Inactive Win64/sirefef Virus (again)

C

CheeseJam

Posts: 31   +0
Hi, about a year ago I had the sirefef trojan and got help here (https://www.techspot.com/community/topics/win64-sirefef-virus-help.182401/?mobile=false)

Everything was fixed, but it appears to have come back or I got a new one. Anyway...

I left my computer, came back, and it was shut down. Upon reboot, it hangs at "Starting Windows". I can start it in safe mode. It has booted normally a few times but it is not repeatable. When it did boot normally, network, sound, and other basic functions were not working. Additionally, MSE was gone, and the operatign system looked liek Windows 97. I managed to reinstall MSE and it detected these trojans:

[FONT=verdana]Trojan:Win64/Sirefef.AA, Trojan:Win32/Sirefef.AN, Trojan:Win32/Sirefef!cfg[/FONT]

MSE said it removed them but problems persisted. I have tried a few things )including a full Malwarebytes scan that found nothing and startup repair 4 times) as documented here (http://www.sevenforums.com/general-discussion/296806-windows-hangs-startup.html). But I don't seem to be making progress so I came here again! I have Windows 7 64bit, how should I proceed?
 
You've been to this forum before so you should know what the initial steps are.

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
Safe Mode with Networking will be fine for now.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Sorry, I did not remember having to do those initial steps.

Malware log:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.04.07

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 10.0.9200.16618
Robert :: BERT [administrator]

7/10/2013 4:08:58 PM
mbam-log-2013-07-10 (16-08-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228491
Time elapsed: 4 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

DDS dds:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL
Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.17.2
Run by Robert at 16:16:34 on 2013-07-10
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
StartupFolder: C:\Users\Robert\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{22ACD203-BE0F-4818-8DD3-7E5DCB557A02} : DHCPNameServer = 10.2.5.10 10.2.5.20
TCP: Interfaces\{7CFAEB85-693D-40AC-9D42-95829805B5D2} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{7CFAEB85-693D-40AC-9D42-95829805B5D2}\4586560234F64747167656 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{7CFAEB85-693D-40AC-9D42-95829805B5D2}\458656547676458627F67796E67624964736865637 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{7CFAEB85-693D-40AC-9D42-95829805B5D2}\465636B6562737F57657563747 : DHCPNameServer = 10.2.5.10
TCP: Interfaces\{7CFAEB85-693D-40AC-9D42-95829805B5D2}\833336032343 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{7CFAEB85-693D-40AC-9D42-95829805B5D2}\E45445745414255323 : DHCPNameServer = 10.0.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ioyfqj5y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3301943&CUI=UN28646771472334313&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Robert\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - plugin: D:\Games\Trials Evolution\datapack\orbit\npuplaypc.dll
FF - plugin: D:\Games\Trials Evolution\datapack\orbit\npuplaypchub.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - a0af95f4000000000000e0ca9492d46b
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15863
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.515:54:48
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=122460
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2013-07-10 20:08:2519032------w-C:\windows\System32\pwdrvio.sys
2013-07-10 20:08:2512384------w-C:\windows\System32\pwdspio.sys
2013-07-10 20:07:17--------d-----w-C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 8.0
2013-07-10 03:21:2925928----a-w-C:\windows\System32\drivers\mbam.sys
2013-07-10 00:24:17--------d-----w-C:\windows\pss
2013-07-09 22:33:409552976----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2419C9A5-BE89-4B5F-A13C-4D14712CDF89}\mpengine.dll
2013-07-08 21:37:549552976----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-27 19:17:30--------d-----w-C:\ProgramData\Package Cache
2013-06-26 19:27:43385024----a-w-C:\windows\SYCLicense071115U.dll
2013-06-26 19:27:43233472----a-w-C:\windows\SYCGUIU.dll
2013-06-26 19:27:431232896----a-w-C:\windows\SYCIOU.dll
2013-06-26 19:27:431028096----a-w-C:\windows\SYCGeoU.dll
2013-06-21 16:08:38964552------w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{75B6A64A-6628-4590-B3E6-D454DB6A29D8}\gapaengine.dll
2013-06-20 17:07:10--------d-----w-C:\ProgramData\MentorGraphics
2013-06-18 03:36:4789088----a-w-C:\windows\SysWow64\atl71.dll
2013-06-18 03:36:4669632----a-w-C:\windows\SysWow64\mfcm80.dll
2013-06-18 03:36:4657856----a-w-C:\windows\SysWow64\mfcm80u.dll
2013-06-18 03:36:461101824----a-w-C:\windows\SysWow64\mfc80.dll
2013-06-18 03:36:461093120----a-w-C:\windows\SysWow64\mfc80u.dll
2013-06-18 03:36:461060864----a-w-C:\windows\SysWow64\MFC71.dll
2013-06-18 03:36:461047552----a-w-C:\windows\SysWow64\MFC71u.dll
2013-06-13 14:24:37701952----a-w-C:\Program Files\Internet Explorer\ieproxy.dll
2013-06-12 13:55:18751104----a-w-C:\windows\System32\win32spl.dll
.
==================== Find3M ====================
.
2013-06-09 22:59:3690192----a-w-C:\windows\System32\mfcm110u.dll
2013-06-08 12:28:462706432----a-w-C:\windows\System32\mshtml.tlb
2013-06-08 11:13:192706432----a-w-C:\windows\SysWow64\mshtml.tlb
2013-05-21 03:42:510----a-w-C:\windows\SysWow64\shoA8E4.tmp
2013-05-17 01:25:571767936----a-w-C:\windows\SysWow64\wininet.dll
2013-05-17 01:25:272877440----a-w-C:\windows\SysWow64\jscript9.dll
2013-05-17 01:25:2661440----a-w-C:\windows\SysWow64\iesetup.dll
2013-05-17 01:25:26109056----a-w-C:\windows\SysWow64\iesysprep.dll
2013-05-17 00:59:032241024----a-w-C:\windows\System32\wininet.dll
2013-05-17 00:58:103958784----a-w-C:\windows\System32\jscript9.dll
2013-05-17 00:58:0867072----a-w-C:\windows\System32\iesetup.dll
2013-05-17 00:58:08136704----a-w-C:\windows\System32\iesysprep.dll
2013-05-14 12:23:2589600----a-w-C:\windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:1371680----a-w-C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01184320----a-w-C:\windows\System32\cryptsvc.dll
2013-05-13 05:51:001464320----a-w-C:\windows\System32\crypt32.dll
2013-05-13 05:51:00139776----a-w-C:\windows\System32\cryptnet.dll
2013-05-13 05:50:4052224----a-w-C:\windows\System32\certenc.dll
2013-05-13 04:45:55140288----a-w-C:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:551160192----a-w-C:\windows\SysWow64\crypt32.dll
2013-05-13 04:45:55103936----a-w-C:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43:551192448----a-w-C:\windows\System32\certutil.exe
2013-05-13 03:08:10903168----a-w-C:\windows\SysWow64\certutil.exe
2013-05-13 03:08:0643008----a-w-C:\windows\SysWow64\certenc.dll
2013-05-10 05:49:2730720----a-w-C:\windows\System32\cryptdlg.dll
2013-05-10 03:20:5424576----a-w-C:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:011910632----a-w-C:\windows\System32\drivers\tcpip.sys
2013-05-08 06:10:12770384----a-w-C:\windows\SysWow64\msvcr100.dll
2013-05-08 06:10:12421200----a-w-C:\windows\SysWow64\msvcp100.dll
2013-05-02 09:06:08278800------w-C:\windows\System32\MpSigStub.exe
2013-04-26 04:55:21492544----a-w-C:\windows\SysWow64\win32spl.dll
2013-04-25 23:30:321505280----a-w-C:\windows\SysWow64\d3d11.dll
2013-04-17 07:02:061230336----a-w-C:\windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:461424384----a-w-C:\windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23135168----a-w-C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19350208----a-w-C:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19308736----a-w-C:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19111104----a-w-C:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16474624----a-w-C:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:152176512----a-w-C:\windows\apppatch\AcGenral.dll
2013-04-12 14:45:081656680----a-w-C:\windows\System32\drivers\ntfs.sys
.
============= FINISH: 16:17:38.15 ===============

DDS attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
???? ??? Windows Live
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
???????? ?????????? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
µTorrent
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Community Help
Adobe Digital Editions
Adobe Flash Player 11 ActiveX 64-bit
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.1)
Alan Wake
AMD APP SDK Runtime
AMD Catalyst Install Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArnA 2: Combined Operations
Asmedia ASM104x USB 3.0 Host Controller Driver
Assassin's Creed ® III
Audacity 1.3.14 (Unicode)
„Windows Live Essentials“
„Windows Live Mail“
„Windows Live Messenger“
„Windows Live“ fotogalerija
BattlEye for OA Uninstall
Bing Bar
BioShock Infinite
Blast Pack for Pocket Tanks Deluxe
Bonjour
Borderlands 2
Broadcom 802.11 Network Adapter
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Combat Arms
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dolby Axon - 1.4.0.2
DriverAgent by eSupport.com
Dropbox
Dual-Core Optimizer
Easy Settings
Easy Software Manager
Easy Support Center 1.0
Energy Pack for Pocket Tanks Deluxe
ETDWare PS/2-X64 10.7.5.0_SimpleUI
ExpressCache
F.lux
FEZ v1.04
Fire Pack BETA 3 for Pocket Tanks Deluxe
FLAC to MP3 Converter 6.1.9
Fotogalerija Windows Live
Free M4a to MP3 Converter 7.0
Futuremark SystemInfo
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
Google Chrome
Google Drive
Google Update Helper
Guild Wars 2
Ice Pack BETA 3 for Pocket Tanks Deluxe
Ice Pack BETA for Pocket Tanks Deluxe
Ice Pack for Pocket Tanks Deluxe
Intel(R) Display Audio Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Interactive Guide
iTunes
Java 7 Update 17
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 6 Update 31 (64-bit)
Java(TM) 7 Update 5 (64-bit)
JavaFX 2.1.1
Junk Mail filter update
K-Lite Codec Pack 7.9.0 (Basic)
LAME v3.98.3 for Audacity
LAME v3.99.3 (for Windows)
Malwarebytes Anti-Malware version 1.75.0.1300
MATLAB R2011a
Media Player Codec Pack 4.1.9
Mesh Runtime
MeshLab_64b 1.3.2
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2003 Web Components
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2005 Tools for Applications - ENU
Microsoft WSE 3.0 Runtime
Microsoft Xbox 360 Accessories 1.2
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
MiniTool Partition Wizard Home Edition 8.0
Minutor
mIRC
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mumble 1.2.3
Music Manager
NVIDIA PhysX
Party Pack for Pocket Tanks Deluxe
Pazera Free MP4 to AVI Converter 1.6
PDF Settings CS5
PDFMate Free PDF Converter 1.40
PlanetSide 2
Plasma Pack for Pocket Tanks Deluxe
PlayReady PC Runtime amd64
Pocket Tanks Deluxe v1.3 By Argogo
Pocket Tanks Deluxe v1.6 BETA 3
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Portforward Static IP Address 1.0.47
Pošta Windows Live
PX Profile Update
QuickTime
Raccolta foto di Windows Live
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Red Chain Portal
Registrar Registry Manager 7.03
Revo Uninstaller 1.94
S?????? f?t???af??? t?? Windows Live
Samsung Recovery Solution 5
SAMSUNG USB Driver for Mobile Phones
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Simple Adblock
Six Updater
Skype Click to Call
Skype™ 6.1
SolidWorks 2011 SP0
SolidWorks 2012 x64 Edition SP04
SolidWorks eDrawings 2012 x64 Edition SP04
SolidWorks Explorer 2012 SP04 x64 Edition
SolidWorks Flow Simulation 2012 SP04 x64 Edition
SolidWorks Workgroup PDM Server 2012 SP01 x64 Edition
Space Pack BETA 3 for Pocket Tanks Deluxe
Space Pack BETA for Pocket Tanks Deluxe
Splashtop Streamer
Spotify
Star Wars: The Old Republic
Star Wars®: Knights of the Old Republic (TM)
Steam
Synergy
System Requirements Lab CYRI
Team Fortress 2
TeamViewer 7
The Sims™ 3
The Swapper
The Walking Dead (c) 3 version 1
Trials Evolution Gold Edition
Tribes: Ascend
UCSB CS56 S12 ChoicePoints 2 Ramon Rovirosa and Shervin Shaikh CalcGui
Unified Remote
Unlocker 1.9.1-x64
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Uplay
User Guide
uTorrentBar Toolbar
Ventrilo Client for Windows x64
VirtualCloneDrive
VLC media player 2.0.6
WIDCOMM Bluetooth Software
Windows Installer Clean Up
Windows Live
Windows Live ??
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Foto-galerija
Windows Live fotoattelu galerija
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Pošta
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
Windows Mobile Device Updater Component
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== End Of File ===========================
 
redtarget.gif
Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
Here is the Rogue log:

RogueKiller V8.6.2 _x64_ [Jul 2 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : hxxp://www.adlice.com/forum/
Website : hxxp://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode
User : Robert [Admin rights]
Mode : Remove -- Date : 07/10/2013 17:14:54
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 8709bc60416022c9b875d52c10083408
[BSP] e71e85990b7dfd2b255f3c74da68b24d : KIWI Image system MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 51200 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 105064448 | Size: 640966 Mo
3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1417762816 | Size: 23137 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] c24d9af7de7d2b6ff7f0ee0846275549
[BSP] 0a9420da5d388cf72c9f5653515471d4 : Empty MBR Code
Partition table:
0 - [ACTIVE] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 2048 | Size: 7639 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: +++++
--- User ---
[MBR] dc9813f82e0afb203372a30834e3a4a5
[BSP] 0f745bdb11e1c74ec4c1b375ecf1311a : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 778135908 | Size: 557377 Mo
1 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 168689522 | Size: 945326 Mo
2 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1869881465 | Size: 945326 Mo
3 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 0 | Size: 1775989 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_D_07102013_171454.txt >>
RKreport[0]_S_07102013_171418.txt

Following those steps for system restore, "System protection" does not exist. I searched for system restore, and Windows said it is not functioning properly.

Should I proceed with the next step you listed?
 
It said no threats were found. Here are the Malware logs:

systemlog:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 10.0.9200.16618

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.195000 GHz
Memory total: 8499281920, free: 7327473664

Initializing...
------------ Kernel report ------------
07/10/2013 17:25:33
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\excsd.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\drivers\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\asmtxhci.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\VClone.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\mcdbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\SGdrv64.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\system32\drivers\asmthub3.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\framebuf.dll
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\msctf.dll
\Windows\System32\setupapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\difxapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\ole32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\wininet.dll
\Windows\System32\Wldap32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\usp10.dll
\Windows\System32\shlwapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\sechost.dll
\Windows\System32\imm32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\iertutil.dll
\Windows\System32\lpk.dll
\Windows\System32\msvcrt.dll
\Windows\System32\kernel32.dll
\Windows\System32\normaliz.dll
\Windows\System32\psapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\user32.dll
\Windows\System32\gdi32.dll
\Windows\System32\nsi.dll
\Windows\System32\shell32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR4
Upper Device Object: 0xfffffa8008efe790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000098\
Lower Device Object: 0xfffffa800953f810
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8008c57060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xfffffa8007d5d050
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8008c33790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8007d5f050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8008c33790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80082988b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008c33790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007d5f050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 74D52988

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 104857600

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 105064448 Numsec = 1312698368

Partition 3 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 1417762816 Numsec = 47384576

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8008c57060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008c332c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008c57060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007d5d050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 74F02DEA

Partition information:

Partition 0 type is Other (0x73)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 15644672
Partition is not bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 8012390400 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa8008efe790, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800a6d5880, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008efe790, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800953f810, DeviceName: \Device\00000098\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
Partition information:

This drive is a Single Partition removable Drive.
Partition file system is FAT
Partition is not bootable

Disk Size: 1028653056 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_1_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_2_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_2_r.mbam...
Removal finished

other log:
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.06.01.01

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 10.0.9200.16618
Robert :: BERT [administrator]

7/10/2013 5:25:37 PM
mbar-log-2013-07-10 (17-25-37).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 275696
Time elapsed: 10 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
When I was receiving help somewhere else (linked in OP), I already used this tool. I used it again and the addition.txt was not created. Here is the FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-07-2013 04
Ran by Robert (administrator) on 10-07-2013 17:45:08
Running from C:\Users\Robert\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (minimal)

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKCU\...\Run: [uTorrent] - "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [969104 2012-12-08] (BitTorrent, Inc.)
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - No Name - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11

FireFox:
========
FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ioyfqj5y.default
FF user.js: detected! => C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ioyfqj5y.default\user.js
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Robert\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Robert\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - D:\Games\Trials Evolution\datapack\orbit\npuplaypc.dll (Ubisoft)
FF SearchPlugin: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ioyfqj5y.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ioyfqj5y.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ioyfqj5y.default\searchplugins\delta.xml
FF Extension: No Name - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ioyfqj5y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/", "hxxp://search.conduit.com/?ctid=CT3301943&SearchSource=48&CUI=UN37182720615178260&UM=2", "hxxp://search.conduit.com/?ctid=CT3301943&SearchSource=48&CUI=UN37630268487258217&UM=2", "hxxp://www.delta-search.com/?affID=122460&babsrc=HP_ss&mntrId=A0AFE0CA9492D46B"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Robert\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Robert\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Robert\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

==================== Services (Whitelisted) =================

S4 CoordinatorServiceHost; D:\Programs\SolidWorks\SolidWorks\swScheduler\DTSCoordinatorService.exe [89192 2012-06-09] (Dassault Systèmes SolidWorks Corp.)
S4 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2011-09-22] (Diskeeper Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S4 Remote Solver for Flow Simulation 2012; D:\Programs\SolidWorks\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [114824 2012-04-09] (Mentor Graphics Corporation)

==================== Drivers (Whitelisted) ====================

S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
S1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2011-09-22] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [80688 2011-09-22] (Diskeeper Corporation)
S3 FlashUSB; C:\Windows\system32\drivers\FlashUSB_x64.sys [19968 2010-12-20] (Danish Wireless Design A/S)
S3 HH10Help.sys; C:\windows\system32\drivers\HH10Help.sys [24088 2009-07-09] (H+H Software GmbH)
S3 HH10Help.sys; C:\windows\system32\drivers\HH10Help.sys [24088 2009-07-09] (H+H Software GmbH)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19032 2013-07-01] ()
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19032 2013-07-01] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [12384 2013-07-01] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [12384 2013-07-01] ()
R2 SGDrv; C:\Windows\system32\drivers\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
S3 shspusb; C:\Windows\system32\drivers\HSPUSB.sys [24064 2010-12-20] (MobileTop)
S3 ssaebus; C:\Windows\system32\drivers\ssaebus.sys [136264 2010-12-20] (MCCI Corporation)
S3 ssaeunic; C:\Windows\system32\drivers\ssaeunic.sys [178760 2010-12-20] (MCCI Corporation)
S3 sscdserd; C:\Windows\system32\drivers\sscdserd.sys [141384 2010-12-20] (MCCI Corporation)
S3 ssceserd; C:\Windows\system32\drivers\ssceserd.sys [129024 2010-12-20] (MCCI Corporation)
S3 ssm_bus; C:\Windows\system32\drivers\ssm_bus.sys [136192 2010-12-20] (MCCI Corporation)
S3 ssm_mdm; C:\Windows\system32\drivers\ssm_mdm.sys [172032 2010-12-20] (MCCI Corporation)
S3 ssuddmgr; C:\Windows\system32\drivers\ssuddmgr.sys [202560 2011-02-17] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudobex; C:\Windows\system32\drivers\ssudobex.sys [202560 2011-02-17] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudserd; C:\Windows\system32\drivers\ssudserd.sys [202560 2011-02-17] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_bserd; C:\Windows\system32\drivers\ss_bserd.sys [128000 2010-12-20] (MCCI Corporation)
S1 vdrv1000; C:\Windows\System32\Drivers\VDRV1000.SYS [223256 2010-03-25] (H+H Software GmbH)
S3 ViaUsbEtsDriver; C:\Windows\System32\drivers\ViaUsbEts.sys [21760 2008-05-29] (Via Telecom, Inc.)
U4 mbamswissarmy;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-10 17:25 - 2013-07-10 17:36 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-10 17:25 - 2013-07-10 17:25 - 00000000 ____D C:\Users\Robert\Desktop\mbar-1.06.0.1004
2013-07-10 17:14 - 2013-07-10 17:14 - 00002806 ____A C:\Users\Robert\Desktop\RKreport[0]_D_07102013_171454.txt
2013-07-10 17:14 - 2013-07-10 17:14 - 00002704 ____A C:\Users\Robert\Desktop\RKreport[0]_S_07102013_171418.txt
2013-07-10 17:12 - 2013-07-10 17:14 - 00000000 ____D C:\Users\Robert\Desktop\RK_Quarantine
2013-07-10 17:12 - 2013-07-10 17:11 - 13399154 ____A C:\Users\Robert\Desktop\mbar-1.06.0.1004.zip
2013-07-10 17:12 - 2013-07-10 17:09 - 03775488 ____A C:\Users\Robert\Desktop\RogueKillerX64.exe
2013-07-10 16:17 - 2013-07-10 16:17 - 00015088 ____A C:\Users\Robert\Desktop\dds.txt
2013-07-10 16:17 - 2013-07-10 16:17 - 00012440 ____A C:\Users\Robert\Desktop\attach.txt
2013-07-10 16:15 - 2013-07-10 16:05 - 00688992 ____R (Swearware) C:\Users\Robert\Desktop\dds.com
2013-07-10 13:08 - 2013-07-01 10:25 - 00019032 ____N C:\windows\system32\pwdrvio.sys
2013-07-10 13:08 - 2013-07-01 10:25 - 00012384 ____N C:\windows\system32\pwdspio.sys
2013-07-10 13:07 - 2013-07-10 13:07 - 00001206 ____A C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
2013-07-10 13:07 - 2013-07-10 13:07 - 00000000 ____D C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 8.0
2013-07-10 13:06 - 2013-07-10 12:50 - 20198792 ____A (MiniTool Solution Ltd. ) C:\Users\Robert\Desktop\pwhe8.exe
2013-07-10 11:07 - 2013-07-10 11:03 - 00000186 ____A C:\Users\Robert\Desktop\ActionCenterIcon.reg
2013-07-10 09:46 - 2013-07-10 09:44 - 00356429 ____A (Farbar) C:\Users\Robert\Desktop\FSS.exe
2013-07-10 09:45 - 2013-07-10 17:44 - 01777775 ____A (Farbar) C:\Users\Robert\Desktop\FRST64.exe
2013-07-09 20:21 - 2013-07-09 20:21 - 00000742 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-09 20:21 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-07-09 17:24 - 2013-07-09 17:24 - 00000000 ____D C:\windows\pss
2013-07-08 20:27 - 2013-07-08 20:27 - 00262144 ____A C:\windows\Minidump\070813-70528-01.dmp
2013-06-27 14:40 - 2013-06-27 14:40 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MeshLab
2013-06-27 12:17 - 2013-06-27 12:18 - 00000000 ____D C:\ProgramData\Package Cache
2013-06-26 12:27 - 2007-11-15 19:21 - 00385024 ____A (SYCODE) C:\windows\SYCLicense071115U.dll
2013-06-26 12:27 - 2007-10-21 12:18 - 01232896 ____A (SYCODE) C:\windows\SYCIOU.dll
2013-06-26 12:27 - 2007-10-21 12:17 - 01028096 ____A (SYCODE) C:\windows\SYCGeoU.dll
2013-06-26 12:27 - 2007-10-21 12:17 - 00233472 ____A (SYCODE) C:\windows\SYCGUIU.dll
2013-06-20 10:07 - 2013-06-20 10:07 - 00000000 ____D C:\ProgramData\MentorGraphics
2013-06-17 21:29 - 2013-07-08 20:26 - 00006088 ____A C:\windows\setupact.log
2013-06-17 21:29 - 2013-06-17 21:29 - 00000000 ____A C:\windows\setuperr.log
2013-06-17 20:36 - 2011-01-11 05:15 - 00069632 ____A (Microsoft Corporation) C:\windows\SysWOW64\mfcm80.dll
2013-06-17 20:36 - 2011-01-11 05:14 - 00057856 ____A (Microsoft Corporation) C:\windows\SysWOW64\mfcm80u.dll
2013-06-17 20:36 - 2011-01-10 22:51 - 01101824 ____A (Microsoft Corporation) C:\windows\SysWOW64\mfc80.dll
2013-06-17 20:36 - 2011-01-10 22:51 - 01093120 ____A (Microsoft Corporation) C:\windows\SysWOW64\mfc80u.dll
2013-06-17 20:36 - 2011-01-10 22:51 - 00002372 ____A C:\windows\SysWOW64\Microsoft.VC80.MFC.manifest
2013-06-17 20:36 - 2003-03-18 22:20 - 01060864 ____A (Microsoft Corporation) C:\windows\SysWOW64\MFC71.dll
2013-06-17 20:36 - 2003-03-18 22:12 - 01047552 ____A (Microsoft Corporation) C:\windows\SysWOW64\MFC71u.dll
2013-06-17 20:36 - 2003-03-18 20:05 - 00089088 ____A (Microsoft Corporation) C:\windows\SysWOW64\atl71.dll
2013-06-15 06:18 - 2013-06-08 07:08 - 01365504 ____A (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-06-15 06:18 - 2013-06-08 07:07 - 19233792 ____A (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-06-15 06:18 - 2013-06-08 07:06 - 15404544 ____A (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-06-15 06:18 - 2013-06-08 07:06 - 02648064 ____A (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-06-15 06:18 - 2013-06-08 07:06 - 00526336 ____A (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-06-15 06:18 - 2013-06-08 05:28 - 02706432 ____A (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-06-15 06:18 - 2013-06-08 04:42 - 01141248 ____A (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-06-15 06:18 - 2013-06-08 04:40 - 14327808 ____A (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-06-15 06:18 - 2013-06-08 04:40 - 13760512 ____A (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-06-15 06:18 - 2013-06-08 04:40 - 02046976 ____A (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-06-15 06:18 - 2013-06-08 04:40 - 00391168 ____A (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-06-15 06:18 - 2013-06-08 04:13 - 02706432 ____A (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-06-13 07:24 - 2013-05-16 18:25 - 02877440 ____A (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-06-13 07:24 - 2013-05-16 18:25 - 01767936 ____A (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-06-13 07:24 - 2013-05-16 18:25 - 00690688 ____A (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-06-13 07:24 - 2013-05-16 18:25 - 00493056 ____A (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-06-13 07:24 - 2013-05-16 18:25 - 00109056 ____A (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-06-13 07:24 - 2013-05-16 18:25 - 00061440 ____A (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-06-13 07:24 - 2013-05-16 18:25 - 00039424 ____A (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-06-13 07:24 - 2013-05-16 18:25 - 00033280 ____A (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-06-13 07:24 - 2013-05-16 17:59 - 02241024 ____A (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-06-13 07:24 - 2013-05-16 17:59 - 00051712 ____A (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-06-13 07:24 - 2013-05-16 17:58 - 03958784 ____A (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-06-13 07:24 - 2013-05-16 17:58 - 00855552 ____A (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-06-13 07:24 - 2013-05-16 17:58 - 00603136 ____A (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-06-13 07:24 - 2013-05-16 17:58 - 00136704 ____A (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-06-13 07:24 - 2013-05-16 17:58 - 00067072 ____A (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-06-13 07:24 - 2013-05-16 17:58 - 00053248 ____A (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-06-13 07:24 - 2013-05-16 17:58 - 00039936 ____A (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-06-13 07:24 - 2013-05-14 05:23 - 00089600 ____A (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-06-13 07:24 - 2013-05-14 01:40 - 00071680 ____A (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 06:55 - 2013-05-12 22:51 - 01464320 ____A (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-06-12 06:55 - 2013-05-12 22:51 - 00184320 ____A (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2013-06-12 06:55 - 2013-05-12 22:51 - 00139776 ____A (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2013-06-12 06:55 - 2013-05-12 22:50 - 00052224 ____A (Microsoft Corporation) C:\windows\system32\certenc.dll
2013-06-12 06:55 - 2013-05-12 21:45 - 01160192 ____A (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-06-12 06:55 - 2013-05-12 21:45 - 00140288 ____A (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2013-06-12 06:55 - 2013-05-12 21:45 - 00103936 ____A (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2013-06-12 06:55 - 2013-05-12 20:43 - 01192448 ____A (Microsoft Corporation) C:\windows\system32\certutil.exe
2013-06-12 06:55 - 2013-05-12 20:08 - 00903168 ____A (Microsoft Corporation) C:\windows\SysWOW64\certutil.exe
2013-06-12 06:55 - 2013-05-12 20:08 - 00043008 ____A (Microsoft Corporation) C:\windows\SysWOW64\certenc.dll
2013-06-12 06:55 - 2013-05-09 22:49 - 00030720 ____A (Microsoft Corporation) C:\windows\system32\cryptdlg.dll
2013-06-12 06:55 - 2013-05-09 20:20 - 00024576 ____A (Microsoft Corporation) C:\windows\SysWOW64\cryptdlg.dll
2013-06-12 06:55 - 2013-05-07 23:39 - 01910632 ____A (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-06-12 06:55 - 2013-04-25 22:51 - 00751104 ____A (Microsoft Corporation) C:\windows\system32\win32spl.dll
2013-06-12 06:55 - 2013-04-25 21:55 - 00492544 ____A (Microsoft Corporation) C:\windows\SysWOW64\win32spl.dll
2013-06-12 06:55 - 2013-04-25 16:30 - 01505280 ____A (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll
2013-06-12 06:55 - 2013-04-17 00:02 - 01230336 ____A (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2013-06-12 06:55 - 2013-04-16 23:24 - 01424384 ____A (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2013-06-12 06:55 - 2013-03-31 15:52 - 01887232 ____A (Microsoft Corporation) C:\windows\system32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-10 17:44 - 2013-07-10 09:45 - 01777775 ____A (Farbar) C:\Users\Robert\Desktop\FRST64.exe
2013-07-10 17:36 - 2013-07-10 17:25 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-10 17:25 - 2013-07-10 17:25 - 00000000 ____D C:\Users\Robert\Desktop\mbar-1.06.0.1004
2013-07-10 17:19 - 2011-11-21 11:41 - 01706970 ____A C:\windows\WindowsUpdate.log
2013-07-10 17:14 - 2013-07-10 17:14 - 00002806 ____A C:\Users\Robert\Desktop\RKreport[0]_D_07102013_171454.txt
2013-07-10 17:14 - 2013-07-10 17:14 - 00002704 ____A C:\Users\Robert\Desktop\RKreport[0]_S_07102013_171418.txt
2013-07-10 17:14 - 2013-07-10 17:12 - 00000000 ____D C:\Users\Robert\Desktop\RK_Quarantine
2013-07-10 17:11 - 2013-07-10 17:12 - 13399154 ____A C:\Users\Robert\Desktop\mbar-1.06.0.1004.zip
2013-07-10 17:09 - 2013-07-10 17:12 - 03775488 ____A C:\Users\Robert\Desktop\RogueKillerX64.exe
2013-07-10 16:17 - 2013-07-10 16:17 - 00015088 ____A C:\Users\Robert\Desktop\dds.txt
2013-07-10 16:17 - 2013-07-10 16:17 - 00012440 ____A C:\Users\Robert\Desktop\attach.txt
2013-07-10 16:05 - 2013-07-10 16:15 - 00688992 ____R (Swearware) C:\Users\Robert\Desktop\dds.com
2013-07-10 13:07 - 2013-07-10 13:07 - 00001206 ____A C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
2013-07-10 13:07 - 2013-07-10 13:07 - 00000000 ____D C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 8.0
2013-07-10 12:50 - 2013-07-10 13:06 - 20198792 ____A (MiniTool Solution Ltd. ) C:\Users\Robert\Desktop\pwhe8.exe
2013-07-10 11:08 - 2011-12-25 15:12 - 00000000 ____D C:\Users\Robert\AppData\Roaming\uTorrent
2013-07-10 11:03 - 2013-07-10 11:07 - 00000186 ____A C:\Users\Robert\Desktop\ActionCenterIcon.reg
2013-07-10 10:43 - 2012-04-25 12:39 - 00000898 ____A C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-10 10:31 - 2011-12-25 12:21 - 00000912 ____A C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1617886939-4081324411-3031297083-1000UA.job
2013-07-10 09:48 - 2009-07-13 21:45 - 00021200 ___AH C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-10 09:48 - 2009-07-13 21:45 - 00021200 ___AH C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-10 09:44 - 2013-07-10 09:46 - 00356429 ____A (Farbar) C:\Users\Robert\Desktop\FSS.exe
2013-07-10 09:42 - 2011-12-25 15:20 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Dropbox
2013-07-10 09:42 - 2011-12-25 12:17 - 00000000 ___RD C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-10 09:41 - 2012-04-25 12:39 - 00000894 ____A C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-10 09:30 - 2011-12-28 17:34 - 00000000 ____D C:\Users\Robert\AppData\Roaming\SolidWorks
2013-07-09 23:53 - 2011-12-25 15:35 - 00000000 ____D C:\Users\Robert\AppData\Roaming\vlc
2013-07-09 20:21 - 2013-07-09 20:21 - 00000742 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-09 20:15 - 2011-11-09 14:59 - 00002243 ____A C:\windows\epplauncher.mif
2013-07-09 20:14 - 2011-12-25 16:13 - 00174558 ____A C:\windows\PFRO.log
2013-07-09 20:11 - 2012-06-30 22:50 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-09 20:11 - 2012-06-30 22:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-07-09 17:24 - 2013-07-09 17:24 - 00000000 ____D C:\windows\pss
2013-07-09 16:57 - 2009-07-13 22:13 - 00779788 ____A C:\windows\system32\PerfStringBackup.INI
2013-07-09 12:16 - 2012-11-02 18:05 - 00000000 ____D C:\Users\Robert\AppData\Local\TempSWBackupDirectory
2013-07-09 11:10 - 2011-12-29 16:48 - 00000000 ____D C:\Users\Robert\AppData\Local\SolidWorks
2013-07-09 07:00 - 2011-12-25 12:21 - 00000860 ____A C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1617886939-4081324411-3031297083-1000Core.job
2013-07-08 20:27 - 2013-07-08 20:27 - 00262144 ____A C:\windows\Minidump\070813-70528-01.dmp
2013-07-08 20:27 - 2012-01-02 13:34 - 00000000 ____D C:\windows\Minidump
2013-07-08 20:26 - 2013-06-17 21:29 - 00006088 ____A C:\windows\setupact.log
2013-07-06 12:38 - 2012-04-25 12:39 - 00003894 ____A C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-06 12:38 - 2012-04-25 12:39 - 00003642 ____A C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-05 05:26 - 2011-12-25 12:21 - 00003884 ____A C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1617886939-4081324411-3031297083-1000UA
2013-07-05 05:26 - 2011-12-25 12:21 - 00003488 ____A C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1617886939-4081324411-3031297083-1000Core
2013-07-02 10:23 - 2009-07-13 22:08 - 00032564 ____A C:\windows\Tasks\SCHEDLGU.TXT
2013-07-02 10:20 - 2013-04-01 14:49 - 00000000 ____D C:\Users\Robert\Desktop\SolidWorks
2013-07-02 09:16 - 2011-12-25 12:17 - 00000000 ____D C:\Users\Robert
2013-07-02 09:07 - 2013-01-02 11:38 - 00000000 ____D C:\Program Files (x86)\Unified Remote
2013-07-01 17:29 - 2009-07-13 20:20 - 00000000 ____D C:\windows\system32\NDF
2013-07-01 10:25 - 2013-07-10 13:08 - 00019032 ____N C:\windows\system32\pwdrvio.sys
2013-07-01 10:25 - 2013-07-10 13:08 - 00012384 ____N C:\windows\system32\pwdspio.sys
2013-06-27 14:40 - 2013-06-27 14:40 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MeshLab
2013-06-27 12:18 - 2013-06-27 12:17 - 00000000 ____D C:\ProgramData\Package Cache
2013-06-27 11:54 - 2011-12-25 16:01 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Apple Computer
2013-06-23 00:03 - 2012-02-22 17:27 - 00000132 ____A C:\Users\Robert\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-06-20 13:27 - 2011-12-25 12:23 - 00002377 ____A C:\Users\Robert\Desktop\Google Chrome.lnk
2013-06-20 10:07 - 2013-06-20 10:07 - 00000000 ____D C:\ProgramData\MentorGraphics
2013-06-18 07:43 - 2011-11-09 14:59 - 00774004 ____A C:\windows\SysWOW64\PerfStringBackup.INI
2013-06-17 21:29 - 2013-06-17 21:29 - 00000000 ____A C:\windows\setuperr.log
2013-06-17 20:36 - 2011-10-16 22:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-17 06:36 - 2011-12-29 16:47 - 00000000 ____D C:\ProgramData\FLEXnet
2013-06-13 07:25 - 2011-11-09 18:18 - 75825640 ____A (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-06-11 16:09 - 2011-12-29 00:38 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Spotify
2013-06-11 16:07 - 2011-12-29 00:40 - 00000000 ____D C:\Users\Robert\AppData\Local\Spotify

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-03 12:28

==================== End Of Log ============================
 
I don't actually see any signs of Sirefef (ZeroAccess).

Let's see if we can roll your computer back.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
See if you can boot normally.
 

Attachments

  • fixlist.txt
    29 bytes · Views: 1
Well MSE was uninstalled, and when I reinstalled it and scanned, that's what it said I had. Anyway, it seems that an error occured with the fix:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-07-2013 04
Ran by Robert at 2013-07-10 18:01:49 Run:4
Running from C:\Users\Robert\Desktop
Boot Mode: Safe Mode (minimal)
==============================================

Error: The restore operation should be done in the recovery mode.

==== End of Fixlog ====
 
My fault. Sorry about it :)

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Here you go:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-07-2013 04
Ran by SYSTEM on 10-07-2013 18:23:19
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKU\Robert\...\Run: [uTorrent] - "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [969104 2012-12-08] (BitTorrent, Inc.)
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) =================

S4 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2011-09-22] (Diskeeper Corporation)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S4 CoordinatorServiceHost; D:\Programs\SolidWorks\SolidWorks\swScheduler\DTSCoordinatorService.exe [x]
S4 Remote Solver for Flow Simulation 2012; D:\Programs\SolidWorks\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [x]

==================== Drivers (Whitelisted) ====================

S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
S1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2011-09-22] (Diskeeper Corporation)
S0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [80688 2011-09-22] (Diskeeper Corporation)
S3 FlashUSB; C:\Windows\system32\drivers\FlashUSB_x64.sys [19968 2010-12-20] (Danish Wireless Design A/S)
S3 HH10Help.sys; C:\windows\system32\drivers\HH10Help.sys [24088 2009-07-09] (H+H Software GmbH)
S3 HH10Help.sys; C:\windows\system32\drivers\HH10Help.sys [24088 2009-07-09] (H+H Software GmbH)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19032 2013-07-01] ()
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19032 2013-07-01] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [12384 2013-07-01] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [12384 2013-07-01] ()
S2 SGDrv; C:\Windows\system32\drivers\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
S3 shspusb; C:\Windows\system32\drivers\HSPUSB.sys [24064 2010-12-20] (MobileTop)
S3 ssaebus; C:\Windows\system32\drivers\ssaebus.sys [136264 2010-12-20] (MCCI Corporation)
S3 ssaeunic; C:\Windows\system32\drivers\ssaeunic.sys [178760 2010-12-20] (MCCI Corporation)
S3 sscdserd; C:\Windows\system32\drivers\sscdserd.sys [141384 2010-12-20] (MCCI Corporation)
S3 ssceserd; C:\Windows\system32\drivers\ssceserd.sys [129024 2010-12-20] (MCCI Corporation)
S3 ssm_bus; C:\Windows\system32\drivers\ssm_bus.sys [136192 2010-12-20] (MCCI Corporation)
S3 ssm_mdm; C:\Windows\system32\drivers\ssm_mdm.sys [172032 2010-12-20] (MCCI Corporation)
S3 ssuddmgr; C:\Windows\system32\drivers\ssuddmgr.sys [202560 2011-02-17] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudobex; C:\Windows\system32\drivers\ssudobex.sys [202560 2011-02-17] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudserd; C:\Windows\system32\drivers\ssudserd.sys [202560 2011-02-17] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_bserd; C:\Windows\system32\drivers\ss_bserd.sys [128000 2010-12-20] (MCCI Corporation)
S1 vdrv1000; C:\Windows\System32\Drivers\VDRV1000.SYS [223256 2010-03-25] (H+H Software GmbH)
S3 ViaUsbEtsDriver; C:\Windows\System32\drivers\ViaUsbEts.sys [21760 2008-05-29] (Via Telecom, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-10 16:25 - 2013-07-10 16:36 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-10 16:25 - 2013-07-10 16:25 - 00000000 ____D C:\Users\Robert\Desktop\mbar-1.06.0.1004
2013-07-10 16:12 - 2013-07-10 16:14 - 00000000 ____D C:\Users\Robert\Desktop\RK_Quarantine
2013-07-10 16:12 - 2013-07-10 16:11 - 13399154 ____A C:\Users\Robert\Desktop\mbar-1.06.0.1004.zip
2013-07-10 16:12 - 2013-07-10 16:09 - 03775488 ____A C:\Users\Robert\Desktop\RogueKillerX64.exe
2013-07-10 15:15 - 2013-07-10 15:05 - 00688992 ____R (Swearware) C:\Users\Robert\Desktop\dds.com
2013-07-10 12:08 - 2013-07-01 09:25 - 00019032 ____N C:\Windows\System32\pwdrvio.sys
2013-07-10 12:08 - 2013-07-01 09:25 - 00012384 ____N C:\Windows\System32\pwdspio.sys
2013-07-10 12:07 - 2013-07-10 12:07 - 00001206 ____A C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
2013-07-10 12:07 - 2013-07-10 12:07 - 00000000 ____D C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 8.0
2013-07-10 12:06 - 2013-07-10 11:50 - 20198792 ____A (MiniTool Solution Ltd. ) C:\Users\Robert\Desktop\pwhe8.exe
2013-07-10 10:07 - 2013-07-10 10:03 - 00000186 ____A C:\Users\Robert\Desktop\ActionCenterIcon.reg
2013-07-10 08:46 - 2013-07-10 08:44 - 00356429 ____A (Farbar) C:\Users\Robert\Desktop\FSS.exe
2013-07-10 08:45 - 2013-07-10 16:44 - 01777775 ____A (Farbar) C:\Users\Robert\Desktop\FRST64.exe
2013-07-09 19:21 - 2013-07-09 19:21 - 00000742 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-09 19:21 - 2013-04-04 13:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-09 16:24 - 2013-07-09 16:24 - 00000000 ____D C:\Windows\pss
2013-07-08 19:27 - 2013-07-08 19:27 - 00262144 ____A C:\Windows\Minidump\070813-70528-01.dmp
2013-06-27 11:17 - 2013-06-27 11:18 - 00000000 ____D C:\ProgramData\Package Cache
2013-06-26 11:27 - 2007-11-15 18:21 - 00385024 ____A (SYCODE) C:\Windows\SYCLicense071115U.dll
2013-06-26 11:27 - 2007-10-21 11:18 - 01232896 ____A (SYCODE) C:\Windows\SYCIOU.dll
2013-06-26 11:27 - 2007-10-21 11:17 - 01028096 ____A (SYCODE) C:\Windows\SYCGeoU.dll
2013-06-26 11:27 - 2007-10-21 11:17 - 00233472 ____A (SYCODE) C:\Windows\SYCGUIU.dll
2013-06-20 09:07 - 2013-06-20 09:07 - 00000000 ____D C:\ProgramData\MentorGraphics
2013-06-17 20:29 - 2013-07-08 19:26 - 00006088 ____A C:\Windows\setupact.log
2013-06-17 20:29 - 2013-06-17 20:29 - 00000000 ____A C:\Windows\setuperr.log
2013-06-17 19:36 - 2011-01-11 04:15 - 00069632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfcm80.dll
2013-06-17 19:36 - 2011-01-11 04:14 - 00057856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfcm80u.dll
2013-06-17 19:36 - 2011-01-10 21:51 - 01101824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc80.dll
2013-06-17 19:36 - 2011-01-10 21:51 - 01093120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc80u.dll
2013-06-17 19:36 - 2011-01-10 21:51 - 00002372 ____A C:\Windows\SysWOW64\Microsoft.VC80.MFC.manifest
2013-06-17 19:36 - 2003-03-18 21:20 - 01060864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFC71.dll
2013-06-17 19:36 - 2003-03-18 21:12 - 01047552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFC71u.dll
2013-06-17 19:36 - 2003-03-18 19:05 - 00089088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\atl71.dll
2013-06-15 05:18 - 2013-06-08 06:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 05:18 - 2013-06-08 06:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 05:18 - 2013-06-08 06:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 05:18 - 2013-06-08 06:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 05:18 - 2013-06-08 06:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 05:18 - 2013-06-08 04:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 05:18 - 2013-06-08 03:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 05:18 - 2013-06-08 03:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 05:18 - 2013-06-08 03:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 05:18 - 2013-06-08 03:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 05:18 - 2013-06-08 03:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 05:18 - 2013-06-08 03:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 06:24 - 2013-05-16 17:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 06:24 - 2013-05-16 17:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 06:24 - 2013-05-16 17:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 06:24 - 2013-05-16 17:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 06:24 - 2013-05-16 17:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 06:24 - 2013-05-16 17:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 06:24 - 2013-05-16 17:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 06:24 - 2013-05-16 17:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 06:24 - 2013-05-16 16:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 06:24 - 2013-05-16 16:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 06:24 - 2013-05-16 16:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 06:24 - 2013-05-16 16:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 06:24 - 2013-05-16 16:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 06:24 - 2013-05-16 16:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 06:24 - 2013-05-16 16:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 06:24 - 2013-05-16 16:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 06:24 - 2013-05-16 16:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 06:24 - 2013-05-14 04:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 06:24 - 2013-05-14 00:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 05:55 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 05:55 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 05:55 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 05:55 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 05:55 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 05:55 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 05:55 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 05:55 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 05:55 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 05:55 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 05:55 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 05:55 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 05:55 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 05:55 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 05:55 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 05:55 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 05:55 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 05:55 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 05:55 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-10 16:44 - 2013-07-10 08:45 - 01777775 ____A (Farbar) C:\Users\Robert\Desktop\FRST64.exe
2013-07-10 16:36 - 2013-07-10 16:25 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-10 16:25 - 2013-07-10 16:25 - 00000000 ____D C:\Users\Robert\Desktop\mbar-1.06.0.1004
2013-07-10 16:19 - 2011-11-21 10:41 - 01706970 ____A C:\Windows\WindowsUpdate.log
2013-07-10 16:14 - 2013-07-10 16:12 - 00000000 ____D C:\Users\Robert\Desktop\RK_Quarantine
2013-07-10 16:11 - 2013-07-10 16:12 - 13399154 ____A C:\Users\Robert\Desktop\mbar-1.06.0.1004.zip
2013-07-10 16:09 - 2013-07-10 16:12 - 03775488 ____A C:\Users\Robert\Desktop\RogueKillerX64.exe
2013-07-10 15:05 - 2013-07-10 15:15 - 00688992 ____R (Swearware) C:\Users\Robert\Desktop\dds.com
2013-07-10 12:07 - 2013-07-10 12:07 - 00001206 ____A C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
2013-07-10 12:07 - 2013-07-10 12:07 - 00000000 ____D C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 8.0
2013-07-10 11:50 - 2013-07-10 12:06 - 20198792 ____A (MiniTool Solution Ltd. ) C:\Users\Robert\Desktop\pwhe8.exe
2013-07-10 10:08 - 2011-12-25 14:12 - 00000000 ____D C:\Users\Robert\AppData\Roaming\uTorrent
2013-07-10 10:03 - 2013-07-10 10:07 - 00000186 ____A C:\Users\Robert\Desktop\ActionCenterIcon.reg
2013-07-10 09:43 - 2012-04-25 11:39 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-10 09:31 - 2011-12-25 11:21 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1617886939-4081324411-3031297083-1000UA.job
2013-07-10 08:48 - 2009-07-13 20:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-10 08:48 - 2009-07-13 20:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-10 08:44 - 2013-07-10 08:46 - 00356429 ____A (Farbar) C:\Users\Robert\Desktop\FSS.exe
2013-07-10 08:42 - 2011-12-25 14:20 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Dropbox
2013-07-10 08:41 - 2012-04-25 11:39 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-10 08:30 - 2011-12-28 16:34 - 00000000 ____D C:\Users\Robert\AppData\Roaming\SolidWorks
2013-07-09 22:53 - 2011-12-25 14:35 - 00000000 ____D C:\Users\Robert\AppData\Roaming\vlc
2013-07-09 19:21 - 2013-07-09 19:21 - 00000742 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-09 19:15 - 2011-11-09 13:59 - 00002243 ____A C:\Windows\epplauncher.mif
2013-07-09 19:14 - 2011-12-25 15:13 - 00174558 ____A C:\Windows\PFRO.log
2013-07-09 19:11 - 2012-06-30 21:50 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-09 19:11 - 2012-06-30 21:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-07-09 16:24 - 2013-07-09 16:24 - 00000000 ____D C:\Windows\pss
2013-07-09 15:57 - 2009-07-13 21:13 - 00779788 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-09 11:16 - 2012-11-02 17:05 - 00000000 ____D C:\Users\Robert\AppData\Local\TempSWBackupDirectory
2013-07-09 10:10 - 2011-12-29 15:48 - 00000000 ____D C:\Users\Robert\AppData\Local\SolidWorks
2013-07-09 06:00 - 2011-12-25 11:21 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1617886939-4081324411-3031297083-1000Core.job
2013-07-08 19:27 - 2013-07-08 19:27 - 00262144 ____A C:\Windows\Minidump\070813-70528-01.dmp
2013-07-08 19:27 - 2012-01-02 12:34 - 00000000 ____D C:\Windows\Minidump
2013-07-08 19:26 - 2013-06-17 20:29 - 00006088 ____A C:\Windows\setupact.log
2013-07-06 11:38 - 2012-04-25 11:39 - 00003894 ____A C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-06 11:38 - 2012-04-25 11:39 - 00003642 ____A C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-05 04:26 - 2011-12-25 11:21 - 00003884 ____A C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1617886939-4081324411-3031297083-1000UA
2013-07-05 04:26 - 2011-12-25 11:21 - 00003488 ____A C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1617886939-4081324411-3031297083-1000Core
2013-07-02 09:23 - 2009-07-13 21:08 - 00032564 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-02 09:20 - 2013-04-01 13:49 - 00000000 ____D C:\Users\Robert\Desktop\SolidWorks
2013-07-02 08:16 - 2011-12-25 11:17 - 00000000 ____D C:\users\Robert
2013-07-02 08:07 - 2013-01-02 10:38 - 00000000 ____D C:\Program Files (x86)\Unified Remote
2013-07-01 16:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-01 09:25 - 2013-07-10 12:08 - 00019032 ____N C:\Windows\System32\pwdrvio.sys
2013-07-01 09:25 - 2013-07-10 12:08 - 00012384 ____N C:\Windows\System32\pwdspio.sys
2013-06-27 11:18 - 2013-06-27 11:17 - 00000000 ____D C:\ProgramData\Package Cache
2013-06-27 10:54 - 2011-12-25 15:01 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Apple Computer
2013-06-22 23:03 - 2012-02-22 16:27 - 00000132 ____A C:\Users\Robert\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-06-20 12:27 - 2011-12-25 11:23 - 00002377 ____A C:\Users\Robert\Desktop\Google Chrome.lnk
2013-06-20 09:07 - 2013-06-20 09:07 - 00000000 ____D C:\ProgramData\MentorGraphics
2013-06-18 06:43 - 2011-11-09 13:59 - 00774004 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-17 20:29 - 2013-06-17 20:29 - 00000000 ____A C:\Windows\setuperr.log
2013-06-17 19:36 - 2011-10-16 21:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-17 05:36 - 2011-12-29 15:47 - 00000000 ____D C:\ProgramData\FLEXnet
2013-06-13 06:25 - 2011-11-09 17:18 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-11 15:09 - 2011-12-28 23:38 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Spotify
2013-06-11 15:07 - 2011-12-28 23:40 - 00000000 ____D C:\Users\Robert\AppData\Local\Spotify

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8105.55 MB
Available physical RAM: 7265.07 MB
Total Pagefile: 8103.75 MB
Available Pagefile: 7258.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:50 GB) (Free:0.66 GB) NTFS (Disk=1 Partition=2)
Drive e: (TEMP_PART01) (Fixed) (Total:625.94 GB) (Free:275.08 GB) NTFS (Disk=1 Partition=3)
Drive f: (SAMSUNG_REC) (Fixed) (Total:22.59 GB) (Free:2.75 GB) NTFS (Disk=1 Partition=4) ==>[System with boot components (obtained from reading drive)]
Drive h: () (Removable) (Total:0.96 GB) (Free:0.91 GB) FAT (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=1 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 7 GB) (Disk ID: 74F02DEA)
Partition 1: (Active) - (Size=7 GB) - (Type=73)

========================================================
Disk: 1 (Size: 699 GB) (Disk ID: 74D52988)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=626 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=23 GB) - (Type=27)

========================================================
Disk: 2 (Size: 981 MB) (Disk ID: 6F20736B)
Partition 1: (Not Active) - (Size=544 GB) - (Type=72)
Partition 2: (Not Active) - (Size=923 GB) - (Type=65)
Partition 3: (Not Active) - (Size=923 GB) - (Type=79)
Partition 4: (Not Active) - (Size=-336763289600) - (Type=0D)


LastRegBack: 2013-07-03 11:28

==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
See if you can boot normally.
 

Attachments

  • fixlist.txt
    29 bytes · Views: 1
Here it is:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-07-2013 04
Ran by SYSTEM at 2013-07-10 18:35:55 Run:5
Running from H:\
Boot Mode: Recovery
==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====
 
I waited until it shutdown after hanging for too long, and tried booting again. This time is booted successfully.
 
I opened Chrome, and the screen went black then restarted again. It booted up normally again. How should I proceed?
 
So I ran RogueKiller, deleted, and went to my desktop. The screen went black again, and restarted. Then, I tried to boot normally, and got blue screen. Then I booted again successfully, and saved the logs to the flash drive. I went to Chrome to post them here, and ti blue screened again. Here are the two log files it spit out:

1:

RogueKiller V8.6.2 _x64_ [Jul 2 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : hxxp://www.adlice.com/forum/
Website : hxxp://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Robert [Admin rights]
Mode : Remove -- Date : 07/10/2013 18:55:45
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] FastBrowsing2 : "%windir%\Temp\FastBrowsing2.exe" [x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS727575A9E364 +++++
--- User ---
[MBR] 8709bc60416022c9b875d52c10083408
[BSP] e71e85990b7dfd2b255f3c74da68b24d : KIWI Image system MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 51200 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 105064448 | Size: 640966 Mo
3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1417762816 | Size: 23137 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Hitachi HTS727575A9E364 +++++
--- User ---
[MBR] c24d9af7de7d2b6ff7f0ee0846275549
[BSP] 0a9420da5d388cf72c9f5653515471d4 : Empty MBR Code
Partition table:
0 - [ACTIVE] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 2048 | Size: 7639 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_07102013_185545.txt >>
RKreport[0]_S_07102013_185531.txt


2:

RogueKiller V8.6.2 _x64_ [Jul 2 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : hxxp://www.adlice.com/forum/
Website : hxxp://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Robert [Admin rights]
Mode : Scan -- Date : 07/10/2013 18:55:31
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] FastBrowsing2 : "%windir%\Temp\FastBrowsing2.exe" [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS727575A9E364 +++++
--- User ---
[MBR] 8709bc60416022c9b875d52c10083408
[BSP] e71e85990b7dfd2b255f3c74da68b24d : KIWI Image system MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 51200 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 105064448 | Size: 640966 Mo
3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1417762816 | Size: 23137 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Hitachi HTS727575A9E364 +++++
--- User ---
[MBR] c24d9af7de7d2b6ff7f0ee0846275549
[BSP] 0a9420da5d388cf72c9f5653515471d4 : Empty MBR Code
Partition table:
0 - [ACTIVE] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 2048 | Size: 7639 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_07102013_185531.txt >>


Is the blue screen a bad sign?
 
First of all try different browser and see if same thing happens.

Then...

Download BlueScreenView
Unzip downloaded file.
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.
 
It seems to blue screen randomly. Here is the BSOD:

==================================================
Dump File : 071013-53009-01.dmp
Crash Time : 7/10/2013 7:02:22 PM
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 00000000`00041790
Parameter 2 : fffffa80`05de8e30
Parameter 3 : 00000000`0000ffff
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\windows\Minidump\071013-53009-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 262,144
Dump File Time : 7/10/2013 7:03:42 PM
==================================================

==================================================
Dump File : 071013-65177-01.dmp
Crash Time : 7/10/2013 6:58:30 PM
Bug Check String :
Bug Check Code : 0x00000116
Parameter 1 : fffffa80`0ab17010
Parameter 2 : fffff880`04a49af4
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000002
Caused By Driver : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+5d054
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\windows\Minidump\071013-65177-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 262,144
Dump File Time : 7/10/2013 7:00:00 PM
==================================================

==================================================
Dump File : 071013-68453-01.dmp
Crash Time : 7/10/2013 6:45:10 PM
Bug Check String :
Bug Check Code : 0x00000116
Parameter 1 : fffffa80`075584e0
Parameter 2 : fffff880`04a25af4
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000002
Caused By Driver : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+5d054
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\windows\Minidump\071013-68453-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 262,144
Dump File Time : 7/10/2013 6:46:58 PM
==================================================

==================================================
Dump File : 070813-70528-01.dmp
Crash Time : 7/8/2013 8:25:28 PM
Bug Check String :
Bug Check Code : 0x00000116
Parameter 1 : fffffa80`0f18c190
Parameter 2 : fffff880`04b00af4
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000002
Caused By Driver : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+5d054
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+75c00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\windows\Minidump\070813-70528-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 262,144
Dump File Time : 7/8/2013 8:27:21 PM
==================================================
 
It's fairly inconclusive since we have different type of errors and different system files are involved.
My first suspect would be some RAM issue but...

In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.
 
Thanks for all your help! I posted a topic in the BSOD section, hopefully it gets fixed. So was there never any Malware in the first place?
 
You must log in or register to reply here.

Similar threads

S
At loss: Kernel virus or something else
2
Replies
30
Views
8K
Soup Stand
S
R
New Mid/High-End Keeps Crashing with Clean Windows Installation and Drivers
Replies
4
Views
2K
holdum323
holdum323
Dylow
Solved Virus crashing malware scan?
2
Replies
35
Views
5K
Broni
Broni

Latest posts

Back