 - 222833152 _____ (Emsisoft GmbH ) C:\Users\Scott\Downloads\EmsisoftAntiMalwareSetup.exe
2014-07-17 14:56 - 2014-07-14 22:11 - 10279264 _____ (SurfRight B.V.) C:\Users\Scott\Downloads\HitmanPro.exe
2014-07-17 14:31 - 2014-04-09 11:54 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-17 14:30 - 2014-04-09 14:28 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\vlc
2014-07-17 13:04 - 2014-07-17 13:03 - 00001864 _____ () C:\Users\Scott\Desktop\Numbers Triplets.txt
2014-07-17 10:32 - 2009-07-13 21:34 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-17 10:32 - 2009-07-13 21:34 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-17 10:29 - 2014-04-09 10:56 - 01447398 _____ () C:\Windows\WindowsUpdate.log
2014-07-17 10:25 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-17 10:25 - 2009-07-13 21:39 - 00037446 _____ () C:\Windows\setupact.log
2014-07-16 07:19 - 2010-11-20 14:01 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-16 06:53 - 2014-04-11 06:19 - 00002629 _____ () C:\Users\Scott\AppData\Roaming\TinnitusTamerPrefs.dat
2014-07-14 22:22 - 2014-07-14 22:12 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-14 22:21 - 2014-07-14 22:21 - 00004386 _____ () C:\Windows\system32\.crusader
2014-07-14 13:59 - 2014-07-12 09:36 - 608264134 _____ () C:\Users\Scott\Downloads\birol-9-sc3.rar
2014-07-14 11:25 - 2014-07-14 10:47 - 233793651 _____ () C:\Users\Scott\Downloads\af85.ASSlaves.TiaTanaka.rar
2014-07-13 08:25 - 2011-12-22 15:29 - 00000000 ____D () C:\Users\Scott\Desktop\Religious
2014-07-13 06:15 - 2010-11-20 14:48 - 00082378 _____ () C:\Windows\PFRO.log
2014-07-11 07:33 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache
2014-07-11 05:57 - 2009-07-13 21:33 - 00309904 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-11 05:55 - 2014-05-07 07:41 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-11 05:55 - 2011-04-11 19:24 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 05:53 - 2014-04-10 12:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-11 05:51 - 2014-04-10 12:55 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-07 11:44 - 2014-04-07 13:15 - 00000000 ____D () C:\Users\Scott\Desktop\DESKTOP INFO
2014-07-05 09:47 - 2014-04-23 08:09 - 00000000 ____D () C:\Users\Scott\AppData\Local\CutePDF Writer
2014-07-04 11:01 - 2014-07-04 10:48 - 00001459 _____ () C:\Users\Scott\Desktop\Snipping Tool.lnk
2014-07-04 11:01 - 2014-06-09 08:03 - 00001268 _____ () C:\Users\Scott\Desktop\Notepad.lnk
2014-07-04 11:01 - 2013-12-01 12:30 - 00001531 _____ () C:\Users\Scott\Desktop\Paint.lnk
2014-07-01 19:09 - 2014-04-09 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-30 07:32 - 2013-04-12 11:50 - 00000000 ____D () C:\Users\Scott\Documents\e-Sword
2014-06-29 18:40 - 2014-07-11 05:48 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 18:36 - 2014-07-11 05:48 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-27 12:58 - 2014-06-27 12:58 - 00556418 _____ (BibleSupport.com ) C:\Users\Scott\Downloads\THE NAG HAMMADI LIBRARY.topx(1).exe
2014-06-27 12:58 - 2014-04-14 20:57 - 00000000 ____D () C:\Program Files\e-Sword
2014-06-27 12:45 - 2014-06-27 12:45 - 03987795 _____ (BibleSupport.com ) C:\Users\Scott\Downloads\ModuleInstallerSetup04.exe
2014-06-27 12:26 - 2014-06-27 12:26 - 02653049 _____ () C:\Users\Scott\Downloads\kjva.zip
2014-06-27 12:26 - 2014-06-27 12:26 - 02012230 _____ (BibleSupport.com ) C:\Users\Scott\Downloads\kjva.exe
2014-06-27 12:26 - 2014-06-27 12:26 - 00556418 _____ (BibleSupport.com ) C:\Users\Scott\Downloads\THE NAG HAMMADI LIBRARY.topx.exe
2014-06-25 12:26 - 2014-04-10 16:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-24 08:41 - 2014-06-24 08:30 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-06-22 06:03 - 2009-07-13 21:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-21 21:37 - 2014-05-10 20:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak
2014-06-21 06:55 - 2014-06-21 06:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-18 17:54 - 2014-07-11 05:50 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-18 17:53 - 2014-07-11 05:50 - 01766400 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-18 17:53 - 2014-07-11 05:50 - 01141760 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-18 17:53 - 2014-07-11 05:50 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-18 17:53 - 2014-07-11 05:50 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-18 17:53 - 2014-07-11 05:50 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-18 17:53 - 2014-07-11 05:49 - 14368768 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-18 17:52 - 2014-07-11 05:50 - 13732352 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-18 17:52 - 2014-07-11 05:50 - 02863616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-18 17:52 - 2014-07-11 05:50 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-18 17:52 - 2014-07-11 05:50 - 01440768 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-18 17:52 - 2014-07-11 05:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-18 17:52 - 2014-07-11 05:50 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-18 17:52 - 2014-07-11 05:50 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-18 17:52 - 2014-07-11 05:50 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-18 17:52 - 2014-07-11 05:50 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-18 17:52 - 2014-07-11 05:50 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-18 17:52 - 2014-07-11 05:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-18 17:52 - 2014-07-11 05:50 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-18 17:52 - 2014-07-11 05:49 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-18 17:30 - 2014-07-11 05:50 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-18 16:34 - 2014-07-11 05:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-17 18:51 - 2014-07-11 05:49 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-17 17:52 - 2014-07-11 05:49 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-17 16:22 - 2014-06-17 16:22 - 00188696 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2014-06-17 16:21 - 2014-06-17 16:21 - 00197400 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
2014-06-17 16:18 - 2014-06-17 16:18 - 00241944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2014-06-17 16:17 - 2014-06-17 16:17 - 00147736 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00199960 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00121624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiskx.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00098584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00027416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00021272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 08:26

==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-07-2014 01
Ran by Scott at 2014-07-17 18:29:30
Running from C:\Users\Scott\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
ACT! 2000 (HKCU\...\ACT! 2000) (Version:  - )
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Advanced Scan to PDF Free 3.9.2 (HKLM\...\Advanced Scan to PDF Free_is1) (Version:  - PDFChief Co., Ltd.)
Apple Application Support (HKLM\...\{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}) (Version: 1.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}) (Version: 3.2.0.47 - Apple Inc.)
Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4716 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4716 - AVG Technologies) Hidden
Bonjour (HKLM\...\{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}) (Version: 2.0.3.0 - Apple Inc.)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
e-Sword (HKLM\...\{294B365B-32EF-49EE-99B3-A00558DC76E5}) (Version: 10.02.0001 - Rick Meyers)
e-Sword Module Installer version .4 (HKLM\...\{6E442F8C-3EB1-4911-BB65-F3AD73438F52}_is1) (Version: .4 - BibleSupport.com)
EZ-DUB (HKLM\...\{7E30D45E-EEC5-41A6-A613-F3BFB2694ACB}) (Version: 3.0 - Ulead System)
EZ-DUB Finder (HKLM\...\InstallShield_{F33C4D28-899A-4C3C-868B-9169A121528B}) (Version: 1.00.0722 - LiteON)
EZ-DUB Finder (Version: 1.00.0722 - LiteON) Hidden
Freemake Video Downloader (HKLM\...\Freemake Video Downloader_is1) (Version: 3.7.0 - Ellora Assets Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
iTunes (HKLM\...\{350FB27C-CF62-4EF3-AF9D-70FF313FE221}) (Version: 10.0.0.68 - Apple Inc.)
LiveUpdate (HKLM\...\LiveUpdate) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4024.1220 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
QuickTime (HKLM\...\{EB900AF8-CC61-4E15-871B-98D1EA3E8025}) (Version: 7.67.75.0 - Apple Inc.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
THE NAG HAMMADI LIBRARY.topx version 0 (HKLM\...\{D7F1A6E9-5A60-4573-AFBD-4A047A57635E}_is1) (Version: 0 - BibleSupport.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.0 (HKLM\...\VLC media player) (Version: 2.0.0 - VideoLAN)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)

==================== Restore Points  =========================

29-06-2014 14:43:21 Scheduled Checkpoint
06-07-2014 17:41:55 Scheduled Checkpoint
11-07-2014 12:50:21 Windows Update
15-07-2014 05:17:39 Checkpoint by HitmanPro
15-07-2014 05:21:13 Checkpoint by HitmanPro

==================== Hosts content: ==========================

2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {35910534-5F45-451B-86CF-536B12FEDDC1} - System32\Tasks\{8ED34269-D355-4824-81B4-8E0CA709686C} => C:\Program Files\iTunes\iTunes.exe [2010-09-01] (Apple Inc.)
Task: {60B245A9-53E6-4893-A5B9-78C94BC324BD} - System32\Tasks\{DCC16085-21A5-4481-BCD9-1750B143EE35} => C:\Program Files\iTunes\iTunes.exe [2010-09-01] (Apple Inc.)
Task: {F2FA7467-3EDF-4E2C-9E53-B5E9B9F81698} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-10] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-05-14 08:20 - 2013-10-23 14:23 - 00089136 _____ () C:\Windows\System32\cpwmon2k.dll
2010-06-03 13:46 - 2010-06-03 13:46 - 00067872 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2005-09-13 19:47 - 2005-09-13 19:47 - 00266240 _____ () C:\Program Files\EZ-DUB\EZ-DUB.exe
2010-06-03 13:45 - 2010-06-03 13:45 - 01240880 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-08-10 00:00 - 2010-08-10 00:00 - 00324896 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libtidy.dll
2014-07-17 15:19 - 2014-06-18 15:50 - 00703800 _____ () C:\Program Files\Emsisoft Anti-Malware\fw32.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files\Adobe\Reader 11.0\Reader\sqlite.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/17/2014 00:48:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 30.0.0.5269, time stamp: 0x53914233
Faulting module name: mozalloc.dll, version: 30.0.0.5269, time stamp: 0x53911393
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0x1fd0
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (07/17/2014 00:47:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 30.0.0.5269, time stamp: 0x53914233
Faulting module name: mozalloc.dll, version: 30.0.0.5269, time stamp: 0x53911393
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0x120c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (07/17/2014 10:25:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/16/2014 03:12:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 468: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (07/16/2014 06:18:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2014 07:02:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 192: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (07/15/2014 07:02:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 188: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (07/15/2014 02:26:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2014 10:24:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2014 10:22:00 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002ec,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0104FA18.64).  hr = 0x80070005, Access is denied.
.


System errors:
=============
Error: (07/17/2014 06:29:54 PM) (Source: DCOM) (EventID: 10016) (User: Scott-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Scott-PCScottS-1-5-21-4044866103-2329573634-2605357377-1000LocalHost (Using LRPC)

Error: (07/17/2014 06:29:54 PM) (Source: DCOM) (EventID: 10016) (User: Scott-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Scott-PCScottS-1-5-21-4044866103-2329573634-2605357377-1000LocalHost (Using LRPC)

Error: (07/17/2014 06:29:54 PM) (Source: DCOM) (EventID: 10016) (User: Scott-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Scott-PCScottS-1-5-21-4044866103-2329573634-2605357377-1000LocalHost (Using LRPC)

Error: (07/17/2014 06:27:56 PM) (Source: DCOM) (EventID: 10016) (User: Scott-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Scott-PCScottS-1-5-21-4044866103-2329573634-2605357377-1000LocalHost (Using LRPC)

Error: (07/17/2014 06:27:56 PM) (Source: DCOM) (EventID: 10016) (User: Scott-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Scott-PCScottS-1-5-21-4044866103-2329573634-2605357377-1000LocalHost (Using LRPC)

Error: (07/17/2014 06:27:56 PM) (Source: DCOM) (EventID: 10016) (User: Scott-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Scott-PCScottS-1-5-21-4044866103-2329573634-2605357377-1000LocalHost (Using LRPC)

Error: (07/17/2014 06:27:55 PM) (Source: DCOM) (EventID: 10016) (User: Scott-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Scott-PCScottS-1-5-21-4044866103-2329573634-2605357377-1000LocalHost (Using LRPC)

Error: (07/17/2014 06:27:55 PM) (Source: DCOM) (EventID: 10016) (User: Scott-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Scott-PCScottS-1-5-21-4044866103-2329573634-2605357377-1000LocalHost (Using LRPC)

Error: (07/17/2014 06:27:55 PM) (Source: DCOM) (EventID: 10016) (User: Scott-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Scott-PCScottS-1-5-21-4044866103-2329573634-2605357377-1000LocalHost (Using LRPC)

Error: (07/17/2014 06:27:42 PM) (Source: DCOM) (EventID: 10016) (User: Scott-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Scott-PCScottS-1-5-21-4044866103-2329573634-2605357377-1000LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 69%
Total physical RAM: 3061.18 MB
Available physical RAM: 938.18 MB
Total Pagefile: 6120.64 MB
Available Pagefile: 3107.19 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.57 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:31.26 GB) NTFS
Drive j: (Seagate Backup Plus Drive) (Fixed) (Total:1863.01 GB) (Free:1431.45 GB) NTFS
Drive k: (Seagate Backup Plus Drive) (Fixed) (Total:1863.01 GB) (Free:1263.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 7A055C85)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 5.

========================================================
Disk: 6 (Size: 1863 GB) (Disk ID: 8A352DED)
Partition 1: (Not Active) - (Size=-198627557376) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

Thanks SM7

 

Share this post


Link to post
Share on other sites

All logs are to be attached to your posts. Do not copy & paste any log to a post, unless I tell you to do otherwise.

Download AdwCleaner and save it on your desktop.

  • Close all open programs and Internet browsers (you may want to print our or write down these instructions first).
  • Double click on adwcleaner.exe to run the tool.
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Confirm each time with OK.
  • You will be prompted to restart your computer. A text file will open in Notepad after the restart (this is the log of what was removed), which you can save on your desktop.
  • Attach that log file to your reply by clicking the More Reply Options button to the lower-right of where you type in your reply.
  • If you lose that log file for any reason, you can find it at C:\AdwCleaner on your computer.
Download Junkware Removal Tool and save it on your desktop.
  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Attach the JRT log file to a reply by clicking the More Reply Options button to the lower-right of where you type in your reply.
Copy the below code to Notepad; Save As fixlist.txt to your Desktop.
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\AU__RASMANCS" /f
Close Notepad.

NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Share this post


Link to post
Share on other sites

I'm not sure I did FRST correctly ? a message popped up the .txt was not in the same location ? I put the .txt on my desktop.

 

Thanks for your Help, Scott

Share this post


Link to post
Share on other sites

If you are getting that error message, then fixlist.txt and FRST are not in the same location. Make sure that FRST in actually on the desktop and is not a shortcut instead. Once you have fixlist.txt and FRST in the same location run FRST and click on the Fix button.

Share this post


Link to post
Share on other sites

How did my logs look ? I ran EMSIsoft again and the RASAP132 RASMANCS did not come up when I last ran EMSIsoft. Does this mean I put the fix in correctly or do I need to run the FIX again. Please tell me specifically what I should do next based on RASP132 RASMANCS not appearing again.

 

Thanks

 

Share this post


Link to post
Share on other sites

I have not been able to UPdate my AVG since 7/14/14. I've turned off some of the Suf Protection and File guard for EMSIsoft thinking it may have been blocking my update. this did not help and i went through all of the AVG trouble shooting. Please respond as to my next step... and any info on this new problem with AVG update ?

 

Thanks

Share this post


Link to post
Share on other sites

Changing tools.

Download ComboFix from Link

Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

!!! IMPORTANT !!! Save ComboFix to your Desktop

NOTE: ComboFix is an advanced utility, and is not like traditional automated tools. It will delete anything that it knows is bad without asking for confirmation, it will save backup copies in it's quarantine automatically, it will restart your computer, and it will produce a log that allows me to analyze and determine if there is anything left over. This log will not contain any personal information, or information about any of your documents, pictures, music, videos, etc. It only compiles information on which applications/drivers/etc were installed within the last 30 days, any applications that have certain properties that could be used for malicious purposes, and most of the load points on your system that can be abused by malicious software. If there is a false positive, and something gets deleted that should not, then I can write a script for ComboFix that will tell it to restore specific items that it deleted.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    See HERE for help

  • Double click on Combo-Fix & follow the prompts.
When finished, ComboFix will produce a log.

NOTE:

1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

3. If you get a message that states "illegal operation attempted on a registry key that has been marked for deletion" restart your computer.

Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

  • ComboFix (C:\combofix.txt)
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites

I had no problems. Things are running good. Looked like to auto runs were deleted ? FYI I uninstalled AVG and reinstalled yester and all is updting now. I can not attach the file message "THe server returned and error during upload".  ???? I tried all three of your upload option with no success & I renamed the text file with all options.

 

Thanks

Share this post


Link to post
Share on other sites

Unless you are having problems, it is time to do the final steps.

Now to remove most of the tools that we have used in fixing your machine:

Press the Windows key + R and this will open the Run text box. Copy/paste the following text into the Run box as shown and click OK.

Combofix /Uninstall

(Note: There is a space between the ..X and the /U that needs to be there.)

CF.jpg

Uninstall AdwCleaner:

  • Close all open programs and Internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on the Uninstall button.
  • Confirm by clicking Yes.
Delete the following from your Desktop: (If they exist)

AdwCleaner.exe

Emsisoft Emergency Kit.lnk

FRST.exe

FRST64.exe

JRT.exe

JRT.txt

Anything else I had you use

Delete the following files: (If they exist)

C:\ComboFix.txt

Delete the following folders: (If they exist)

C:\AdwCleaner

C:\ComboFix

C:\EEK

C:\FRST

C:\Qoobox

Empty the Recycle Bin

Download to your Desktop:

- CCleaner Portable

  • UnZip CCleaner Portable to a folder on your Desktop named CCleaner
Run CCleaner
  • Open the CCleaner Folder on your Desktop and double click CCleaner.exe (32-bit) or CCleaner64.exe (64-bit)
  • The following should be selected by default, if not, please select:

    4l5a4i.png

  • Click 16jox2o.png and choose 5x3nu8.gif
  • Uncheck 2wlsw11.gif
  • Then go back to 2jb4qyb.gif and click nf47ev.gif to run it.
  • Exit CCleaner.
Turn off System restore to flush all your restore points then turn system restore back on. See How To Enable and Disable System Restore.

You can delete and uninstall any programs I had you download, that you do not wish to keep on the system.

Run Windows Update and update your Windows Operating System.

Install and run the Secunia Personal Software Inspector, this will inspect your system for software that is out-of-date and in need of updating. Update anything program/application detected as being out-dated.

Articles to read:

How to Protect Your Computer From Malware

How to keep you and your Windows PC happy

Web, email, chat, password and kids safety

10 Sources of Malware Infections

That should take care of everything.

Safe Surfing!

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Resolved

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.