Jump to content

OldComputerNerd

Members
  • Posts

    13
  • Joined

  • Last visited

Everything posted by OldComputerNerd

  1. Gringo, Thank you for all your help. I read your last post and will work through it in the next couple of days (tomorrow is my 25th wedding anniversary so I probably won't be on the computer). The system seems to be running very well. Thanks Rick
  2. Gringo, I removed the registry keys using HijackThis I then followed your instructions about ESET. Here is the log ESET Scan Log C:\Restored\C\InstallDir\HTMLEditors\fp2006-final-3.00-setup.exe JS/BadJoke.KillFiles.A application C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Default\aadddeggdfdadegcdhdigddcdeddgdgd\ContentScript.js Win32/Boaxxe.U trojan C:\Users\Rick\AppData\Local\The Creative Assembly\bajugllk.dll a variant of Win32/Boaxxe.P.Gen trojan C:\Users\Rick\AppData\Roaming\pleGLdll32\{5af238ea-3190-5f4a-6b62-67a08c829834}.exe a variant of Win32/Sefnit.CQ.Gen trojan C:\Users\Rick\Downloads\Croc___Legend_of_the_Gobbos.exe Win32/Adware.1ClickDownload.G application C:\Users\Rick\Downloads\iLividSetup (1).exe Win32/Toolbar.SearchSuite application C:\Users\Rick\Downloads\iLividSetup (2).exe Win32/Toolbar.SearchSuite application C:\Users\Rick\Downloads\iLividSetup.exe Win32/Toolbar.SearchSuite application C:\Users\Rick\Downloads\winrar setup.exe a variant of Win32/InstallCore.AZ application I had posted my comment about the RunDll error before I saw your post about removing the registry keys. I re-ran HijackThis and have attached the log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:52:21 PM, on 5/13/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16537) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Rick\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" O4 - HKLM\..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus....k_sys_ctrl3.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset...lineScanner.cab O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) - http://myitlab.pears...ces/ax/stub.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe O23 - Service: Kodak AiO Status Monitor Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12611 bytes Thanks Rick
  3. Gringo, I got the following error on startup this afternoon. RunDLL There was a problem starting C:\Users\Rick\AppData\Local\Downloaded Installations\My Games\ihdupr.dll The specific module could not be found. Any ideas? Thanks Rick
  4. I completed the uninstalls and upgrade of Adobe Reader. I ran CCleaner with the settings requested. 978 MB of files were removed. I ran MBAM and it found no issues. Here is the log file Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.12.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 Rick :: USER-PC [administrator] 5/12/2013 7:29:43 PM mbam-log-2013-05-12 (19-29-43).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 253146 Time elapsed: 3 minute(s), 48 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) I then ran HijackThis. Here is the log from it: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:37:54 PM, on 5/12/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16537) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Rick\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" O4 - HKLM\..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [My Games] rundll32 "C:\Users\Rick\AppData\Local\Downloaded Installations\My Games\ihdupr.dll",SCBB2_CreateTransformTablesW O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe -update activex O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus....k_sys_ctrl3.cab O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) - http://myitlab.pears...ces/ax/stub.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe O23 - Service: Kodak AiO Status Monitor Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13367 bytes The system seems to be running much better and I haven't experienced any of the symptoms that lead me here in the first place. Thanks Rick
  5. Gringo, Will do. My grandson is on the computer right now (undoing all our good work - hehehe) so I will run the scans tomorrow. Thanks Rick
  6. Gringo, I completed the combofix scan using the CFScript.txt file. Here is the log: ComboFix 13-05-11.01 - Rick 05/11/2013 16:21:31.2.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6135.3988 [GMT -5:00] Running from: c:\users\Rick\Desktop\ComboFix.exe Command switches used :: c:\users\Rick\Desktop\CFScript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Rick\AppData\Roaming\technic-launcher.jar c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\windows\Temp\tmp3.tmp . . ((((((((((((((((((((((((( Files Created from 2013-04-11 to 2013-05-11 ))))))))))))))))))))))))))))))) . . 2013-05-11 21:30 . 2013-05-11 21:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-05-11 21:30 . 2013-05-11 21:30 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2013-05-11 21:30 . 2013-05-11 21:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-05 02:39 . 2013-05-05 02:46 -------- d-----w- c:\users\Rick\AppData\Roaming\Ventrilo 2013-05-05 02:38 . 2013-05-05 02:38 -------- d-----w- c:\program files\Ventrilo 2013-05-05 02:38 . 2013-05-05 02:38 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2013-04-27 15:52 . 2013-04-27 16:00 -------- d-----w- c:\users\Rick\AppData\Roaming\Notepad++ 2013-04-27 15:52 . 2013-04-27 15:52 -------- d-----w- c:\program files (x86)\Notepad++ 2013-04-27 03:46 . 2013-04-27 03:46 273936766 ----a-w- c:\windows\system32\All_Reg_keys_4_26_13.reg 2013-04-24 21:39 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-22 01:22 . 2013-04-22 01:22 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin 2013-04-14 05:21 . 2013-04-14 05:21 -------- d-----w- c:\users\Rick\AppData\Roaming\Simply Super Software 2013-04-14 05:21 . 2013-04-14 05:21 -------- d-----w- c:\program files (x86)\Trojan Remover 2013-04-14 05:21 . 2013-04-14 05:21 -------- d-----w- c:\programdata\Simply Super Software 2013-04-13 00:14 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-04-13 00:14 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys 2013-04-13 00:14 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-13 00:14 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-04-13 00:14 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-04-13 00:14 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-13 00:14 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-04-13 00:14 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-05 17:18 . 2012-07-13 02:05 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-05 17:18 . 2011-07-08 06:47 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-19 22:29 . 2011-08-13 15:34 281152 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2013-04-19 22:29 . 2011-08-13 15:34 281152 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2013-04-14 18:30 . 2011-08-13 15:34 281152 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2013-04-13 06:28 . 2011-06-30 23:29 72702784 ----a-w- c:\windows\system32\MRT.exe 2013-04-04 19:50 . 2013-02-14 01:48 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-19 03:41 . 2013-03-19 03:41 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-03-19 03:41 . 2013-03-19 03:41 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-03-19 03:41 . 2013-03-19 03:41 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-03-19 03:41 . 2013-03-19 03:41 81408 ----a-w- c:\windows\system32\icardie.dll 2013-03-19 03:41 . 2013-03-19 03:41 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-03-19 03:41 . 2013-03-19 03:41 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-03-19 03:41 . 2013-03-19 03:41 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-03-19 03:41 . 2013-03-19 03:41 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-03-19 03:41 . 2013-03-19 03:41 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-03-19 03:41 . 2013-03-19 03:41 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-03-19 03:41 . 2013-03-19 03:41 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-03-19 03:41 . 2013-03-19 03:41 441856 ----a-w- c:\windows\system32\html.iec 2013-03-19 03:41 . 2013-03-19 03:41 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-03-19 03:41 . 2013-03-19 03:41 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-03-19 03:41 . 2013-03-19 03:41 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-03-19 03:41 . 2013-03-19 03:41 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-19 03:41 . 2013-03-19 03:41 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-03-19 03:41 . 2013-03-19 03:41 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-03-19 03:41 . 2013-03-19 03:41 235008 ----a-w- c:\windows\system32\url.dll 2013-03-19 03:41 . 2013-03-19 03:41 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-03-19 03:41 . 2013-03-19 03:41 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-03-19 03:41 . 2013-03-19 03:41 216064 ----a-w- c:\windows\system32\msls31.dll 2013-03-19 03:41 . 2013-03-19 03:41 197120 ----a-w- c:\windows\system32\msrating.dll 2013-03-19 03:41 . 2013-03-19 03:41 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-03-19 03:41 . 2013-03-19 03:41 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-03-19 03:41 . 2013-03-19 03:41 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-03-19 03:41 . 2013-03-19 03:41 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-03-19 03:41 . 2013-03-19 03:41 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-03-19 03:41 . 2013-03-19 03:41 144896 ----a-w- c:\windows\system32\wextract.exe 2013-03-19 03:41 . 2013-03-19 03:41 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-03-19 03:41 . 2013-03-19 03:41 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-03-19 03:41 . 2013-03-19 03:41 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-03-19 03:41 . 2013-03-19 03:41 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-03-19 03:41 . 2013-03-19 03:41 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-03-19 03:41 . 2013-03-19 03:41 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-03-19 03:41 . 2013-03-19 03:41 102912 ----a-w- c:\windows\system32\inseng.dll 2013-03-19 03:41 . 2013-03-19 03:41 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-03-19 03:41 . 2013-03-19 03:41 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-03-19 03:41 . 2013-03-19 03:41 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-03-19 03:41 . 2013-03-19 03:41 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-03-19 03:41 . 2013-03-19 03:41 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-03-19 03:41 . 2013-03-19 03:41 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-03-19 03:41 . 2013-03-19 03:41 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-03-19 03:41 . 2013-03-19 03:41 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-03-19 03:41 . 2013-03-19 03:41 149504 ----a-w- c:\windows\system32\occache.dll 2013-03-19 03:41 . 2013-03-19 03:41 13824 ----a-w- c:\windows\system32\mshta.exe 2013-03-19 03:41 . 2013-03-19 03:41 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-03-19 03:41 . 2013-03-19 03:41 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-03-19 03:41 . 2013-03-19 03:41 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-02-26 05:32 . 2013-02-26 05:32 25256224 ----a-w- c:\windows\system32\nvcompiler.dll 2013-02-26 05:32 . 2012-10-11 03:22 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll 2013-02-26 05:32 . 2012-10-11 03:22 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2013-02-26 05:32 . 2013-02-26 05:32 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll 2013-02-26 05:32 . 2011-02-23 07:58 2826040 ----a-w- c:\windows\system32\nvapi64.dll 2013-02-26 05:32 . 2012-10-11 03:23 1107440 ----a-w- c:\windows\system32\nvumdshimx.dll 2013-02-26 05:32 . 2012-02-04 22:13 1814304 ----a-w- c:\windows\system32\nvdispco64.dll 2013-02-26 05:32 . 2011-05-21 11:01 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll 2013-02-26 05:32 . 2013-02-26 05:32 958120 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2013-02-26 05:32 . 2013-02-26 05:32 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2013-02-26 05:32 . 2013-02-26 05:32 26929440 ----a-w- c:\windows\system32\nvoglv64.dll 2013-02-26 05:32 . 2013-02-26 05:32 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll 2013-02-26 05:32 . 2013-02-26 05:32 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll 2013-02-26 05:32 . 2013-02-26 05:32 245872 ----a-w- c:\windows\system32\nvinitx.dll 2013-02-26 05:32 . 2013-02-26 05:32 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2013-02-26 05:32 . 2012-10-11 03:23 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll 2013-02-26 05:32 . 2013-02-26 05:32 2904352 ----a-w- c:\windows\system32\nvcuvid.dll 2013-02-26 05:32 . 2013-02-26 05:32 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2013-02-26 05:32 . 2011-05-21 11:01 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll 2013-02-26 05:32 . 2013-02-26 05:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2013-02-26 05:32 . 2013-02-26 05:32 7564040 ----a-w- c:\windows\system32\nvopencl.dll 2013-02-26 05:32 . 2013-02-26 05:32 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2013-02-26 05:32 . 2012-10-11 03:23 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2013-02-26 05:32 . 2013-02-26 05:32 9390760 ----a-w- c:\windows\system32\nvcuda.dll 2013-02-26 05:32 . 2013-02-26 05:32 201576 ----a-w- c:\windows\SysWow64\nvinit.dll 2013-02-18 14:22 . 2013-02-18 14:22 31080 ----a-w- c:\windows\system32\nvhdap64.dll 2013-02-18 14:22 . 2013-02-18 14:22 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll 2013-02-18 14:22 . 2013-02-18 14:22 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys 2013-02-12 05:45 . 2013-03-15 13:45 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-15 13:45 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-15 13:45 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-15 13:45 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-15 13:45 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-15 13:45 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-12 04:12 . 2013-03-19 03:32 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-02-13 02:13 222712 ----a-w- c:\users\Rick\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-02-13 02:13 222712 ----a-w- c:\users\Rick\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-02-13 02:13 222712 ----a-w- c:\users\Rick\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "My Games"="c:\users\Rick\AppData\Local\Downloaded Installations\My Games\ihdupr.dll" [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-02-12 115560] "vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-03-26 129648] "EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2012-10-15 2844608] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392] "TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-09-14 1247504] "Conime"="c:\windows\system32\conime.exe" [bU] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-10-19 2235840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="c:\windows\system32\userinit.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-11-18 25424] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616] R3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/22/2011,1.2.5.0;c:\windows\system32\DRIVERS\libusb0.sys [2012-03-14 52320] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704] R3 LVUVC64;Logitech QuickCam S7500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288] R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-29 36720] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-23 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200] S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200] S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264] S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2011-03-26 81008] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-26 539248] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-15 138912] S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-05-20 393728] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-13 00:58 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-05-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1323969578-42924185-667394549-1002Core.job - c:\users\Rick\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-17 02:24] . 2013-05-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1323969578-42924185-667394549-1002UA.job - c:\users\Rick\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-17 02:24] . 2013-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-20 02:33] . 2013-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-20 02:33] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-02-13 02:13 261624 ----a-w- c:\users\Rick\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-02-13 02:13 261624 ----a-w- c:\users\Rick\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-02-13 02:13 261624 ----a-w- c:\users\Rick\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-04 8317472] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2012-10-08 3182080] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS REMOVED - - - - . SafeBoot-91421217.sys AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe AddRemove-WildTangent CDA - c:\program files (x86)\WildTangent\Apps\CDA\CDAUninstall.exe AddRemove-{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763} - c:\programdata\{7EAAFBB9-2051-44B5-A11D-DEE4D6CA7409}\iMesh_V12_en_Setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1323969578-42924185-667394549-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:d0,26,92,ba,a1,3d,b8,d6,e9,98,80,16,8b,af,8b,bf,89,59,48,d1,d2,38,5d, 64,9c,c8,6b,42,8a,bf,9c,b5,e5,43,11,53,88,51,3d,03,f6,bf,88,20,ea,94,eb,bd,\ "??"=hex:dd,99,0c,75,e0,d9,b3,83,e9,61,6d,9e,fe,35,fe,09 . [HKEY_USERS\S-1-5-21-1323969578-42924185-667394549-1002\Software\SecuROM\License information*] "datasecu"=hex:fe,d0,da,1b,7f,91,eb,38,8d,c3,e1,d1,a1,a0,73,6a,e6,fc,45,6f,5c, 06,8d,de,c6,94,90,1b,49,48,c4,6c,12,ca,5d,b5,3b,66,d6,7c,72,6f,89,8c,74,68,\ "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe c:\windows\SysWOW64\vmnat.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe c:\windows\SysWOW64\vmnetdhcp.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe . ************************************************************************** . Completion time: 2013-05-11 16:40:41 - machine was rebooted ComboFix-quarantined-files.txt 2013-05-11 21:40 ComboFix2.txt 2013-04-28 03:15 . Pre-Run: 1,412,544,909,312 bytes free Post-Run: 1,412,633,432,064 bytes free . - - End Of File - - CD9FC996C3DB76CEC2858E7F6CCB1C11 ComboFix rebooted once and then I had to reboot another time because I was getting the following errors. c:\Program Files\Internet Explorer\iexplorer.exe Illegal operation attempted on a registry key that has been marked for deletion. I got the same error for MS Word. The second reboot fixed that issue and both apps work fine. Right after the desktop displayed after the second reboot, I got the following error message: RunDLL There was a problem starting C:\Users\Rick\AppData\Local\Downloaded Installations\My Games\ihdupr.dll The specific module could not be found. I assume that not finding it is a good thing and probably something leftover in the startup. Thanks Rick
  7. Thanks Gringo, I won't be able to run this until Saturday 11 May.
  8. TDSSKiller.2.8.16.0_07.05.2013_18.14.03_log.txtGringo, I've run both the TDSSKiller and MBAR. I have two TDSSKiller logs and two MBAR logs. During the MBAR scan (which took a long time) I found out that I have over 65,000 0 byte files in the C:/Windows/Temp directory. All the file names are in the format of TMPhex#.tmp and have a date of 5/6/2013 9:12 PM. Can I delete these. I realize that they take no space but the are taking up entries in, what I call, the file table (however Windows keeps track of files and location). MBAR reported no issues found. IE, Windows Update, and Windows Firewall appear to be working correctly but I keep an eye on them. Can you recommend a good anti-virus product? I currently use Symantec Endpoint Protection but I don't really like the UI and apparent lack of info (like where the heck are the scan logs). I use Malwarebytes Anti-Malware and Simply Super Software Trojan Remover but am open to using other apps and welcome any suggestions for the best set of tools. The post is too long so I attached the second TDSSKiller log. TDSSKiller.2.8.16.0_07.05.2013_18.10.01_log 18:10:01.0723 5524 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 18:10:02.0409 5524 ============================================================ 18:10:02.0409 5524 Current date / time: 2013/05/07 18:10:02.0409 18:10:02.0409 5524 SystemInfo: 18:10:02.0409 5524 18:10:02.0409 5524 OS Version: 6.1.7601 ServicePack: 1.0 18:10:02.0409 5524 Product type: Workstation 18:10:02.0409 5524 ComputerName: USER-PC 18:10:02.0409 5524 UserName: Rick 18:10:02.0409 5524 Windows directory: C:\Windows 18:10:02.0409 5524 System windows directory: C:\Windows 18:10:02.0409 5524 Running under WOW64 18:10:02.0409 5524 Processor architecture: Intel x64 18:10:02.0409 5524 Number of processors: 8 18:10:02.0409 5524 Page size: 0x1000 18:10:02.0409 5524 Boot type: Normal boot 18:10:02.0409 5524 ============================================================ 18:10:03.0002 5524 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1600000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:10:03.0002 5524 ============================================================ 18:10:03.0002 5524 \Device\Harddisk0\DR0: 18:10:03.0002 5524 MBR partitions: 18:10:03.0002 5524 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 18:10:03.0002 5524 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE8DD8000 18:10:03.0002 5524 ============================================================ 18:10:03.0018 5524 C: <-> \Device\Harddisk0\DR0\Partition2 18:10:03.0018 5524 ============================================================ 18:10:03.0018 5524 Initialize success 18:10:03.0018 5524 ============================================================ 18:10:51.0596 6648 Deinitialize success mbar-log-2013-05-08 (08-23-03) Malwarebytes Anti-Rootkit BETA 1.05.0.1001 www.malwarebytes.org Database version: v2013.05.07.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 Rick :: USER-PC [administrator] 5/8/2013 8:23:03 AM mbar-log-2013-05-08 (08-23-03).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 40325 Time elapsed: 13 hour(s), 55 minute(s), 29 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) MBAR system-log --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.05.0.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16540 Java version: 1.6.0_26 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 3.073000 GHz Memory total: 6433099776, free: 4728168448 ------------ Kernel report ------------ 05/07/2013 18:27:09 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\93485350.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\vmbus.sys \SystemRoot\system32\drivers\winhv.sys \SystemRoot\system32\drivers\iaStorV.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\SRTSP64.SYS \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130506.020\EX64.SYS \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130506.020\ENG64.SYS \SystemRoot\System32\Drivers\SRTSPX64.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \??\C:\Windows\system32\drivers\wpsdrvnt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\nusb3xhc.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\Drivers\nvBridge.kmd \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\yk62x64.sys \SystemRoot\system32\drivers\1394ohci.sys \SystemRoot\system32\DRIVERS\ASACPI.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \??\C:\Windows\system32\drivers\VMkbd.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\dne64x.sys \SystemRoot\system32\DRIVERS\serscan.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\teefer2.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\vmnetadapter.sys \SystemRoot\system32\DRIVERS\VMNET.SYS \SystemRoot\system32\DRIVERS\nusb3hub.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\udfs.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\system32\DRIVERS\vmnetbridge.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Windows\system32\drivers\hcmon.sys \??\C:\Windows\system32\drivers\vmci.sys \??\C:\Windows\system32\drivers\vmx86.sys \??\C:\Windows\system32\drivers\WpsHelper.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \??\C:\Windows\system32\drivers\vmnetuserif.sys \??\C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\LVPr2M64.sys \??\C:\Windows\system32\Drivers\CVPNDRVA.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\wininet.dll \Windows\System32\urlmon.dll \Windows\System32\setupapi.dll \Windows\System32\oleaut32.dll \Windows\System32\ws2_32.dll \Windows\System32\normaliz.dll \Windows\System32\psapi.dll \Windows\System32\gdi32.dll \Windows\System32\lpk.dll \Windows\System32\user32.dll \Windows\System32\ole32.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8007178790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa800639b050 Lower Device Driver Name: \Driver\iaStor\ Driver name found: iaStor Initialization returned 0x0 Load Function returned 0x0 Downloaded database version: v2013.05.07.10 Downloaded database version: v2013.05.01.01 Initializing... Done! <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8007178790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80071782c0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007178790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800639b050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a015245620, 0xfffffa8007178790, 0xfffffa80075b9090 Lower DeviceData: 0xfffff8a01565d810, 0xfffffa800639b050, 0xfffffa80074db940 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 8463F446 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 3906830336 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 2000404086784 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-3907019232-3907039232)... Done! Performing system, memory and registry scan... Read File: File "c:\ProgramData\{7EAAFBB9-2051-44B5-A11D-DEE4D6CA7409}\instance.dat" is compressed (flags = 1) Read File: File "c:\ProgramData\{7EAAFBB9-2051-44B5-A11D-DEE4D6CA7409}\instance.dat" is compressed (flags = 1) Done! Scan finished ======================================= Thank you for all the help and again I apologize for the delay in responding.
  9. ComboFix 13-04-27.04 - Rick 04/27/2013 22:08:56.1.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6135.4165 [GMT -5:00] Running from: c:\users\Rick\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Wincert\WIN32C~1.DLL C:\test.txt c:\users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\{00FADAEF-EA3C-4175-9BC2-2DC0B9CF19FA}.xps c:\users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0964463E-DAF7-4169-9123-A61B7AEDDF28}.xps c:\users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\{19A175C3-6D38-46DF-8B7D-2211B7990A45}.xps c:\users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2811A3F8-9990-4408-806B-DDD862EDAA40}.xps c:\users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3FECBE9F-78CC-476B-A4F9-F1F2C083029E}.xps c:\users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7613CF61-DA92-47D9-87C4-7BFA58FD23BC}.xps c:\users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\{78C629D7-AEDB-4191-9EEF-57C99F2D062C}.xps c:\users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B0EFDE9D-916B-4CD6-89D0-0F2C3E66D451}.xps c:\users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E8B1628D-C191-4C4D-BA20-501B5FE7F7DA}.xps c:\users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FB6B1F7D-E00D-4CA2-B6F0-7DAF7C40086C}.xps c:\users\Rick\AppData\Roaming\technic-launcher.jar c:\windows\SysWow64\URTTemp c:\windows\SysWow64\URTTemp\regtlib.exe c:\windows\wt c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\controlPanel\index.html c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\update_info\data.wts c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmp.dll c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpi.jar c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpv.dll c:\windows\wt\wtupdates\dmmp\3.0.2.000\install\dmmp.cdanfo c:\windows\wt\wtupdates\dmmp\3.0.2.000\install\DMMP_Uninstall.cdas c:\windows\wt\wtupdates\DRM\3.2.0.19\files\controlPanel\index.html c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar c:\windows\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll c:\windows\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll c:\windows\wt\wtupdates\DRM\3.2.0.19\files\wt.sto c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas c:\windows\wt\wtupdates\Webd\4.1.1\files\actorobject.dll c:\windows\wt\wtupdates\Webd\4.1.1\files\controlPanel\index.html c:\windows\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll c:\windows\wt\wtupdates\Webd\4.1.1\files\dx7drv.dll c:\windows\wt\wtupdates\Webd\4.1.1\files\jdriver.dll c:\windows\wt\wtupdates\Webd\4.1.1\files\legacy\data.wts c:\windows\wt\wtupdates\Webd\4.1.1\files\legacy\webdriver.dll c:\windows\wt\wtupdates\Webd\4.1.1\files\legacy\wt3d.dll c:\windows\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll c:\windows\wt\wtupdates\Webd\4.1.1\files\nsIWTHostPlugin.xpt c:\windows\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll c:\windows\wt\wtupdates\Webd\4.1.1\files\rdriver.dll c:\windows\wt\wtupdates\Webd\4.1.1\files\Sound.dll c:\windows\wt\wtupdates\Webd\4.1.1\files\update_info\data.wts c:\windows\wt\wtupdates\Webd\4.1.1\files\wdcaps.ded c:\windows\wt\wtupdates\Webd\4.1.1\files\wdengine.dll c:\windows\wt\wtupdates\Webd\4.1.1\files\Webd331.cdanfo c:\windows\wt\wtupdates\Webd\4.1.1\files\Webd331_fileList.cdas c:\windows\wt\wtupdates\Webd\4.1.1\files\Webd331_Uninstall.cdas c:\windows\wt\wtupdates\Webd\4.1.1\files\webdriver.dll c:\windows\wt\wtupdates\Webd\4.1.1\files\wildtangent.jar c:\windows\wt\wtupdates\Webd\4.1.1\files\wt3d.ini c:\windows\wt\wtupdates\Webd\4.1.1\files\WTHost.exe c:\windows\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll c:\windows\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll c:\windows\wt\wtupdates\Webd\4.1.1\files\wtmulti.jar c:\windows\wt\wtupdates\Webd\4.1.1\files\wtvh.dll c:\windows\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax c:\windows\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini c:\windows\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1.cdanfo c:\windows\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1_Uninstall.cdas c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\controlpanel\index.html c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl.cdanfo c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl_Uninstall.cdas c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\WireControl.dll . . ((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-28 ))))))))))))))))))))))))))))))) . . 2013-04-28 03:14 . 2013-04-28 03:14 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-04-28 03:14 . 2013-04-28 03:14 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-27 15:52 . 2013-04-27 16:00 -------- d-----w- c:\users\Rick\AppData\Roaming\Notepad++ 2013-04-27 15:52 . 2013-04-27 15:52 -------- d-----w- c:\program files (x86)\Notepad++ 2013-04-27 03:46 . 2013-04-27 03:46 273936766 ----a-w- c:\windows\system32\All_Reg_keys_4_26_13.reg 2013-04-24 21:39 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-22 01:22 . 2013-04-22 01:22 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin 2013-04-14 05:21 . 2013-04-14 05:21 -------- d-----w- c:\users\Rick\AppData\Roaming\Simply Super Software 2013-04-14 05:21 . 2013-04-14 05:21 -------- d-----w- c:\program files (x86)\Trojan Remover 2013-04-14 05:21 . 2013-04-14 05:21 -------- d-----w- c:\programdata\Simply Super Software 2013-04-13 00:14 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-04-13 00:14 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys 2013-04-13 00:14 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-13 00:14 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-04-13 00:14 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-04-13 00:14 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-13 00:14 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-04-13 00:14 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe 2013-04-06 03:35 . 2013-04-20 18:56 -------- d-----w- c:\users\Rick\AppData\Local\CrashDumps 2013-04-05 12:53 . 2013-04-05 12:53 -------- d-----w- c:\users\Rick\AppData\Roaming\pleGLdll32 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-19 22:29 . 2011-08-13 15:34 281152 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2013-04-19 22:29 . 2011-08-13 15:34 281152 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2013-04-14 18:30 . 2011-08-13 15:34 281152 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2013-04-13 06:28 . 2011-06-30 23:29 72702784 ----a-w- c:\windows\system32\MRT.exe 2013-04-04 19:50 . 2013-02-14 01:48 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-19 03:41 . 2013-03-19 03:41 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-03-19 03:41 . 2013-03-19 03:41 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-03-19 03:41 . 2013-03-19 03:41 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-03-19 03:41 . 2013-03-19 03:41 81408 ----a-w- c:\windows\system32\icardie.dll 2013-03-19 03:41 . 2013-03-19 03:41 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-03-19 03:41 . 2013-03-19 03:41 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-03-19 03:41 . 2013-03-19 03:41 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-03-19 03:41 . 2013-03-19 03:41 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-03-19 03:41 . 2013-03-19 03:41 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-03-19 03:41 . 2013-03-19 03:41 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-03-19 03:41 . 2013-03-19 03:41 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-03-19 03:41 . 2013-03-19 03:41 441856 ----a-w- c:\windows\system32\html.iec 2013-03-19 03:41 . 2013-03-19 03:41 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-03-19 03:41 . 2013-03-19 03:41 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-03-19 03:41 . 2013-03-19 03:41 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-03-19 03:41 . 2013-03-19 03:41 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-19 03:41 . 2013-03-19 03:41 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-03-19 03:41 . 2013-03-19 03:41 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-03-19 03:41 . 2013-03-19 03:41 235008 ----a-w- c:\windows\system32\url.dll 2013-03-19 03:41 . 2013-03-19 03:41 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-03-19 03:41 . 2013-03-19 03:41 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-03-19 03:41 . 2013-03-19 03:41 216064 ----a-w- c:\windows\system32\msls31.dll 2013-03-19 03:41 . 2013-03-19 03:41 197120 ----a-w- c:\windows\system32\msrating.dll 2013-03-19 03:41 . 2013-03-19 03:41 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-03-19 03:41 . 2013-03-19 03:41 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-03-19 03:41 . 2013-03-19 03:41 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-03-19 03:41 . 2013-03-19 03:41 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-03-19 03:41 . 2013-03-19 03:41 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-03-19 03:41 . 2013-03-19 03:41 144896 ----a-w- c:\windows\system32\wextract.exe 2013-03-19 03:41 . 2013-03-19 03:41 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-03-19 03:41 . 2013-03-19 03:41 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-03-19 03:41 . 2013-03-19 03:41 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-03-19 03:41 . 2013-03-19 03:41 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-03-19 03:41 . 2013-03-19 03:41 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-03-19 03:41 . 2013-03-19 03:41 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-03-19 03:41 . 2013-03-19 03:41 102912 ----a-w- c:\windows\system32\inseng.dll 2013-03-19 03:41 . 2013-03-19 03:41 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-03-19 03:41 . 2013-03-19 03:41 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-03-19 03:41 . 2013-03-19 03:41 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-03-19 03:41 . 2013-03-19 03:41 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-03-19 03:41 . 2013-03-19 03:41 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-03-19 03:41 . 2013-03-19 03:41 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-03-19 03:41 . 2013-03-19 03:41 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-03-19 03:41 . 2013-03-19 03:41 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-03-19 03:41 . 2013-03-19 03:41 149504 ----a-w- c:\windows\system32\occache.dll 2013-03-19 03:41 . 2013-03-19 03:41 13824 ----a-w- c:\windows\system32\mshta.exe 2013-03-19 03:41 . 2013-03-19 03:41 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-03-19 03:41 . 2013-03-19 03:41 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-03-19 03:41 . 2013-03-19 03:41 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-02-26 05:32 . 2013-02-26 05:32 25256224 ----a-w- c:\windows\system32\nvcompiler.dll 2013-02-26 05:32 . 2012-10-11 03:22 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll 2013-02-26 05:32 . 2012-10-11 03:22 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2013-02-26 05:32 . 2013-02-26 05:32 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll 2013-02-26 05:32 . 2011-02-23 07:58 2826040 ----a-w- c:\windows\system32\nvapi64.dll 2013-02-26 05:32 . 2012-10-11 03:23 1107440 ----a-w- c:\windows\system32\nvumdshimx.dll 2013-02-26 05:32 . 2012-02-04 22:13 1814304 ----a-w- c:\windows\system32\nvdispco64.dll 2013-02-26 05:32 . 2011-05-21 11:01 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll 2013-02-26 05:32 . 2013-02-26 05:32 958120 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2013-02-26 05:32 . 2013-02-26 05:32 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2013-02-26 05:32 . 2013-02-26 05:32 26929440 ----a-w- c:\windows\system32\nvoglv64.dll 2013-02-26 05:32 . 2013-02-26 05:32 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll 2013-02-26 05:32 . 2013-02-26 05:32 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll 2013-02-26 05:32 . 2013-02-26 05:32 245872 ----a-w- c:\windows\system32\nvinitx.dll 2013-02-26 05:32 . 2013-02-26 05:32 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2013-02-26 05:32 . 2012-10-11 03:23 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll 2013-02-26 05:32 . 2013-02-26 05:32 2904352 ----a-w- c:\windows\system32\nvcuvid.dll 2013-02-26 05:32 . 2013-02-26 05:32 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2013-02-26 05:32 . 2011-05-21 11:01 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll 2013-02-26 05:32 . 2013-02-26 05:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2013-02-26 05:32 . 2013-02-26 05:32 7564040 ----a-w- c:\windows\system32\nvopencl.dll 2013-02-26 05:32 . 2013-02-26 05:32 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2013-02-26 05:32 . 2012-10-11 03:23 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2013-02-26 05:32 . 2013-02-26 05:32 9390760 ----a-w- c:\windows\system32\nvcuda.dll 2013-02-26 05:32 . 2013-02-26 05:32 201576 ----a-w- c:\windows\SysWow64\nvinit.dll 2013-02-18 14:22 . 2013-02-18 14:22 31080 ----a-w- c:\windows\system32\nvhdap64.dll 2013-02-18 14:22 . 2013-02-18 14:22 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll 2013-02-18 14:22 . 2013-02-18 14:22 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys 2013-02-12 05:45 . 2013-03-15 13:45 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-15 13:45 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-15 13:45 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-15 13:45 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-15 13:45 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-15 13:45 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-12 04:12 . 2013-03-19 03:32 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-02-13 02:13 222712 ----a-w- c:\users\Rick\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-02-13 02:13 222712 ----a-w- c:\users\Rick\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-02-13 02:13 222712 ----a-w- c:\users\Rick\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-02-12 115560] "vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-03-26 129648] "EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2012-10-15 2844608] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392] "TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-09-14 1247504] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-10-19 2235840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-11-18 25424] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616] R3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/22/2011,1.2.5.0;c:\windows\system32\DRIVERS\libusb0.sys [2012-03-14 52320] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704] R3 LVUVC64;Logitech QuickCam S7500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928] R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-29 36720] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-23 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200] S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264] S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2011-03-26 81008] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-26 539248] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-15 138912] S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-05-20 393728] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-13 00:58 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1323969578-42924185-667394549-1002Core.job - c:\users\Rick\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-17 02:24] . 2013-04-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1323969578-42924185-667394549-1002UA.job - c:\users\Rick\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-17 02:24] . 2013-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-20 02:33] . 2013-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-20 02:33] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-02-13 02:13 261624 ----a-w- c:\users\Rick\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-02-13 02:13 261624 ----a-w- c:\users\Rick\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-02-13 02:13 261624 ----a-w- c:\users\Rick\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-04 8317472] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2012-10-08 3182080] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-My Games - c:\users\Rick\AppData\Local\Downloaded Installations\My Games\ihdupr.dll Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe SafeBoot-Symantec Antvirus HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe AddRemove-WildTangent CDA - c:\program files (x86)\WildTangent\Apps\CDA\CDAUninstall.exe AddRemove-{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763} - c:\programdata\{7EAAFBB9-2051-44B5-A11D-DEE4D6CA7409}\iMesh_V12_en_Setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1323969578-42924185-667394549-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:d0,26,92,ba,a1,3d,b8,d6,e9,98,80,16,8b,af,8b,bf,89,59,48,d1,d2,38,5d, 64,9c,c8,6b,42,8a,bf,9c,b5,e5,43,11,53,88,51,3d,03,f6,bf,88,20,ea,94,eb,bd,\ "??"=hex:dd,99,0c,75,e0,d9,b3,83,e9,61,6d,9e,fe,35,fe,09 . [HKEY_USERS\S-1-5-21-1323969578-42924185-667394549-1002\Software\SecuROM\License information*] "datasecu"=hex:fe,d0,da,1b,7f,91,eb,38,8d,c3,e1,d1,a1,a0,73,6a,e6,fc,45,6f,5c, 06,8d,de,c6,94,90,1b,49,48,c4,6c,12,ca,5d,b5,3b,66,d6,7c,72,6f,89,8c,74,68,\ "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-04-27 22:15:31 ComboFix-quarantined-files.txt 2013-04-28 03:15 . Pre-Run: 1,419,446,484,992 bytes free Post-Run: 1,421,372,579,840 bytes free . - - End Of File - - AEA866891A8488E69A2F6D85F77526AD
  10. Sorry about the RlRlrlrlrlrlr, I am not a WoW Murlock. I was trying to type Richard and the screen was responding.
  11. Gringo, I apologize for not getting back sooner, I have been slammed at work. Here is the ComboFix Quarantined-files log. 2013-04-28 03:14:52 . 2013-04-28 03:14:52 377 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47}.reg.dat 2013-04-28 03:14:49 . 2013-04-28 03:14:49 582 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-Symantec Antvirus.reg.dat 2013-04-28 03:14:45 . 2013-04-28 03:14:45 135 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-Conime.reg.dat 2013-04-28 03:14:45 . 2013-04-28 03:14:45 215 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-My Games.reg.dat 2013-04-28 03:12:33 . 2013-04-28 03:12:33 8,764 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2013-04-28 03:07:56 . 2013-04-28 03:07:56 51 ----a-w- C:\Qoobox\Quarantine\catchme.log 2013-02-02 23:11:38 . 2013-02-02 23:11:41 703,117 ----a-w- C:\Qoobox\Quarantine\C\Users\Rick\AppData\Roaming\technic-launcher.jar.vir 2012-12-20 11:36:18 . 2012-12-20 11:36:18 7,168 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\Wincert\WIN32C~1.DLL.vir 2011-10-03 00:46:34 . 2011-10-03 00:46:34 66,884 ----a-w- C:\Qoobox\Quarantine\C\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FB6B1F7D-E00D-4CA2-B6F0-7DAF7C40086C}.xps.vir 2011-09-20 16:38:47 . 2011-09-20 16:38:47 242,636 ----a-w- C:\Qoobox\Quarantine\C\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\{19A175C3-6D38-46DF-8B7D-2211B7990A45}.xps.vir 2011-08-10 01:41:24 . 2011-08-10 01:41:24 164,911 ----a-w- C:\Qoobox\Quarantine\C\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E8B1628D-C191-4C4D-BA20-501B5FE7F7DA}.xps.vir 2011-08-02 19:26:56 . 2011-08-02 19:26:56 218,265 ----a-w- C:\Qoobox\Quarantine\C\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\{78C629D7-AEDB-4191-9EEF-57C99F2D062C}.xps.vir 2011-08-02 19:22:19 . 2011-08-02 19:22:19 218,269 ----a-w- C:\Qoobox\Quarantine\C\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3FECBE9F-78CC-476B-A4F9-F1F2C083029E}.xps.vir 2011-08-02 19:21:25 . 2011-08-02 19:21:25 218,263 ----a-w- C:\Qoobox\Quarantine\C\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B0EFDE9D-916B-4CD6-89D0-0F2C3E66D451}.xps.vir 2011-08-02 19:19:51 . 2011-08-02 19:19:51 121,459 ----a-w- C:\Qoobox\Quarantine\C\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0964463E-DAF7-4169-9123-A61B7AEDDF28}.xps.vir 2011-08-02 19:19:16 . 2011-08-02 19:19:16 121,463 ----a-w- C:\Qoobox\Quarantine\C\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2811A3F8-9990-4408-806B-DDD862EDAA40}.xps.vir 2011-08-02 19:15:19 . 2011-08-02 19:15:19 218,263 ----a-w- C:\Qoobox\Quarantine\C\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7613CF61-DA92-47D9-87C4-7BFA58FD23BC}.xps.vir 2011-08-02 19:14:04 . 2011-08-02 19:14:04 218,269 ----a-w- C:\Qoobox\Quarantine\C\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\{00FADAEF-EA3C-4175-9BC2-2DC0B9CF19FA}.xps.vir 2011-07-24 16:10:25 . 2011-07-24 16:10:25 163 ----a-w- C:\Qoobox\Quarantine\C\test.txt.vir 2005-05-06 18:53:37 . 2005-05-06 18:53:37 7,132 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl_Uninstall.cdas.vir 2005-05-06 18:53:37 . 2005-05-06 18:53:37 868 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl.cdanfo.vir 2005-04-22 19:34:38 . 2005-04-22 19:34:38 2,768 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\WireControl\1.0.0.63\files\controlpanel\index.html.vir 2005-04-05 01:01:12 . 2005-04-05 01:01:12 98,304 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\WireControl\1.0.0.63\files\WireControl.dll.vir 2004-05-19 00:30:05 . 2004-05-19 00:30:05 844 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1.cdanfo.vir 2004-05-19 00:30:05 . 2004-05-19 00:30:05 6,772 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1_Uninstall.cdas.vir 2004-05-19 00:30:05 . 2004-05-19 00:30:05 844 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\Webd\4.1.1\files\Webd331.cdanfo.vir 2004-05-19 00:30:05 . 2004-05-19 00:30:05 6,388 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\Webd\4.1.1\files\Webd331_Uninstall.cdas.vir 2004-05-19 00:30:05 . 2004-05-19 00:30:05 9,484 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\Webd\4.1.1\files\Webd331_fileList.cdas.vir 2004-05-19 00:30:04 . 2004-05-19 00:30:04 20 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\Webd\4.1.1\files\legacy\data.wts.vir 2004-05-19 00:30:04 . 2004-05-19 00:30:04 71 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\Webd\4.1.1\files\legacy\webdriver.dll.vir 2004-05-19 00:30:04 . 2004-05-19 00:30:04 71 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\Webd\4.1.1\files\legacy\wt3d.dll.vir 2004-05-14 14:58:57 . 2004-05-14 14:58:57 22 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\Webd\4.1.1\files\update_info\data.wts.vir 2004-05-14 14:58:03 . 2004-05-14 14:58:03 712,704 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\Webd\4.1.1\files\webdriver.dll.vir 2004-05-14 14:56:25 . 2004-05-14 14:56:25 102,400 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\Webd\4.1.1\files\actorobject.dll.vir 2004-05-14 14:56:14 . 2004-05-14 14:56:14 45,056 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll.vir 2004-05-14 14:56:07 . 2004-05-14 14:56:07 98,304 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\Webd\4.1.1\files\Sound.dll.vir 2004-05-14 14:55:43 . 2004-05-14 14:55:43 65,536 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\Webd\4.1.1\files\dx7drv.dll.vir 2004-05-14 14:55:31 . 2004-05-14 14:55:31 155,648 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll.vir 2004-05-14 14:55:19 . 2004-05-14 14:55:19 737,280 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\Webd\4.1.1\files\wdengine.dll.vir 2004-05-04 18:33:53 . 2004-05-04 18:33:53 844 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo.vir 2004-05-04 18:33:53 . 2004-05-04 18:33:53 6,996 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas.vir 2004-05-04 18:33:53 . 2004-05-04 18:33:53 836 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\dmmp\3.0.2.000\install\dmmp.cdanfo.vir 2004-05-04 18:33:53 . 2004-05-04 18:33:53 6,732 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\dmmp\3.0.2.000\install\DMMP_Uninstall.cdas.vir 2004-04-26 21:19:34 . 2004-04-26 21:19:34 57,344 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll.vir 2004-04-26 21:19:30 . 2004-04-26 21:19:30 61,440 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\Webd\4.1.1\files\WTHost.exe.vir 2004-04-26 21:19:26 . 2004-04-26 21:19:26 32,768 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll.vir 2004-04-26 21:19:20 . 2004-04-26 21:19:20 337 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\Webd\4.1.1\files\nsIWTHostPlugin.xpt.vir 2004-03-10 01:57:27 . 2004-03-10 01:57:27 18,306 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\Webd\4.1.1\files\wtmulti.jar.vir 2004-03-10 01:57:23 . 2004-03-10 01:57:23 73,728 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll.vir 2004-02-16 17:47:10 . 2004-02-16 17:47:10 53,248 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax.vir 2004-02-16 17:47:09 . 2004-02-16 17:47:09 53,248 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\Webd\4.1.1\files\wtvh.dll.vir 2004-02-16 16:49:28 . 2004-02-16 16:49:28 3,564 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\Webd\4.1.1\files\wdcaps.ded.vir 2004-02-16 16:49:28 . 2004-02-16 16:49:28 87 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini.vir 2004-02-16 16:47:10 . 2004-02-16 16:47:10 6,925 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\Webd\4.1.1\files\controlPanel\index.html.vir 2004-02-16 16:47:09 . 2004-02-16 16:47:09 251 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\Webd\4.1.1\files\wt3d.ini.vir 2004-01-22 06:14:57 . 2004-01-22 06:14:57 22 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\dmmp\3.0.2.000\files\update_info\data.wts.vir 2003-12-03 23:46:42 . 2003-12-03 23:46:42 2,798 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\DRM\3.2.0.19\files\controlPanel\index.html.vir 2003-12-01 20:04:18 . 2003-12-01 20:04:18 2,404 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\dmmp\3.0.2.000\files\controlPanel\index.html.vir 2003-11-11 01:38:24 . 2003-11-11 01:38:24 49,152 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpv.dll.vir 2003-10-27 22:49:01 . 2003-10-27 22:49:01 6,095 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpi.jar.vir 2003-10-27 19:42:44 . 2003-10-27 19:42:44 36,864 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmp.dll.vir 2003-09-04 23:14:01 . 2003-09-04 23:14:01 24,576 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll.vir 2003-09-04 23:13:57 . 2003-09-04 23:13:57 24,576 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll.vir 2003-09-04 23:13:49 . 2003-09-04 23:13:49 9,566 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar.vir 2003-09-04 23:12:09 . 2003-09-04 23:12:09 21,504 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll.vir 2003-08-20 21:53:48 . 2003-08-20 21:53:48 159,744 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\Webd\4.1.1\files\rdriver.dll.vir 2003-08-20 21:53:16 . 2003-08-20 21:53:16 167,936 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\Webd\4.1.1\files\jdriver.dll.vir 2003-08-20 21:52:26 . 2003-08-20 21:52:26 264,641 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\Webd\4.1.1\files\wildtangent.jar.vir 2003-02-21 10:16:08 . 2003-02-21 10:16:08 49,152 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\URTTEMP\regtlib.exe.vir 2002-11-12 21:24:41 . 2002-11-12 21:24:41 7,714 ----a-w- C:\Qoobox\Quarantine\C\Windows\wt\wtupdates\DRM\3.2.0.19\files\wt.sto.vir The problems seem to have cleared up. I do get a large number of security alerts for IE when moving from site to site but I assume that is because of changes by ComboFix. I appreciate all the help and thank you again. RiRririririririirriri
  12. Thank you Gringo for your help. Here is the information you requested ==================== Security Check Log ==================== Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Trojan Remover 6.8.5 Malwarebytes Anti-Malware version 1.75.0.1300 Java™ 6 Update 26 Java version out of Date! Adobe Flash Player 11.4.402.265 Flash Player out of Date! Adobe Reader 10.1.6 Adobe Reader out of Date! Google Chrome 26.0.1410.43 Google Chrome 26.0.1410.64 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` ==================== End Security Check Log ==================== ==================== AdwCleaner Log ==================== # AdwCleaner v2.202 - Logfile created 04/27/2013 at 11:00:53 # Updated 23/04/2013 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : Rick - USER-PC # Boot Mode : Normal # Running from : C:\Users\Rick\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk Folder Deleted : C:\Program Files (x86)\1ClickDownload Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\Zynga Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\Users\Rick\AppData\Local\Babylon Folder Deleted : C:\Users\Rick\AppData\Local\Conduit Folder Deleted : C:\Users\Rick\AppData\Local\Ilivid Folder Deleted : C:\Users\Rick\AppData\Local\PackageAware Folder Deleted : C:\Users\Rick\AppData\Local\Temp\{503e067f-2914-4edd-8432-2d6c52635e23} Folder Deleted : C:\Users\Rick\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Rick\AppData\LocalLow\Zynga Folder Deleted : C:\Users\Rick\AppData\Roaming\Babylon ***** [Registry] ***** Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\datamngr.dll Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\IEBHO.dll Key Deleted : HKCU\Software\1ClickDownload Key Deleted : HKCU\Software\APN DTX Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\Zynga Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\ilivid Key Deleted : HKCU\Software\imeshtoolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7B13EC3E-999A-4B70-B9CB-2617B8323822} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B13EC3E-999A-4B70-B9CB-2617B8323822} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF} Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1 Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{636E19A4-E9F1-4F72-8D81-85E5A2D3DB18} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{636E19A4-E9F1-4F72-8D81-85E5A2D3DB18} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B13EC3E-999A-4B70-B9CB-2617B8323822} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{48199DE7-86E7-46A1-8F8C-7733381D4B8F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{503E067F-2914-4EDD-8432-2D6C52635E23} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D6AD49F1-CD02-4F25-9146-F047917B734B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{503E067F-2914-4EDD-8432-2D6C52635E23} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B13EC3E-999A-4B70-B9CB-2617B8323822} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\imeshtoolbar Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Zynga Toolbar Key Deleted : HKLM\Software\Zynga Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2} Key Deleted : HKLM\SOFTWARE\DataMngr Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7B13EC3E-999A-4B70-B9CB-2617B8323822}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7B13EC3E-999A-4B70-B9CB-2617B8323822}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7B13EC3E-999A-4B70-B9CB-2617B8323822}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{503E067F-2914-4EDD-8432-2D6C52635E23}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7B13EC3E-999A-4B70-B9CB-2617B8323822}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16537 [OK] Registry is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.26] : keyword = "search-results.com", Deleted [l.29] : search_url = "hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=1157&systemid=1&apn_dtid=[...] Deleted [l.1643] : homepage = "hxxp://search.imesh.net", Deleted [l.1934] : urls_to_restore_on_startup = [ "hxxp://search.imesh.net", "hxxp://www.google.com" ] ************************* AdwCleaner[s1].txt - [8049 octets] - [27/04/2013 11:00:53] ########## EOF - C:\AdwCleaner[s1].txt - [8109 octets] ########## ==================== End AdwCleaner Log ==================== ==================== Rogue Killer Log ==================== RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo...13-roguekiller/ Website : http://tigzy.geeksto...roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Rick [Admin rights] Mode : Remove -- Date : 04/27/2013 11:10:37 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : My Games (rundll32 "C:\Users\Rick\AppData\Local\Downloaded Installations\My Games\ihdupr.dll",SCBB2_CreateTransformTablesW) [x] -> DELETED [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Volume0 +++++ --- User --- [MBR] 9e84927cd01bdd3d8b97683d33aab35d [bSP] 8858a9b4355773809bb84c6aea1fa6be : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1907632 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[2]_D_04272013_02d1110.txt >> RKreport[1]_S_04272013_02d1109.txt ; RKreport[2]_D_04272013_02d1110.txt ==================== End Rogue Killer Log ====================</dot></at>
  13. As my title states, I suspect that I have multiple browser hijackers. Search results regularly get redirected to totally unrelated pages and other odd IE behaviors. I've run Malwarebytes Anti-Malware v 1.70.0.1100 with DB v 2013.04.09.02. I also run Symantec Endpoint Protection SBE v 12.0.122.192 with definitions dated 26 April 2013. Finally I have Simply Super Software Trojan Remover v 6.8.5 with current definitions. I have run all of these with zero hits and nothing but a couple of tracking cookies removed. I've attached the DDS.txt and Attach.txt files along with a HijackThis log. I know enough to know that I have a problem, but the Bad guys these days are very good at what they do. Could anyone take a look at these files and suggest a course of action please Thanks Rick Anderson PS your spellchecker doesn't recognize Malwarebytes as a real word. Just an FYI.hijackthis.logattach.txtdds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.