Jump to content

SGHSmorgan

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Everything is working great! Thank you, MrC! I really appreciate your help... I'm a little low on funds at the moment, but I'll give you a donation soon! It probably won't be much, but I do appreciate your work!
  2. Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.09.04.01 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421KyLea Cordwell :: KYLEACORDWELL [administrator] 9/4/2013 12:26:13 AMmbam-log-2013-09-04 (00-26-13).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled: Objects scanned: 240574Time elapsed: 3 minute(s), 13 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)
  3. # AdwCleaner v3.002 - Report created 04/09/2013 at 00:16:16 # Updated 01/09/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : KyLea Cordwell - KYLEACORDWELL # Running from : C:\Users\KyLea Cordwell\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\BrowserProtect Folder Deleted : C:\ProgramData\SweetIM Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\HappyLyrics Folder Deleted : C:\Program Files (x86)\InfoAtoms Folder Deleted : C:\Program Files (x86)\LyricStar Folder Deleted : C:\Program Files (x86)\SweetIM Folder Deleted : C:\Program Files (x86)\sweetpacks bundle uninstaller Folder Deleted : C:\Users\KyLea Cordwell\AppData\Local\Conduit Folder Deleted : C:\Users\KyLea Cordwell\AppData\Local\cre Folder Deleted : C:\Users\KyLea Cordwell\AppData\Local\SwvUpdater Folder Deleted : C:\Users\KyLea Cordwell\AppData\LocalLow\Conduit Folder Deleted : C:\Users\KyLea Cordwell\AppData\LocalLow\delta Folder Deleted : C:\Users\KyLea Cordwell\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\KyLea Cordwell\AppData\LocalLow\SweetIM Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\infoatoms@infoatoms.com File Deleted : C:\END File Deleted : C:\Users\Public\Desktop\eBay.lnk File Deleted : C:\Users\KyLea Cordwell\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data File Deleted : C:\Users\KyLea Cordwell\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences File Deleted : C:\windows\System32\Tasks\BrowserProtect ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [infoatoms@infoatoms.com] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gfhdkohbepelnfckgjinfddmecpngnpb Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [smart Driver Updater] Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1 Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1 Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\sim-packages Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DEALPL~1_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DEALPL~1_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll] Key Deleted : HKCU\Software\5c55da8cbc3ab845 Key Deleted : HKLM\SOFTWARE\5c55da8cbc3ab845 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3286042 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF7BD87A-8024-11E2-F316-F3E56188709B} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\BabSolution Key Deleted : HKCU\Software\BabylonToolbar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\InfoAtoms Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0110EF3B-85D7-4365-B585-4C521CFA9064} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InfoAtoms ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16502 Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page] -\\ Google Chrome v29.0.1547.62 [ File : C:\Users\KyLea Cordwell\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : homepage ************************* AdwCleaner[R0].txt - [8115 octets] - [04/09/2013 00:11:24] AdwCleaner[s0].txt - [7639 octets] - [04/09/2013 00:16:16] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7699 octets] ##########
  4. MBAR nor MBAM found anything, so I'm clear there... Here's the fixlog: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2013 03Ran by KyLea Cordwell at 2013-09-03 15:26:04 Run:1Running from C:\Users\KyLea Cordwell\DesktopBoot Mode: Normal============================================== Content of fixlist:*****************HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x] U4 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\ \...\???\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\GoogleUpdate.exe" S1 bbknrojr; \??\C:\windows\system32\drivers\bbknrojr.sys [x]S1 coxespbx; \??\C:\windows\system32\drivers\coxespbx.sys [x]S1 daqiedkz; \??\C:\windows\system32\drivers\daqiedkz.sys [x]S1 fciwkcpr; \??\C:\windows\system32\drivers\fciwkcpr.sys [x]S1 glzxvopu; \??\C:\windows\system32\drivers\glzxvopu.sys [x]S1 ibprlajp; \??\C:\windows\system32\drivers\ibprlajp.sys [x]S1 imijwmhk; \??\C:\windows\system32\drivers\imijwmhk.sys [x]S1 jdejdgdj; \??\C:\windows\system32\drivers\jdejdgdj.sys [x]S1 kgywzdwo; \??\C:\windows\system32\drivers\kgywzdwo.sys [x]S1 lpauflxb; \??\C:\windows\system32\drivers\lpauflxb.sys [x]S1 ovjbacxz; \??\C:\windows\system32\drivers\ovjbacxz.sys [x]C:\Users\KYLEAC~1\AppData\Local\Temp\nsz6F1A.exeC:\Users\KYLEAC~1\AppData\Local\Temp\sqlite3.exeC:\Users\KYLEAC~1\AppData\Local\Temp\tbKeyB.dllC:\Users\KYLEAC~1\AppData\Local\Temp\nsh82C6.tmp\System.dllC:\Users\KYLEAC~1\AppData\Local\Temp\nsh4B04.tmp\System.dll ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MSC => Value was restored successfully.*etadpug => Service deleted successfully.bbknrojr => Service deleted successfully.coxespbx => Service deleted successfully.daqiedkz => Service deleted successfully.fciwkcpr => Service deleted successfully.glzxvopu => Service deleted successfully.ibprlajp => Service deleted successfully.imijwmhk => Service deleted successfully.jdejdgdj => Service deleted successfully.kgywzdwo => Service deleted successfully.lpauflxb => Service deleted successfully.ovjbacxz => Service deleted successfully.C:\Users\KYLEAC~1\AppData\Local\Temp\nsz6F1A.exe => Moved successfully.C:\Users\KYLEAC~1\AppData\Local\Temp\sqlite3.exe => Moved successfully.C:\Users\KYLEAC~1\AppData\Local\Temp\tbKeyB.dll => Moved successfully.C:\Users\KYLEAC~1\AppData\Local\Temp\nsh82C6.tmp\System.dll => Moved successfully.C:\Users\KYLEAC~1\AppData\Local\Temp\nsh4B04.tmp\System.dll => Moved successfully. ==== End of Fixlog ==== Can you explain what the fixlist does and how you make it? I'd like to be able to help myself in the future...
  5. Here ya' go! Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2013 03Ran by KyLea Cordwell (administrator) on KYLEACORDWELL on 03-09-2013 14:59:27Running from C:\Users\KyLea Cordwell\DesktopWindows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\windows\system32\nvvsvc.exe(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe(Microsoft Corporation) C:\windows\system32\WLANExt.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe(Adobe Systems Incorporated) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Microsoft Corporation) C:\windows\SysWOW64\schtasks.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe() C:\Users\KyLea Cordwell\Downloads\RogueKillerX64.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Nero AG) C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe(Nero AG) C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3666800 2011-01-21] (Dell Inc.)HKLM\...\Run: [intelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()HKLM\...\Run: [NVHotkey] - C:\Windows\system32\nvHotkey.dll [312936 2011-04-21] (NVIDIA Corporation)HKLM\...\Run: [intelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)HKLM\...\Run: [bTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10365952 2011-05-19] (Intel Corporation)HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj [483424 2012-02-01] ()HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x] <===== ATTENTION (File name is altered)HKLM\...\Policies\Explorer: [NoActiveDesktop] 1HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1HKCU\...\Run: [HP Deskjet 3050A J611 series (NET)] - C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2676584 2011-06-08] (Hewlett-Packard Co.)HKCU\...\Run: [AdobeBridge] - [x]HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation)HKCU\...\Run: [smart Driver Updater] - C:\Program Files (x86)\Smart Driver Updater\SDULauncher.exe [x]HKCU\...\Run: [GoogleChromeAutoLaunch_385B54E8F4DB39757CFD9E6119D39162] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [829392 2013-08-24] (Google Inc.)HKCU\...\Policies\Explorer: [NoChangeStartMenu] 0HKCU\...\Policies\Explorer: [NoLogOff] 0MountPoints2: {c113e407-e995-11e0-8891-806e6f6e6963} - D:\Setup.exeHKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)HKLM-x32\...\Run: [NeroLauncher] - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)HKLM-x32\...\Run: [] - [x]HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj [2835443 2012-02-01] ()HKLM-x32\...\Run: [Denzi] - C:\Program Files (x86)\Denzi\Denzi.exe [x]Startup: C:\Users\KyLea Cordwell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnkShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.com/HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.5000006.10042&barid={314727FE-91D0-11E2-BAB5-AC7289A6FE8B}StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM-x32 - DefaultScope {7FA31F8F-1DE0-4F21-BE90-F7BA02328A53} URL = SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.5000006.10042&barid={314727FE-91D0-11E2-BAB5-AC7289A6FE8B}SearchScopes: HKCU - DefaultScope {7FA31F8F-1DE0-4F21-BE90-F7BA02328A53} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3286042&CUI=UN34410706512143084&UM=2SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119586&babsrc=SP_ss&mntrId=7C4EAC7289A6FE88SearchScopes: HKCU - {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}SearchScopes: HKCU - {7FA31F8F-1DE0-4F21-BE90-F7BA02328A53} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3286042&CUI=UN34410706512143084&UM=2SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.5000006.10042&barid={314727FE-91D0-11E2-BAB5-AC7289A6FE8B}BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Chrome: =======CHR RestoreOnStartup: "https://www.google.com/"CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No FileCHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\gcswf32.dll No FileCHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll No FileCHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll ()CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Java Deployment Toolkit 6.0.270.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)CHR Plugin: (Java Platform SE 6 U27) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No FileCHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No FileCHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No FileCHR Extension: (YouTube) - C:\Users\KYLEAC~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0CHR Extension: (Google Search) - C:\Users\KYLEAC~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0CHR Extension: (Chrome In-App Payments service) - C:\Users\KYLEAC~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0CHR Extension: (Gmail) - C:\Users\KYLEAC~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1CHR HKLM-x32\...\Chrome\Extension: [gfhdkohbepelnfckgjinfddmecpngnpb] - C:\Program Files (x86)\LyricStar\Chrome.crxCHR HKLM-x32\...\Chrome\Extension: [gpaiibklhaneknloaoccoidbaffjjlnb] - C:\Users\KyLea Cordwell\AppData\Local\CRE\gpaiibklhaneknloaoccoidbaffjjlnb.crxCHR HKLM-x32\...\Chrome\Extension: [hhbgpoakplhahbklhkcfbpicgjcaoglk] - C:\Program Files (x86)\InfoAtoms\Chrome\InfoAtoms.crx ==================== Services (Whitelisted) ================= R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)S2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]U4 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\ \...\???\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) ==================== Drivers (Whitelisted) ==================== R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)S1 bbknrojr; \??\C:\windows\system32\drivers\bbknrojr.sys [x]S1 coxespbx; \??\C:\windows\system32\drivers\coxespbx.sys [x]S1 daqiedkz; \??\C:\windows\system32\drivers\daqiedkz.sys [x]S1 fciwkcpr; \??\C:\windows\system32\drivers\fciwkcpr.sys [x]S1 glzxvopu; \??\C:\windows\system32\drivers\glzxvopu.sys [x]S1 ibprlajp; \??\C:\windows\system32\drivers\ibprlajp.sys [x]S1 imijwmhk; \??\C:\windows\system32\drivers\imijwmhk.sys [x]S1 jdejdgdj; \??\C:\windows\system32\drivers\jdejdgdj.sys [x]S1 kgywzdwo; \??\C:\windows\system32\drivers\kgywzdwo.sys [x]S1 lpauflxb; \??\C:\windows\system32\drivers\lpauflxb.sys [x]S1 ovjbacxz; \??\C:\windows\system32\drivers\ovjbacxz.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-03 14:59 - 2013-09-03 14:59 - 00000000 ____D C:\FRST2013-09-03 14:57 - 2013-09-03 14:58 - 01950416 _____ (Farbar) C:\Users\KyLea Cordwell\Desktop\FRST64.exe2013-09-03 14:45 - 2013-09-03 14:45 - 00001999 _____ C:\Users\KyLea Cordwell\Desktop\RKreport[0]_D_09032013_144541.txt2013-09-03 14:22 - 2013-09-03 14:22 - 00023818 _____ C:\Users\KyLea Cordwell\Desktop\attach.txt2013-09-03 14:22 - 2013-09-03 14:22 - 00023475 _____ C:\Users\KyLea Cordwell\Desktop\dds.txt2013-09-03 14:17 - 2013-09-03 14:17 - 00688992 ____R (Swearware) C:\Users\KyLea Cordwell\Downloads\dds.com2013-09-03 14:12 - 2013-09-03 14:12 - 00001832 _____ C:\Users\KyLea Cordwell\Desktop\RKreport[0]_S_09032013_141206.txt2013-09-03 13:57 - 2013-09-03 14:05 - 2597191680 _____ C:\avenger.txt2013-09-03 13:54 - 2013-09-03 13:54 - 00001930 _____ C:\Users\KyLea Cordwell\Desktop\RKreport[0]_D_09032013_135410.txt2013-09-03 13:50 - 2013-09-03 13:50 - 00001762 _____ C:\Users\KyLea Cordwell\Desktop\RKreport[0]_S_09032013_135041.txt2013-09-03 13:42 - 2013-09-03 13:42 - 00001863 _____ C:\Users\KyLea Cordwell\Desktop\RKreport[0]_D_09032013_134207.txt2013-09-03 13:30 - 2013-09-03 13:30 - 00001693 _____ C:\Users\KyLea Cordwell\Desktop\RKreport[0]_S_09032013_133017.txt2013-09-03 10:09 - 2013-09-03 10:09 - 00003491 _____ C:\Users\KyLea Cordwell\Desktop\RKreport[0]_D_09032013_100959.txt2013-09-03 10:07 - 2013-09-03 10:07 - 00003235 _____ C:\Users\KyLea Cordwell\Desktop\RKreport[0]_S_09032013_100705.txt2013-09-03 10:02 - 2013-09-03 14:45 - 00000000 ____D C:\Users\KyLea Cordwell\Desktop\RK_Quarantine2013-09-03 10:02 - 2013-09-03 10:02 - 03787264 _____ C:\Users\KyLea Cordwell\Downloads\RogueKillerX64.exe2013-09-03 05:24 - 2013-09-03 05:24 - 00000000 _____ C:\windows\system32\config\SOFTWARE785406a02013-09-03 05:16 - 2013-09-03 05:16 - 00000000 ____D C:\windows\Microsoft Antimalware2013-09-03 02:01 - 2013-09-03 02:01 - 00000000 ____D C:\Avenger2013-09-03 01:43 - 2013-09-03 13:52 - 00000000 ____D C:\Users\KyLea Cordwell\Desktop\mbar2013-09-03 01:42 - 2013-09-03 01:42 - 12907592 _____ (Malwarebytes Corp.) C:\Users\KyLea Cordwell\Downloads\mbar-1.07.0.1005.exe2013-09-03 01:33 - 2013-09-03 01:33 - 00027256 _____ (Symantec Corporation) C:\windows\system32\Drivers\FixZeroAccess.sys2013-09-03 00:53 - 2013-07-24 23:54 - 17830400 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2013-09-03 00:53 - 2013-07-24 23:37 - 02312704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2013-09-03 00:53 - 2013-07-24 23:35 - 10926080 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2013-09-03 00:53 - 2013-07-24 23:31 - 01346560 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2013-09-03 00:53 - 2013-07-24 23:30 - 01392128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2013-09-03 00:53 - 2013-07-24 23:29 - 01494528 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2013-09-03 00:53 - 2013-07-24 23:29 - 00237056 _____ (Microsoft Corporation) C:\windows\system32\url.dll2013-09-03 00:53 - 2013-07-24 23:29 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2013-09-03 00:53 - 2013-07-24 23:28 - 02147840 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2013-09-03 00:53 - 2013-07-24 23:28 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll2013-09-03 00:53 - 2013-07-24 23:28 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2013-09-03 00:53 - 2013-07-24 23:28 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll2013-09-03 00:53 - 2013-07-24 23:28 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe2013-09-03 00:53 - 2013-07-24 23:27 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2013-09-03 00:53 - 2013-07-24 23:27 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll2013-09-03 00:53 - 2013-07-24 23:26 - 00248320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2013-09-03 00:53 - 2013-07-24 22:40 - 12334080 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2013-09-03 00:53 - 2013-07-24 22:32 - 01800704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2013-09-03 00:53 - 2013-07-24 22:30 - 09738752 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2013-09-03 00:53 - 2013-07-24 22:26 - 01129472 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2013-09-03 00:53 - 2013-07-24 22:26 - 01104384 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2013-09-03 00:53 - 2013-07-24 22:25 - 01427968 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl2013-09-03 00:53 - 2013-07-24 22:24 - 00231936 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll2013-09-03 00:53 - 2013-07-24 22:24 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2013-09-03 00:53 - 2013-07-24 22:23 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2013-09-03 00:53 - 2013-07-24 22:23 - 00717824 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll2013-09-03 00:53 - 2013-07-24 22:23 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2013-09-03 00:53 - 2013-07-24 22:23 - 00420864 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll2013-09-03 00:53 - 2013-07-24 22:23 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe2013-09-03 00:53 - 2013-07-24 22:22 - 02382848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2013-09-03 00:53 - 2013-07-24 22:22 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2013-09-03 00:53 - 2013-07-24 22:22 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll2013-09-03 00:12 - 2013-09-03 00:12 - 00002119 _____ C:\Users\KyLea Cordwell\Desktop\Microsoft Security Essentials.lnk2013-09-03 00:08 - 2013-09-03 00:08 - 00003432 _____ C:\windows\System32\Tasks\BrowserProtect2013-09-03 00:08 - 2013-07-25 05:25 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL2013-09-03 00:08 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL2013-09-03 00:08 - 2013-07-18 21:58 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll2013-09-03 00:08 - 2013-07-18 21:41 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll2013-09-03 00:08 - 2013-07-09 01:52 - 00224256 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll2013-09-03 00:08 - 2013-07-09 01:51 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll2013-09-03 00:08 - 2013-07-09 01:46 - 01472512 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll2013-09-03 00:08 - 2013-07-09 01:46 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll2013-09-03 00:08 - 2013-07-09 01:46 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll2013-09-03 00:08 - 2013-07-09 00:52 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll2013-09-03 00:08 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll2013-09-03 00:08 - 2013-07-09 00:46 - 01166848 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll2013-09-03 00:08 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll2013-09-03 00:08 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll2013-09-03 00:08 - 2013-07-06 02:03 - 01910208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys2013-09-03 00:08 - 2013-06-15 00:32 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys2013-09-02 23:59 - 2013-09-02 23:59 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\{35E9392C-4FAF-4F99-A6A7-F1195A000A95}2013-09-02 23:57 - 2013-09-03 14:06 - 00002262 _____ C:\windows\setupact.log2013-09-02 23:57 - 2013-09-03 09:41 - 00025482 _____ C:\windows\PFRO.log2013-09-02 23:57 - 2013-09-02 23:57 - 00000000 _____ C:\windows\setuperr.log2013-09-02 23:51 - 2013-09-02 23:51 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\KyLea Cordwell\Downloads\mbam-setup-1.75.0.1300.exe2013-09-02 23:51 - 2013-09-02 23:51 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-09-02 23:51 - 2013-09-02 23:51 - 00000000 ____D C:\Users\KyLea Cordwell\AppData\Roaming\Malwarebytes2013-09-02 23:51 - 2013-09-02 23:51 - 00000000 ____D C:\ProgramData\Malwarebytes2013-09-02 23:51 - 2013-09-02 23:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-09-02 23:51 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys2013-09-02 23:46 - 2013-09-03 14:05 - 01455563 _____ C:\windows\WindowsUpdate.log2013-09-02 23:44 - 2013-09-02 23:44 - 00001945 _____ C:\windows\epplauncher.mif2013-09-02 23:43 - 2013-09-02 23:44 - 00000000 ____D C:\Program Files\Microsoft Security Client2013-09-02 23:43 - 2013-09-02 23:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client2013-09-02 23:35 - 2013-09-02 23:36 - 13813944 _____ (Microsoft Corporation) C:\Users\KyLea Cordwell\Downloads\mseinstall.exe2013-09-02 23:35 - 2013-09-02 23:35 - 04454952 _____ (Piriform Ltd) C:\Users\KyLea Cordwell\Downloads\ccsetup405.exe2013-09-02 23:35 - 2013-09-02 23:35 - 00002790 _____ C:\windows\System32\Tasks\CCleanerSkipUAC2013-09-02 23:35 - 2013-09-02 23:35 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk2013-09-02 23:35 - 2013-09-02 23:35 - 00000000 ____D C:\Program Files\CCleaner2013-09-02 23:29 - 2013-09-02 23:29 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\{2B2B584A-AD14-4A1E-A597-D1E6644F05F4}2013-08-30 18:53 - 2013-08-30 18:53 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\{BB85505C-EEFF-43B9-865A-22F75E2026C0}2013-08-26 22:18 - 2013-08-26 22:18 - 00003021 _____ C:\Users\KyLea Cordwell\Desktop\Microsoft Word 2010.lnk2013-08-26 16:05 - 2013-08-26 16:05 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\{7AC261BB-8583-403F-B991-A6B26EB99EAF}2013-08-22 00:02 - 2013-08-22 00:03 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\{3287DB5F-B413-4515-A2A7-FF727DADC4B5}2013-08-20 23:41 - 2013-08-20 23:41 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\{0C78E193-D436-4BB0-9A0D-A2491F44E47E}2013-08-19 23:04 - 2013-09-02 23:42 - 00000002 _____ C:\END2013-08-19 23:03 - 2013-09-02 23:43 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\SwvUpdater2013-08-19 22:55 - 2013-08-19 22:55 - 00000000 ____D C:\Users\KyLea Cordwell\Documents\Blio2013-08-19 22:23 - 2013-08-19 22:23 - 00000000 ____D C:\Users\KyLea Cordwell\AppData\Roaming\No Company Name2013-08-19 21:54 - 2013-09-03 00:17 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\Conduit2013-08-19 21:53 - 2013-08-19 22:47 - 00000000 ____D C:\Program Files (x86)\OtShot2013-08-19 21:53 - 2013-08-19 21:54 - 00000000 ____D C:\Program Files (x86)\Conduit2013-08-19 21:53 - 2013-08-19 21:53 - 00000985 _____ C:\Users\UpdatusUser\Desktop\OtShot.lnk2013-08-19 21:53 - 2013-08-19 21:53 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\CRE2013-08-19 20:32 - 2013-08-19 20:32 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\{5B5AF6BE-095B-4743-96EB-39C9CE190F4F}2013-08-18 12:41 - 2013-08-18 12:41 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\{4B46F6CC-A6F5-4F0A-BCC9-E226E40D8CE1}2013-08-13 12:00 - 2013-08-13 12:00 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\{ABA90218-7079-472E-9916-35DB097BBDDC}2013-08-12 20:45 - 2013-08-12 20:45 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\{3C471674-4F55-444B-BDCC-FC6475AD2E92}2013-08-11 11:44 - 2013-08-11 11:44 - 00000000 __SHD C:\windows\SysWOW64\%APPDATA%2013-08-11 10:51 - 2013-09-02 23:56 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\Creative Tech2013-08-11 10:49 - 2013-08-11 10:49 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\{C8C5E8A8-44CD-43FE-A632-AC61BE042B4E}2013-08-09 19:10 - 2013-08-09 19:10 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\{093137C6-737A-4EA7-A919-667D956C0433}2013-08-08 13:28 - 2013-08-08 13:28 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\{DE311929-C0DC-4F3A-98B4-D2E76EBCB684}2013-08-05 20:16 - 2013-08-05 20:16 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\{86AB5895-992F-4C16-B24B-A9841D0CC4FD} ==================== One Month Modified Files and Folders ======= 2013-09-03 14:59 - 2013-09-03 14:59 - 00000000 ____D C:\FRST2013-09-03 14:58 - 2013-09-03 14:57 - 01950416 _____ (Farbar) C:\Users\KyLea Cordwell\Desktop\FRST64.exe2013-09-03 14:45 - 2013-09-03 14:45 - 00001999 _____ C:\Users\KyLea Cordwell\Desktop\RKreport[0]_D_09032013_144541.txt2013-09-03 14:45 - 2013-09-03 10:02 - 00000000 ____D C:\Users\KyLea Cordwell\Desktop\RK_Quarantine2013-09-03 14:32 - 2012-08-28 13:24 - 00000914 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2013-09-03 14:23 - 2011-12-27 18:57 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\Nero2013-09-03 14:22 - 2013-09-03 14:22 - 00023818 _____ C:\Users\KyLea Cordwell\Desktop\attach.txt2013-09-03 14:22 - 2013-09-03 14:22 - 00023475 _____ C:\Users\KyLea Cordwell\Desktop\dds.txt2013-09-03 14:17 - 2013-09-03 14:17 - 00688992 ____R (Swearware) C:\Users\KyLea Cordwell\Downloads\dds.com2013-09-03 14:16 - 2012-08-28 13:24 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job2013-09-03 14:15 - 2009-07-14 00:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-09-03 14:15 - 2009-07-14 00:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-09-03 14:13 - 2009-07-14 01:13 - 00778834 _____ C:\windows\system32\PerfStringBackup.INI2013-09-03 14:12 - 2013-09-03 14:12 - 00001832 _____ C:\Users\KyLea Cordwell\Desktop\RKreport[0]_S_09032013_141206.txt2013-09-03 14:07 - 2012-08-28 13:24 - 00000910 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2013-09-03 14:07 - 2011-09-28 02:51 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks2013-09-03 14:07 - 2011-09-28 02:51 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks2013-09-03 14:07 - 2011-09-28 02:41 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup2013-09-03 14:07 - 2011-09-28 02:10 - 00000000 ____D C:\ProgramData\NVIDIA2013-09-03 14:06 - 2013-09-02 23:57 - 00002262 _____ C:\windows\setupact.log2013-09-03 14:06 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT2013-09-03 14:05 - 2013-09-03 13:57 - 2597191680 _____ C:\avenger.txt2013-09-03 14:05 - 2013-09-02 23:46 - 01455563 _____ C:\windows\WindowsUpdate.log2013-09-03 14:01 - 2012-01-17 17:07 - 00000274 _____ C:\windows\Tasks\HP Photo Creations Messager.job2013-09-03 13:57 - 2009-07-14 01:32 - 00000000 ____D C:\windows\addins2013-09-03 13:54 - 2013-09-03 13:54 - 00001930 _____ C:\Users\KyLea Cordwell\Desktop\RKreport[0]_D_09032013_135410.txt2013-09-03 13:52 - 2013-09-03 01:43 - 00000000 ____D C:\Users\KyLea Cordwell\Desktop\mbar2013-09-03 13:50 - 2013-09-03 13:50 - 00001762 _____ C:\Users\KyLea Cordwell\Desktop\RKreport[0]_S_09032013_135041.txt2013-09-03 13:42 - 2013-09-03 13:42 - 00001863 _____ C:\Users\KyLea Cordwell\Desktop\RKreport[0]_D_09032013_134207.txt2013-09-03 13:30 - 2013-09-03 13:30 - 00001693 _____ C:\Users\KyLea Cordwell\Desktop\RKreport[0]_S_09032013_133017.txt2013-09-03 10:09 - 2013-09-03 10:09 - 00003491 _____ C:\Users\KyLea Cordwell\Desktop\RKreport[0]_D_09032013_100959.txt2013-09-03 10:07 - 2013-09-03 10:07 - 00003235 _____ C:\Users\KyLea Cordwell\Desktop\RKreport[0]_S_09032013_100705.txt2013-09-03 10:02 - 2013-09-03 10:02 - 03787264 _____ C:\Users\KyLea Cordwell\Downloads\RogueKillerX64.exe2013-09-03 09:41 - 2013-09-02 23:57 - 00025482 _____ C:\windows\PFRO.log2013-09-03 05:24 - 2013-09-03 05:24 - 00000000 _____ C:\windows\system32\config\SOFTWARE785406a02013-09-03 05:16 - 2013-09-03 05:16 - 00000000 ____D C:\windows\Microsoft Antimalware2013-09-03 02:01 - 2013-09-03 02:01 - 00000000 ____D C:\Avenger2013-09-03 01:42 - 2013-09-03 01:42 - 12907592 _____ (Malwarebytes Corp.) C:\Users\KyLea Cordwell\Downloads\mbar-1.07.0.1005.exe2013-09-03 01:33 - 2013-09-03 01:33 - 00027256 _____ (Symantec Corporation) C:\windows\system32\Drivers\FixZeroAccess.sys2013-09-03 00:17 - 2013-08-19 21:54 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\Conduit2013-09-03 00:12 - 2013-09-03 00:12 - 00002119 _____ C:\Users\KyLea Cordwell\Desktop\Microsoft Security Essentials.lnk2013-09-03 00:08 - 2013-09-03 00:08 - 00003432 _____ C:\windows\System32\Tasks\BrowserProtect2013-09-02 23:59 - 2013-09-02 23:59 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\{35E9392C-4FAF-4F99-A6A7-F1195A000A95}2013-09-02 23:59 - 2013-03-20 22:37 - 00000000 ____D C:\Users\KyLea Cordwell\Tracing2013-09-02 23:57 - 2013-09-02 23:57 - 00000000 _____ C:\windows\setuperr.log2013-09-02 23:57 - 2012-08-28 13:24 - 00000000 ____D C:\Program Files\Google2013-09-02 23:57 - 2012-08-28 13:24 - 00000000 ____D C:\Program Files (x86)\Google2013-09-02 23:57 - 2011-09-28 02:32 - 00000000 ____D C:\ProgramData\McAfee2013-09-02 23:56 - 2013-08-11 10:51 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\Creative Tech2013-09-02 23:56 - 2013-04-24 15:20 - 00000000 ____D C:\Program Files (x86)\LyricStar2013-09-02 23:51 - 2013-09-02 23:51 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\KyLea Cordwell\Downloads\mbam-setup-1.75.0.1300.exe2013-09-02 23:51 - 2013-09-02 23:51 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-09-02 23:51 - 2013-09-02 23:51 - 00000000 ____D C:\Users\KyLea Cordwell\AppData\Roaming\Malwarebytes2013-09-02 23:51 - 2013-09-02 23:51 - 00000000 ____D C:\ProgramData\Malwarebytes2013-09-02 23:51 - 2013-09-02 23:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-09-02 23:45 - 2011-02-23 09:08 - 00000000 ____D C:\windows\Panther2013-09-02 23:44 - 2013-09-02 23:44 - 00001945 _____ C:\windows\epplauncher.mif2013-09-02 23:44 - 2013-09-02 23:43 - 00000000 ____D C:\Program Files\Microsoft Security Client2013-09-02 23:43 - 2013-09-02 23:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client2013-09-02 23:43 - 2013-08-19 23:03 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\SwvUpdater2013-09-02 23:42 - 2013-08-19 23:04 - 00000002 _____ C:\END2013-09-02 23:42 - 2012-08-28 13:24 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\Google2013-09-02 23:36 - 2013-09-02 23:35 - 13813944 _____ (Microsoft Corporation) C:\Users\KyLea Cordwell\Downloads\mseinstall.exe2013-09-02 23:35 - 2013-09-02 23:35 - 04454952 _____ (Piriform Ltd) C:\Users\KyLea Cordwell\Downloads\ccsetup405.exe2013-09-02 23:35 - 2013-09-02 23:35 - 00002790 _____ C:\windows\System32\Tasks\CCleanerSkipUAC2013-09-02 23:35 - 2013-09-02 23:35 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk2013-09-02 23:35 - 2013-09-02 23:35 - 00000000 ____D C:\Program Files\CCleaner2013-09-02 23:29 - 2013-09-02 23:29 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\{2B2B584A-AD14-4A1E-A597-D1E6644F05F4}2013-08-30 19:33 - 2012-08-28 13:25 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk2013-08-30 19:10 - 2013-06-14 12:15 - 00003440 _____ C:\windows\System32\Tasks\PCDEventLauncherTask2013-08-30 18:53 - 2013-08-30 18:53 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\{BB85505C-EEFF-43B9-865A-22F75E2026C0}2013-08-26 22:18 - 2013-08-26 22:18 - 00003021 _____ C:\Users\KyLea Cordwell\Desktop\Microsoft Word 2010.lnk2013-08-26 16:05 - 2013-08-26 16:05 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\{7AC261BB-8583-403F-B991-A6B26EB99EAF}2013-08-22 00:03 - 2013-08-22 00:02 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\{3287DB5F-B413-4515-A2A7-FF727DADC4B5}2013-08-20 23:41 - 2013-08-20 23:41 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\{0C78E193-D436-4BB0-9A0D-A2491F44E47E}2013-08-20 23:39 - 2009-07-14 00:45 - 05428064 _____ C:\windows\system32\FNTCACHE.DAT2013-08-19 23:05 - 2011-09-28 01:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information2013-08-19 22:57 - 2011-09-28 02:07 - 00000000 ____D C:\Program Files (x86)\Adobe2013-08-19 22:55 - 2013-08-19 22:55 - 00000000 ____D C:\Users\KyLea Cordwell\Documents\Blio2013-08-19 22:52 - 2011-09-28 02:07 - 00000000 ____D C:\Program Files (x86)\Zinio Reader 42013-08-19 22:51 - 2013-03-20 22:35 - 00000000 ____D C:\Program Files\Paint.NET2013-08-19 22:50 - 2011-09-28 02:06 - 00000000 ____D C:\ProgramData\Cozi2013-08-19 22:47 - 2013-08-19 21:53 - 00000000 ____D C:\Program Files (x86)\OtShot2013-08-19 22:46 - 2011-09-28 02:36 - 00000000 ____D C:\ProgramData\Adobe2013-08-19 22:39 - 2013-03-20 22:35 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\Paint.NET2013-08-19 22:35 - 2012-02-04 17:25 - 00000000 ____D C:\Users\KyLea Cordwell\AppData\Roaming\Skype2013-08-19 22:35 - 2011-09-28 02:36 - 00000000 ____D C:\ProgramData\Skype2013-08-19 22:26 - 2011-12-25 11:34 - 00110376 _____ C:\Users\KYLEAC~1\AppData\Local\GDIPFONTCACHEV1.DAT2013-08-19 22:23 - 2013-08-19 22:23 - 00000000 ____D C:\Users\KyLea Cordwell\AppData\Roaming\No Company Name2013-08-19 21:54 - 2013-08-19 21:53 - 00000000 ____D C:\Program Files (x86)\Conduit2013-08-19 21:53 - 2013-08-19 21:53 - 00000985 _____ C:\Users\UpdatusUser\Desktop\OtShot.lnk2013-08-19 21:53 - 2013-08-19 21:53 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\CRE2013-08-19 20:41 - 2012-01-03 23:39 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\Adobe2013-08-19 20:32 - 2013-08-19 20:32 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\{5B5AF6BE-095B-4743-96EB-39C9CE190F4F}2013-08-18 23:16 - 2013-06-14 12:15 - 00000000 ____D C:\Program Files\My Dell2013-08-18 23:16 - 2012-01-29 19:00 - 00000000 ____D C:\ProgramData\PCDr2013-08-18 12:41 - 2013-08-18 12:41 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\{4B46F6CC-A6F5-4F0A-BCC9-E226E40D8CE1}2013-08-13 12:00 - 2013-08-13 12:00 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\{ABA90218-7079-472E-9916-35DB097BBDDC}2013-08-12 20:45 - 2013-08-12 20:45 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\{3C471674-4F55-444B-BDCC-FC6475AD2E92}2013-08-11 11:44 - 2013-08-11 11:44 - 00000000 __SHD C:\windows\SysWOW64\%APPDATA%2013-08-11 10:49 - 2013-08-11 10:49 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\{C8C5E8A8-44CD-43FE-A632-AC61BE042B4E}2013-08-09 19:10 - 2013-08-09 19:10 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\{093137C6-737A-4EA7-A919-667D956C0433}2013-08-08 13:28 - 2013-08-08 13:28 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\{DE311929-C0DC-4F3A-98B4-D2E76EBCB684}2013-08-05 20:16 - 2013-08-05 20:16 - 00000000 ____D C:\Users\KYLEAC~1\AppData\Local\{86AB5895-992F-4C16-B24B-A9841D0CC4FD}2013-08-05 20:14 - 2013-03-21 00:25 - 00000000 ____D C:\ProgramData\BrowserProtect Files to move or delete:====================C:\Users\KYLEAC~1\AppData\Local\Temp\nsz6F1A.exeC:\Users\KYLEAC~1\AppData\Local\Temp\sqlite3.exeC:\Users\KYLEAC~1\AppData\Local\Temp\tbKeyB.dllC:\Users\KYLEAC~1\AppData\Local\Temp\nsh82C6.tmp\System.dllC:\Users\KYLEAC~1\AppData\Local\Temp\nsh4B04.tmp\System.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-06 17:28 ==================== End Of Log ============================Addition.txt
  6. I wish it were that easy... Error 0x3 RogueKiller V8.6.9 _x64_ [sep 3 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : KyLea Cordwell [Admin rights]Mode : Remove -- Date : 09/03/2013 14:45:41| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤[HID SVC][Hidden from API] HKLM\[...]\CCSet\[...]\Services : . e () -> [0x3] The system cannot find the path specified. [HID SVC][Hidden from API] HKLM\[...]\CS001\[...]\Services : . e () -> [0x3] The system cannot find the path specified. [HID SVC][Hidden from API] HKLM\[...]\CS002\[...]\Services : . e () -> [0x3] The system cannot find the path specified. ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD7500BPVT-75HXZT3 +++++--- User ---[MBR] 2ba88b455b3bbb76610d1c5e10a5917f[bSP] be1daad2a4973b7d1b677893611f8bd9 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 700302 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_D_09032013_144541.txt >>RKreport[0]_D_09032013_100959.txt;RKreport[0]_D_09032013_134207.txt;RKreport[0]_D_09032013_135410.txtRKreport[0]_S_09032013_100705.txt;RKreport[0]_S_09032013_133017.txt;RKreport[0]_S_09032013_135041.txtRKreport[0]_S_09032013_141206.txt
  7. Here's the latest RK report. RogueKiller V8.6.9 _x64_ [sep 3 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : KyLea Cordwell [Admin rights]Mode : Scan -- Date : 09/03/2013 14:12:06| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤[HID SVC][Hidden from API] HKLM\[...]\CCSet\[...]\Services : . e () -> FOUND[HID SVC][Hidden from API] HKLM\[...]\CS001\[...]\Services : . e () -> FOUND[HID SVC][Hidden from API] HKLM\[...]\CS002\[...]\Services : . e () -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD7500BPVT-75HXZT3 +++++--- User ---[MBR] 2ba88b455b3bbb76610d1c5e10a5917f[bSP] be1daad2a4973b7d1b677893611f8bd9 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 700302 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_09032013_141206.txt >>RKreport[0]_D_09032013_100959.txt;RKreport[0]_D_09032013_134207.txt;RKreport[0]_D_09032013_135410.txtRKreport[0]_S_09032013_100705.txt;RKreport[0]_S_09032013_133017.txt;RKreport[0]_S_09032013_135041.txt
  8. I'm working on a PC for a friend. All sorts of Malware, everything removed except this: HKLM\SYSTEM\CurrentControlSet\Services\‮etadpug (Trojan.Zaccess) -> No action taken. I've tried mbam, mbar, mse, windows defender offline, and rogue killer. Nothing seems to get it. I've even searched the registry for "gupdate" and removed the three keys. Still shows up after reboot. Here's my DDS: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16502Run by KyLea Cordwell at 14:22:04 on 2013-09-03Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8099.5677 [GMT -4:00].AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}.============== Running Processes ===============.C:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\nvvsvc.exeC:\windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k netsvcsC:\Program Files\IDT\WDM\STacSV64.exeC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\system32\WLANExt.exeC:\windows\System32\spoolsv.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\NVIDIA Corporation\Display\NvXDSync.exeC:\windows\system32\nvvsvc.exeC:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeC:\Program Files\IDT\WDM\AESTSr64.exeC:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exeC:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exeC:\windows\system32\svchost.exe -k bthsvcsC:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exeC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exeC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Intel\Bluetooth\obexsrv.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\windows\system32\taskhost.exeC:\windows\system32\Dwm.exeC:\windows\Explorer.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEC:\windows\system32\wbem\unsecapp.exeC:\windows\system32\wbem\wmiprvse.exec:\Program Files\Microsoft Security Client\NisSrv.exeC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\IDT\WDM\sttray64.exeC:\Program Files\DellTPad\Apoint.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exeC:\Windows\System32\rundll32.exeC:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exeC:\Program Files\DellTPad\ApMsgFwd.exeC:\Program Files\DellTPad\HidFind.exeC:\Program Files\DellTPad\Apntex.exeC:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exeC:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exeC:\windows\system32\wbem\unsecapp.exeC:\windows\system32\SearchIndexer.exeC:\Program Files (x86)\Intel\Bluetooth\mediasrv.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\windows\SysWOW64\schtasks.exeC:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exeC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Nero\Update\NASvc.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exeC:\Users\KyLea Cordwell\Downloads\RogueKillerX64.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\windows\notepad.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllTB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dlluRun: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN18J430WZ05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1uRun: [AdobeBridge] <no file>mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exemRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resumemRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exemRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startupmRun: [Denzi] C:\Program Files (x86)\Denzi\Denzi.exeStartupFolder: C:\Users\KYLEAC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\windows\System32\RunDll32.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllTCP: NameServer = 192.168.2.1TCP: Interfaces\{3BDC911F-7541-4B2F-9B17-892169AEDC0E} : DHCPNameServer = 192.168.2.1TCP: Interfaces\{3BDC911F-7541-4B2F-9B17-892169AEDC0E}\2656C6B696E6E2534663 : DHCPNameServer = 192.168.2.1TCP: Interfaces\{3BDC911F-7541-4B2F-9B17-892169AEDC0E}\4497E65687 : DHCPNameServer = 192.168.2.1 75.75.75.75 75.75.76.76TCP: Interfaces\{3BDC911F-7541-4B2F-9B17-892169AEDC0E}\84F4D454D283448323 : DHCPNameServer = 75.75.75.75 75.75.76.76Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllx64-Run: [igfxTray] C:\windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exex64-Run: [Persistence] C:\windows\System32\igfxpers.exex64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exex64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exex64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exex64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"x64-Run: [NVHotkey] rundll32.exe C:\windows\System32\nvHotkey.dll,Startx64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Trayx64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayAppx64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startupx64-Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkeyx64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-6-18 247216]R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2011-9-28 25960]R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-9-28 89600]R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-8 1166848]R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-5-19 921664]R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-5-19 995392]R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-28 13336]R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-9-28 1692480]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-4-21 378472]R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-11-29 16120]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-28 2655768]R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2011-8-8 299008]R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-5-19 1335360]R3 btmaudio;Intel Bluetooth Audio Service;C:\windows\System32\drivers\btmaud.sys [2011-5-19 51712]R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-5-19 53248]R3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-7-19 282624]R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2011-9-28 176096]R3 iBtFltCoex;iBtFltCoex;C:\windows\System32\drivers\iBtFltCoex.sys [2011-7-19 59904]R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2011-3-24 25496]R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-7-18 366600]R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-9-28 406632]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2011-8-8 299008]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2011-3-24 34200]S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-9-28 250984]S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-12-27 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2013-09-03 18:07:16 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5E494B1B-26FE-4FBD-A115-06C74CF1DF01}\offreg.dll2013-09-03 09:16:11 -------- d-----w- C:\windows\Microsoft Antimalware2013-09-03 05:33:53 27256 ----a-w- C:\windows\System32\drivers\FixZeroAccess.sys2013-09-03 04:37:32 941720 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{87DBA241-4569-4100-B528-E923AD47F9FD}\gapaengine.dll2013-09-03 04:36:08 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5E494B1B-26FE-4FBD-A115-06C74CF1DF01}\mpengine.dll2013-09-03 03:59:26 -------- d-----w- C:\Users\KyLea Cordwell\AppData\Local\{35E9392C-4FAF-4F99-A6A7-F1195A000A95}2013-09-03 03:51:59 -------- d-----w- C:\Users\KyLea Cordwell\AppData\Roaming\Malwarebytes2013-09-03 03:51:41 -------- d-----w- C:\ProgramData\Malwarebytes2013-09-03 03:51:40 25928 ----a-w- C:\windows\System32\drivers\mbam.sys2013-09-03 03:51:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-09-03 03:51:28 -------- d-----w- C:\Users\KyLea Cordwell\AppData\Local\Programs2013-09-03 03:46:06 9515512 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-09-03 03:43:56 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client2013-09-03 03:43:55 -------- d-----w- C:\Program Files\Microsoft Security Client2013-09-03 03:35:46 -------- d-----w- C:\Program Files\CCleaner2013-09-03 03:29:56 -------- d-----w- C:\Users\KyLea Cordwell\AppData\Local\{2B2B584A-AD14-4A1E-A597-D1E6644F05F4}2013-08-30 22:53:20 -------- d-----w- C:\Users\KyLea Cordwell\AppData\Local\{BB85505C-EEFF-43B9-865A-22F75E2026C0}2013-08-26 20:05:58 -------- d-----w- C:\Users\KyLea Cordwell\AppData\Local\{7AC261BB-8583-403F-B991-A6B26EB99EAF}2013-08-22 04:02:51 -------- d-----w- C:\Users\KyLea Cordwell\AppData\Local\{3287DB5F-B413-4515-A2A7-FF727DADC4B5}2013-08-21 03:41:37 -------- d-----w- C:\Users\KyLea Cordwell\AppData\Local\{0C78E193-D436-4BB0-9A0D-A2491F44E47E}2013-08-20 18:20:44 -------- d-----w- C:\Downloads2013-08-20 03:03:21 -------- d-----w- C:\Users\KyLea Cordwell\AppData\Local\SwvUpdater2013-08-20 02:23:04 -------- d-----w- C:\Users\KyLea Cordwell\AppData\Roaming\No Company Name2013-08-20 01:54:19 -------- d-----w- C:\Users\KyLea Cordwell\AppData\Local\Conduit2013-08-20 01:53:52 -------- d-----w- C:\Users\KyLea Cordwell\AppData\Local\CRE2013-08-20 01:53:52 -------- d-----w- C:\Program Files (x86)\Conduit2013-08-20 01:53:28 -------- d-----w- C:\Program Files (x86)\OtShot2013-08-20 00:32:32 -------- d-----w- C:\Users\KyLea Cordwell\AppData\Local\{5B5AF6BE-095B-4743-96EB-39C9CE190F4F}2013-08-18 16:41:29 -------- d-----w- C:\Users\KyLea Cordwell\AppData\Local\{4B46F6CC-A6F5-4F0A-BCC9-E226E40D8CE1}2013-08-13 16:00:50 -------- d-----w- C:\Users\KyLea Cordwell\AppData\Local\{ABA90218-7079-472E-9916-35DB097BBDDC}2013-08-13 00:45:00 -------- d-----w- C:\Users\KyLea Cordwell\AppData\Local\{3C471674-4F55-444B-BDCC-FC6475AD2E92}2013-08-11 15:44:39 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%2013-08-11 14:51:34 -------- d-----w- C:\Users\KyLea Cordwell\AppData\Local\Creative Tech2013-08-11 14:49:09 -------- d-----w- C:\Users\KyLea Cordwell\AppData\Local\{C8C5E8A8-44CD-43FE-A632-AC61BE042B4E}2013-08-09 23:10:04 -------- d-----w- C:\Users\KyLea Cordwell\AppData\Local\{093137C6-737A-4EA7-A919-667D956C0433}2013-08-08 17:28:11 -------- d-----w- C:\Users\KyLea Cordwell\AppData\Local\{DE311929-C0DC-4F3A-98B4-D2E76EBCB684}2013-08-06 00:16:58 -------- d-----w- C:\Users\KyLea Cordwell\AppData\Local\{86AB5895-992F-4C16-B24B-A9841D0CC4FD}.==================== Find3M ====================.2013-07-25 09:25:54 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL2013-07-25 08:57:27 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL2013-07-25 03:37:25 2312704 ----a-w- C:\windows\System32\jscript9.dll2013-07-25 03:30:49 1392128 ----a-w- C:\windows\System32\wininet.dll2013-07-25 03:29:41 1494528 ----a-w- C:\windows\System32\inetcpl.cpl2013-07-25 03:28:46 173056 ----a-w- C:\windows\System32\ieUnatt.exe2013-07-25 03:28:31 599040 ----a-w- C:\windows\System32\vbscript.dll2013-07-25 03:27:20 2382848 ----a-w- C:\windows\System32\mshtml.tlb2013-07-25 02:32:35 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll2013-07-25 02:26:10 1129472 ----a-w- C:\windows\SysWow64\wininet.dll2013-07-25 02:25:30 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl2013-07-25 02:23:59 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe2013-07-25 02:23:58 420864 ----a-w- C:\windows\SysWow64\vbscript.dll2013-07-25 02:22:35 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb2013-07-19 01:58:42 2048 ----a-w- C:\windows\System32\tzres.dll2013-07-19 01:41:01 2048 ----a-w- C:\windows\SysWow64\tzres.dll2013-07-09 05:52:52 224256 ----a-w- C:\windows\System32\wintrust.dll2013-07-09 05:51:16 1217024 ----a-w- C:\windows\System32\rpcrt4.dll2013-07-09 05:46:20 184320 ----a-w- C:\windows\System32\cryptsvc.dll2013-07-09 05:46:20 1472512 ----a-w- C:\windows\System32\crypt32.dll2013-07-09 05:46:20 139776 ----a-w- C:\windows\System32\cryptnet.dll2013-07-09 04:52:33 663552 ----a-w- C:\windows\SysWow64\rpcrt4.dll2013-07-09 04:52:10 175104 ----a-w- C:\windows\SysWow64\wintrust.dll2013-07-09 04:46:31 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll2013-07-09 04:46:31 1166848 ----a-w- C:\windows\SysWow64\crypt32.dll2013-07-09 04:46:31 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll2013-07-06 06:03:53 1910208 ----a-w- C:\windows\System32\drivers\tcpip.sys2013-06-19 01:50:08 247216 ----a-w- C:\windows\System32\drivers\MpFilter.sys2013-06-19 01:50:08 139616 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys2013-06-15 04:32:16 39936 ----a-w- C:\windows\System32\drivers\tssecsrv.sys2013-06-14 16:16:29 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-06-14 16:16:29 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe.============= FINISH: 14:22:29.95 =============== & Attach.txt is attached. Thanks in advance, you do great work! attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.