Jump to content

cyclopean

Honorary Members
 View Profile  See their activity

  • Posts

    22

  • Joined

  • Last visited

 Content Type 

Everything posted by cyclopean

  1. cyclopean
    Hey Kevin, I think I'm good now - everything is just flying along like before - thanks a million man - I really appreciate your help - left a donation. Richard.
  2. cyclopean
    Hello Kevin, I'm happy to report that so far my system is just flying! Here at the logs: System Variables--------------------------------------------------------------------------------OS: Windows 7 Ultimate NOS Architecture: 64-bitOS Version: 6.1.7601OS Service Pack: Service Pack 1Computer Name: RICHARD-PCWindows Drive: C:\Windows Path: C:\WindowsCurrent Profile: C:\Users\RichardCurrent Profile SID: S-1-5-21-2902050937-303955776-554964296-1000Current Profile Classes: S-1-5-21-2902050937-303955776-554964296-1000_ClassesProfiles Location: C:\UsersProfiles Location 2: C:\Windows\ServiceProfilesLocal Settings AppData: C:\Users\Richard\AppData\Local-------------------------------------------------------------------------------- System Information--------------------------------------------------------------------------------System Up Time: 0 Days 10:14:15 Process Count: 64Commit Total: 3.10 GBCommit Limit: 15.91 GBCommit Peak: 11.11 GBHandle Count: 26169Kernel Total: 422.66 MBKernel Paged: 326.77 MBKernel Non Paged: 95.89 MBSystem Cache: 2.31 GBThread Count: 904-------------------------------------------------------------------------------- Memory Before Cleaning with CleanMem--------------------------------------------------------------------------------Memory Total: 7.96 GBMemory Used: 2.49 GB(31.2496%)Memory Avail.: 5.47 GB-------------------------------------------------------------------------------- Cleaning Memory Before Starting Repairs... Memory After Cleaning with CleanMem--------------------------------------------------------------------------------Memory Total: 7.96 GBMemory Used: 2.03 GB(25.5611%)Memory Avail.: 5.92 GB-------------------------------------------------------------------------------- Starting Repairs... Start (3/31/2014 10:39:06 AM) 01 - Reset Registry Permissions 01/03 HKEY_CURRENT_USER & Sub Keys Start (3/31/2014 10:39:06 AM) Running Repair Under Current User Account Done (3/31/2014 10:39:08 AM) 01 - Reset Registry Permissions 02/03 HKEY_LOCAL_MACHINE & Sub Keys Start (3/31/2014 10:39:08 AM) Running Repair Under System Account Done (3/31/2014 10:39:41 AM) 01 - Reset Registry Permissions 03/03 HKEY_CLASSES_ROOT & Sub Keys Start (3/31/2014 10:39:41 AM) Running Repair Under System Account Done (3/31/2014 10:40:04 AM) 03 - Register System Files Start (3/31/2014 10:40:04 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/31/2014 10:40:27 AM) 04 - Repair WMI Start (3/31/2014 10:40:27 AM) Running Repair Under Current User Account Done (3/31/2014 10:45:31 AM) 05 - Repair Windows Firewall Start (3/31/2014 10:45:31 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/31/2014 10:46:02 AM) 06 - Repair Internet Explorer Start (3/31/2014 10:46:02 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/31/2014 10:46:36 AM) 07 - Repair MDAC/MS Jet Start (3/31/2014 10:46:36 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/31/2014 10:46:49 AM) 08 - Repair Hosts File Start (3/31/2014 10:46:49 AM) Running Repair Under System Account Done (3/31/2014 10:46:51 AM) 09 - Remove Policies Set By Infections Start (3/31/2014 10:46:51 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/31/2014 10:46:56 AM) 11 - Repair Icons Start (3/31/2014 10:46:56 AM) Running Repair Under Current User Account Done (3/31/2014 10:46:58 AM) 12 - Repair Winsock & DNS Cache Start (3/31/2014 10:46:58 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/31/2014 10:47:30 AM) 14 - Repair Proxy Settings Start (3/31/2014 10:47:30 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/31/2014 10:47:37 AM) 16 - Repair Windows Updates Start (3/31/2014 10:47:37 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/31/2014 10:48:35 AM) 17 - Repair CD/DVD Missing/Not Working Start (3/31/2014 10:48:35 AM) iTunes was found, adding UpperFilters for iTunes Reg Key UpperFilters added?: True Done (3/31/2014 10:48:35 AM) 18 - Repair Volume Shadow Copy Service Start (3/31/2014 10:48:35 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/31/2014 10:48:52 AM) 20 - Repair MSI (Windows Installer) Start (3/31/2014 10:48:52 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/31/2014 10:49:18 AM) 22.01 - Repair bat Association Start (3/31/2014 10:49:18 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/31/2014 10:49:27 AM) 22.02 - Repair cmd Association Start (3/31/2014 10:49:27 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/31/2014 10:49:34 AM) 22.03 - Repair com Association Start (3/31/2014 10:49:34 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/31/2014 10:49:43 AM) 22.04 - Repair Directory Association Start (3/31/2014 10:49:43 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/31/2014 10:49:48 AM) 22.05 - Repair Drive Association Start (3/31/2014 10:49:48 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/31/2014 10:49:55 AM) 22.06 - Repair exe Association Start (3/31/2014 10:49:55 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/31/2014 10:50:04 AM) 22.07 - Repair Folder Association Start (3/31/2014 10:50:45 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/31/2014 10:50:50 AM) 22.08 - Repair inf Association Start (3/31/2014 10:50:50 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/31/2014 10:50:58 AM) 22.09 - Repair lnk (Shortcuts) Association Start (3/31/2014 10:50:58 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/31/2014 10:51:07 AM) 22.10 - Repair msc Association Start (3/31/2014 10:51:07 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/31/2014 10:51:14 AM) 22.11 - Repair reg Association Start (3/31/2014 10:51:14 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/31/2014 10:51:21 AM) 22.12 - Repair scr Association Start (3/31/2014 10:51:21 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/31/2014 10:51:31 AM) 23 - Repair Windows Safe Mode Start (3/31/2014 10:51:31 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/31/2014 10:51:38 AM) 24 - Repair Print Spooler Start (3/31/2014 10:51:38 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/31/2014 10:52:29 AM) 25 - Restore Important Windows Services Start (3/31/2014 10:52:29 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/31/2014 10:53:48 AM) 26 - Set Windows Services To Default Startup Start (3/31/2014 10:53:48 AM) Running Repair Under Current User Account Running Repair Under System Account Done (3/31/2014 10:57:35 AM) Cleaning up empty logs... All Selected Repairs Done. Done (3/31/2014 10:57:35 AM) Total Repair Time: 00:18:31 ...YOU MUST RESTART YOUR SYSTEM... Running Repair Under Current User Account
  3. cyclopean
    Hello Kevin I know why it didn't work - I unchecked all the options except the last two for windows 8......I didn't understand that you meant uncheck those two and leave all the rest checked. I'm running it again and it's repairing. I'll post the logs later when I get home ans I'll let you know how it's performing then. Thanks!
  4. cyclopean
    When I came home it was flying - ran the repair anyway. Now....very much slower.... System Variables--------------------------------------------------------------------------------OS: Windows 7 Ultimate NOS Architecture: 64-bitOS Version: 6.1.7601OS Service Pack: Service Pack 1Computer Name: RICHARD-PCWindows Drive: C:\Windows Path: C:\WindowsCurrent Profile: C:\Users\RichardCurrent Profile SID: S-1-5-21-2902050937-303955776-554964296-1000Current Profile Classes: S-1-5-21-2902050937-303955776-554964296-1000_ClassesProfiles Location: C:\UsersProfiles Location 2: C:\Windows\ServiceProfilesLocal Settings AppData: C:\Users\Richard\AppData\Local-------------------------------------------------------------------------------- System Information--------------------------------------------------------------------------------System Up Time: 0 Days 23:18:17 Process Count: 64Commit Total: 2.69 GBCommit Limit: 15.91 GBCommit Peak: 13.95 GBHandle Count: 26441Kernel Total: 501.06 MBKernel Paged: 386.36 MBKernel Non Paged: 114.70 MBSystem Cache: 3.20 GBThread Count: 891-------------------------------------------------------------------------------- Memory Before Cleaning with CleanMem--------------------------------------------------------------------------------Memory Total: 7.96 GBMemory Used: 1.94 GB(24.4057%)Memory Avail.: 6.01 GB-------------------------------------------------------------------------------- Cleaning Memory Before Starting Repairs... Memory After Cleaning with CleanMem--------------------------------------------------------------------------------Memory Total: 7.96 GBMemory Used: 1.40 GB(17.6051%)Memory Avail.: 6.56 GB-------------------------------------------------------------------------------- Starting Repairs... Start (3/31/2014 12:22:59 AM) Skipping Repair. Repair is for Windows v6.2 (Windows 8 & Newer) or higher. Current version: 6.1 Skipping Repair. Repair is for Windows v6.2 (Windows 8 & Newer) or higher. Current version: 6.1 Cleaning up empty logs... All Selected Repairs Done. Done (3/31/2014 12:22:59 AM) Total Repair Time: 00:00:02 ...YOU MUST RESTART YOUR SYSTEM... Running Repair Under Current User Account Hmmmm...doesn't look like it repaired anything....was I supposed to uncheck all the boxes except the 2 circled in red?
  5. cyclopean
    Here they are Kevin. Thanks! ComboFix 14-03-24.01 - Richard 03/29/2014 14:47:01.2.8 - x64Microsoft Windows 7 Ultimate N 6.1.7601.1.1252.1.1033.18.8147.2552 [GMT -5:00]Running from: c:\users\Richard\Downloads\ComboFix.exeSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2014-02-28 to 2014-03-29 )))))))))))))))))))))))))))))))..2014-03-29 19:52 . 2014-03-29 19:52 -------- d-----w- c:\users\Default\AppData\Local\temp2014-03-29 18:21 . 2014-03-29 18:34 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp2014-03-29 15:06 . 2014-03-29 15:06 -------- d-----w- C:\_OTM2014-03-29 00:02 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A8FCFE6-F798-44DC-A0E6-328A328EEE2A}\mpengine.dll2014-03-25 15:39 . 2014-03-26 04:31 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-03-24 15:17 . 2014-03-25 02:35 -------- d-----w- C:\AdwCleaner2014-03-24 03:58 . 2014-03-28 22:45 -------- d-----w- C:\FRST2014-03-17 05:02 . 2014-03-17 05:02 -------- d-----w- c:\program files\iPod2014-03-17 05:02 . 2014-03-17 05:02 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF692014-03-17 05:02 . 2014-03-17 05:02 -------- d-----w- c:\program files\iTunes2014-03-17 05:02 . 2014-03-17 05:02 -------- d-----w- c:\program files (x86)\iTunes2014-03-17 05:00 . 2014-03-17 05:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll2014-03-17 05:00 . 2014-03-17 05:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll2014-03-17 05:00 . 2014-03-17 05:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll2014-03-17 05:00 . 2014-03-17 05:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll2014-03-17 05:00 . 2014-03-17 05:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll2014-03-17 05:00 . 2014-03-17 05:00 -------- d-----w- c:\program files (x86)\QuickTime2014-03-11 22:34 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll2014-03-11 22:34 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll2014-03-11 22:34 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll2014-03-11 22:34 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-03-29 18:34 . 2013-05-29 01:56 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys2014-03-19 04:12 . 2013-06-01 18:19 833232 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe2014-03-18 08:00 . 2013-05-29 03:59 90015360 ----a-w- c:\windows\system32\MRT.exe2014-03-12 01:52 . 2013-05-29 02:49 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-03-12 01:52 . 2013-05-29 02:49 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-01-17 21:24 . 2014-01-17 21:24 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx2014-01-17 21:24 . 2014-01-17 21:24 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]2014-03-19 04:14 1728216 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]2014-03-19 04:14 1728216 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]2014-03-19 04:14 1728216 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-05-29 39408]"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-26 291608]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-29 642656]"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-09-13 295512]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-24 206240]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0)"EnableLinkedConnections"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux1"=wdmaud.drv.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 AsrCDDrv;AsrCDDrv;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [x]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-03-15 17:50 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-03-29 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-29 01:52].2014-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-29 02:49].2014-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-29 02:49].2014-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2902050937-303955776-554964296-1000Core.job- c:\users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-19 07:28].2014-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2902050937-303955776-554964296-1000UA.job- c:\users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-19 07:28].2014-03-29 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 18:41].2014-03-29 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 18:41]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]2014-03-19 04:14 2333400 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]2014-03-19 04:14 2333400 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]2014-03-19 04:14 2333400 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.1.254.- - - - ORPHANS REMOVED - - - -.AddRemove-MJC8Q300 - e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Uninstl-mjc8q3_2-2.005.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.12".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-03-29 14:54:06ComboFix-quarantined-files.txt 2014-03-29 19:54ComboFix2.txt 2014-03-29 06:14.Pre-Run: 414,874,853,376 bytes freePost-Run: 414,667,624,448 bytes free.- - End Of File - - 53627E45613EF00FC56D1B48B49A0103A36C5E4F47E84449FF07ED3517B43A31 ComboFix 14-03-24.01 - Richard 03/29/2014 0:51.1.8 - x64Microsoft Windows 7 Ultimate N 6.1.7601.1.1252.1.1033.18.8147.3160 [GMT -5:00]Running from: c:\users\Richard\Downloads\ComboFix.exeSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\datac:\data\default\us_sres.datac:\windows\iun6002.exec:\windows\SysWow64\msnphoto.scr..((((((((((((((((((((((((( Files Created from 2014-02-28 to 2014-03-29 )))))))))))))))))))))))))))))))..2014-03-29 06:12 . 2014-03-29 06:12 -------- d-----w- c:\users\Default\AppData\Local\temp2014-03-29 05:54 . 2014-03-29 05:55 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A8FCFE6-F798-44DC-A0E6-328A328EEE2A}\offreg.dll2014-03-29 00:02 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A8FCFE6-F798-44DC-A0E6-328A328EEE2A}\mpengine.dll2014-03-28 04:22 . 2014-03-29 04:50 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp2014-03-25 15:39 . 2014-03-26 04:31 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-03-24 15:17 . 2014-03-25 02:35 -------- d-----w- C:\AdwCleaner2014-03-24 03:58 . 2014-03-28 22:45 -------- d-----w- C:\FRST2014-03-17 05:02 . 2014-03-17 05:02 -------- d-----w- c:\program files\iPod2014-03-17 05:02 . 2014-03-17 05:02 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF692014-03-17 05:02 . 2014-03-17 05:02 -------- d-----w- c:\program files\iTunes2014-03-17 05:02 . 2014-03-17 05:02 -------- d-----w- c:\program files (x86)\iTunes2014-03-17 05:00 . 2014-03-17 05:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll2014-03-17 05:00 . 2014-03-17 05:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll2014-03-17 05:00 . 2014-03-17 05:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll2014-03-17 05:00 . 2014-03-17 05:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll2014-03-17 05:00 . 2014-03-17 05:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll2014-03-17 05:00 . 2014-03-17 05:00 -------- d-----w- c:\program files (x86)\QuickTime2014-03-11 22:34 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll2014-03-11 22:34 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll2014-03-11 22:34 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll2014-03-11 22:34 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-03-29 04:50 . 2013-05-29 01:56 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys2014-03-19 04:12 . 2013-06-01 18:19 833232 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe2014-03-18 08:00 . 2013-05-29 03:59 90015360 ----a-w- c:\windows\system32\MRT.exe2014-03-12 01:52 . 2013-05-29 02:49 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-03-12 01:52 . 2013-05-29 02:49 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-01-17 21:24 . 2014-01-17 21:24 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx2014-01-17 21:24 . 2014-01-17 21:24 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]2014-03-19 04:14 1728216 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]2014-03-19 04:14 1728216 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]2014-03-19 04:14 1728216 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-05-29 39408]"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-26 291608]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-29 642656]"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-09-13 295512]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-24 206240]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0)"EnableLinkedConnections"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux1"=wdmaud.drv.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 AsrCDDrv;AsrCDDrv;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [x]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-03-15 17:50 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-03-29 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-29 01:52].2014-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-29 02:49].2014-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-29 02:49].2014-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2902050937-303955776-554964296-1000Core.job- c:\users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-19 07:28].2014-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2902050937-303955776-554964296-1000UA.job- c:\users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-19 07:28].2014-03-29 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 18:41].2014-03-28 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 18:41]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]2014-03-19 04:14 2333400 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]2014-03-19 04:14 2333400 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]2014-03-19 04:14 2333400 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.1.254.- - - - ORPHANS REMOVED - - - -.URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startAddRemove-MJC8Q300 - e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Uninstl-mjc8q3_2-2.005.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.12".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-03-29 01:14:05ComboFix-quarantined-files.txt 2014-03-29 06:14.Pre-Run: 414,242,160,640 bytes freePost-Run: 414,981,480,448 bytes free.- - End Of File - - 6D3574DABC197EEE08FC45DB4A7003FFA36C5E4F47E84449FF07ED3517B43A31
  6. cyclopean
    Spoke too soon I guess.....back in the doldrums again.....
  7. cyclopean
    Here are the logs Kevin....wow everything's flying now! ComboFix 14-03-24.01 - Richard 03/29/2014 21:44:21.3.8 - x64Microsoft Windows 7 Ultimate N 6.1.7601.1.1252.1.1033.18.8147.5792 [GMT -5:00]Running from: c:\users\Richard\Desktop\ComboFix.exeSP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2014-02-28 to 2014-03-30 )))))))))))))))))))))))))))))))..2014-03-30 02:49 . 2014-03-30 02:49 -------- d-----w- c:\users\Default\AppData\Local\temp2014-03-29 00:02 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A8FCFE6-F798-44DC-A0E6-328A328EEE2A}\mpengine.dll2014-03-25 15:39 . 2014-03-26 04:31 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-03-24 15:17 . 2014-03-25 02:35 -------- d-----w- C:\AdwCleaner2014-03-24 03:58 . 2014-03-28 22:45 -------- d-----w- C:\FRST2014-03-17 05:02 . 2014-03-17 05:02 -------- d-----w- c:\program files\iPod2014-03-17 05:02 . 2014-03-17 05:02 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF692014-03-17 05:02 . 2014-03-17 05:02 -------- d-----w- c:\program files\iTunes2014-03-17 05:02 . 2014-03-17 05:02 -------- d-----w- c:\program files (x86)\iTunes2014-03-17 05:00 . 2014-03-17 05:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll2014-03-17 05:00 . 2014-03-17 05:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll2014-03-17 05:00 . 2014-03-17 05:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll2014-03-17 05:00 . 2014-03-17 05:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll2014-03-17 05:00 . 2014-03-17 05:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll2014-03-17 05:00 . 2014-03-17 05:00 -------- d-----w- c:\program files (x86)\QuickTime2014-03-11 22:34 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll2014-03-11 22:34 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll2014-03-11 22:34 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll2014-03-11 22:34 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-03-30 00:49 . 2013-05-29 01:56 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys2014-03-19 04:12 . 2013-06-01 18:19 833232 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe2014-03-18 08:00 . 2013-05-29 03:59 90015360 ----a-w- c:\windows\system32\MRT.exe2014-03-12 01:52 . 2013-05-29 02:49 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-03-12 01:52 . 2013-05-29 02:49 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-01-17 21:24 . 2014-01-17 21:24 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx2014-01-17 21:24 . 2014-01-17 21:24 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]2014-03-19 04:14 1728216 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]2014-03-19 04:14 1728216 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]2014-03-19 04:14 1728216 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-05-29 39408]"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-26 291608]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-29 642656]"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-09-13 295512]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-24 206240]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0)"EnableLinkedConnections"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux1"=wdmaud.drv.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 AsrCDDrv;AsrCDDrv;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [x]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-03-15 17:50 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-03-30 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-29 01:52].2014-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-29 02:49].2014-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-29 02:49].2014-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2902050937-303955776-554964296-1000Core.job- c:\users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-19 07:28].2014-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2902050937-303955776-554964296-1000UA.job- c:\users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-19 07:28].2014-03-30 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 18:41].2014-03-29 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 18:41]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]2014-03-19 04:14 2333400 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]2014-03-19 04:14 2333400 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]2014-03-19 04:14 2333400 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.1.254.- - - - ORPHANS REMOVED - - - -.AddRemove-MJC8Q300 - e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Uninstl-mjc8q3_2-2.005.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.12".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-03-29 21:50:42ComboFix-quarantined-files.txt 2014-03-30 02:50ComboFix2.txt 2014-03-29 19:54ComboFix3.txt 2014-03-29 06:14.Pre-Run: 413,917,405,184 bytes freePost-Run: 413,996,773,376 bytes free.- - End Of File - - CFBF4DB8B614C9281E9EF327E1A25183A36C5E4F47E84449FF07ED3517B43A31
  8. cyclopean
    Apps and browsers still latent!
  9. cyclopean
    Here we go again Kevin! Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2014.03.29.02 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16521Richard :: RICHARD-PC [administrator] Protection: Enabled 3/29/2014 10:53:09 AMmbam-log-2014-03-29 (10-53-09).txt Scan type: Full scan (C:\|E:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 608299Time elapsed: 2 hour(s), 14 minute(s), 11 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) All processes killed========== FILES ==========< ipconfig /flushdns /c >Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.C:\Users\Richard\Desktop\cmd.bat deleted successfully.C:\Users\Richard\Desktop\cmd.txt deleted successfully.DllUnregisterServer procedure not found in C:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP476\A0110179.dllC:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP476\A0110179.dll moved successfully.C:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP476\A0110183.exe moved successfully.DllUnregisterServer procedure not found in C:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP476\A0110184.dllC:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP476\A0110184.dll moved successfully.C:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP476\A0110188.exe moved successfully.C:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP476\A0113598.exe moved successfully.DllUnregisterServer procedure not found in C:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP503\A0131459.dllC:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP503\A0131459.dll moved successfully.DllUnregisterServer procedure not found in C:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP503\A0131460.dllC:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP503\A0131460.dll moved successfully.DllUnregisterServer procedure not found in C:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP504\A0131478.dllC:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP504\A0131478.dll moved successfully.DllUnregisterServer procedure not found in C:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP504\A0131480.dllC:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP504\A0131480.dll moved successfully.C:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP523\A0135160.exe moved successfully.C:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP523\A0135162.exe moved successfully.C:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP543\A0138062.exe moved successfully.C:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP543\A0138064.exe moved successfully.DllUnregisterServer procedure not found in C:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP546\A0139111.dllC:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP546\A0139111.dll moved successfully.DllUnregisterServer procedure not found in C:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP546\A0139112.dllC:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP546\A0139112.dll moved successfully.DllUnregisterServer procedure not found in C:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP546\A0139114.dllC:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP546\A0139114.dll moved successfully.DllUnregisterServer procedure not found in C:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP551\A0141944.dllC:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP551\A0141944.dll moved successfully.C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\152HDWYS\flashplayer[1].exe moved successfully.C:\Users\Richard\Downloads\Chrome.exe moved successfully.C:\Users\Richard\Downloads\youtube_downloader_hd_setup.exe moved successfully.DllUnregisterServer procedure not found in C:\Windows\System32\flt1chk3.dllFile move failed. C:\Windows\System32\flt1chk3.dll scheduled to be moved on reboot.DllUnregisterServer procedure not found in C:\Windows\SysWOW64\flt1chk3.dllFile move failed. C:\Windows\SysWOW64\flt1chk3.dll scheduled to be moved on reboot.========== COMMANDS ========== Restore point Set: OTM Restore Point [EMPTYTEMP] User: All Users User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Public->Temp folder emptied: 0 bytes User: Richard->Temp folder emptied: 1519669 bytes->Temporary Internet Files folder emptied: 3538411359 bytes->Java cache emptied: 104328 bytes->Google Chrome cache emptied: 411548539 bytes->Flash cache emptied: 406861 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 94656 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 303924 bytes%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 41530 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42286783 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 3,810.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 03292014_100652 Files moved on Reboot...C:\Windows\System32\flt1chk3.dll moved successfully.File C:\Windows\SysWOW64\flt1chk3.dll not found!C:\Users\Richard\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.File move failed. C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.C:\Windows\SysNative\WPRO_41_2001woem.tmp moved successfully.C:\Windows\temp\officeclicktorun.exe_c2ruidll(201403282350036DC).log moved successfully.C:\Windows\temp\officeclicktorun.exe_streamserver(201403282350036DC).log moved successfully.File move failed. C:\Windows\temp\ood_stream.x64.en-us.dat scheduled to be moved on reboot.File move failed. C:\Windows\temp\ood_stream.x64.x-none.dat scheduled to be moved on reboot.C:\Windows\temp\RICHARD-PC-20140328-2350.log moved successfully. Registry entries deleted on Reboot...
  10. cyclopean
    Still having latency when opening web browsers and programs. Once browsers open, web pages are slowwww to load.
  11. cyclopean
    Hello Kevin, The security check returns a message: "the system cannot find the file specified" at the end of its run - no notepad is generated. Here are the logs from the virus scan: C:\FRST\Quarantine\C\Users\Richard\AppData\Local\aqucfugc.exe.xBAD Win32/TrojanDownloader.Zortob.F trojanC:\FRST\Quarantine\C\Users\Richard\AppData\Local\ebrpqrsg.exe.xBAD a variant of Win32/Kryptik.BYEJ trojanC:\FRST\Quarantine\C\Users\Richard\AppData\Local\fioftvoc.exe.xBAD Win32/TrojanDownloader.Zortob.F trojanC:\FRST\Quarantine\C\Users\Richard\AppData\Local\kpbpivdt.exe.xBAD a variant of Win32/Kryptik.BXPP trojanC:\FRST\Quarantine\C\Users\Richard\AppData\Local\mgtkkvgh.exe.xBAD a variant of Win32/Kryptik.BTYP trojanC:\FRST\Quarantine\C\Users\Richard\AppData\Local\pmtbhdqk.exe.xBAD a variant of Win32/Kryptik.BTYP trojanC:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP476\A0110179.dll Win32/bProtector.E potentially unwanted applicationC:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP476\A0110183.exe a variant of Win32/Toolbar.Babylon.I potentially unwanted applicationC:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP476\A0110184.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted applicationC:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP476\A0110188.exe Win32/Toolbar.Montiera.B potentially unwanted applicationC:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP476\A0113598.exe a variant of Win32/bProtector.A potentially unwanted applicationC:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP503\A0131459.dll Win32/bProtector.E potentially unwanted applicationC:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP503\A0131460.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted applicationC:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP504\A0131478.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted applicationC:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP504\A0131480.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted applicationC:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP523\A0135160.exe a variant of Win32/bProtector.A potentially unwanted applicationC:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP523\A0135162.exe a variant of Win32/bProtector.A potentially unwanted applicationC:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP543\A0138062.exe a variant of Win32/bProtector.A potentially unwanted applicationC:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP543\A0138064.exe a variant of Win32/bProtector.A potentially unwanted applicationC:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP546\A0139111.dll a variant of Win32/bProtector.D potentially unwanted applicationC:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP546\A0139112.dll Win32/bProtector.E potentially unwanted applicationC:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP546\A0139114.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted applicationC:\System Volume Information\_restore{0F20676C-A1A5-48F8-92AB-1ADAEB4B98E5}\RP551\A0141944.dll a variant of Win32/Toolbar.Conduit.Y potentially unwanted applicationC:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\152HDWYS\flashplayer[1].exe a variant of Win32/Injected.F trojanC:\Users\Richard\Downloads\Chrome.exe a variant of Win32/AirAdInstaller.A potentially unwanted applicationC:\Users\Richard\Downloads\youtube_downloader_hd_setup.exe Win32/OpenCandy potentially unsafe applicationC:\Windows\System32\flt1chk3.dll Win32/SuspLibLoad.B trojanC:\Windows\SysWOW64\flt1chk3.dll Win32/SuspLibLoad.B trojan
  12. cyclopean
    Here you go kevin. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014Ran by Richard at 2014-03-28 17:45:35 Run:4Running from C:\Users\Richard\DesktopBoot Mode: Normal============================================== Content of fixlist:*****************StartHKLM\...\Run: [ihefadl] - "C:\Users\Richard\AppData\Roaming\Xafoivug\namosec.exe"C:\Users\Richard\AppData\Roaming\XafoivugHKLM-x32\...\Run: [ihefadl] - C:\Users\Richard\AppData\Roaming\Xafoivug\namosec.exeHKLM-x32\...\Run: [udahmaytuf] - "C:\Users\Richard\AppData\Roaming\Fyucqusy\koigsyi.exe"C:\Users\Richard\AppData\Roaming\FyucqusyHosts: Hosts file not detected in the default directoryS2 SecurityCenterServer8202235; "C:\Windows\SysWOW64\vointa.exe" -service "C:\Users\Richard\AppData\Roaming\Xafoivug\namosec.exe"C:\Windows\SysWOW64\vointa.exeC:\Users\Richard\AppData\Local\duxqofwlC:\Users\Richard\AppData\Local\Temp\Quarantine.exeEnd***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Ihefadl => Value deleted successfully."C:\Users\Richard\AppData\Roaming\Xafoivug" => File/Directory not found.HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Ihefadl => Value deleted successfully.HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Udahmaytuf => Value deleted successfully."C:\Users\Richard\AppData\Roaming\Fyucqusy" => File/Directory not found.Hosts was reset successfully.SecurityCenterServer8202235 => Service deleted successfully."C:\Windows\SysWOW64\vointa.exe" => File/Directory not found.C:\Users\Richard\AppData\Local\duxqofwl => Moved successfully.C:\Users\Richard\AppData\Local\Temp\Quarantine.exe => Moved successfully. ==== End of Fixlog ==== RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Richard [Admin rights]Mode : Scan -- Date : 03/28/2014 18:02:47| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤[Address] EAT @explorer.exe (AppCacheCheckManifest) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF9D2BC)[Address] EAT @explorer.exe (AppCacheCloseHandle) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF9A1D8)[Address] EAT @explorer.exe (AppCacheDeleteGroup) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C1BE0)[Address] EAT @explorer.exe (AppCacheDeleteIEGroup) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C1C38)[Address] EAT @explorer.exe (AppCacheDuplicateHandle) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF9A2BC)[Address] EAT @explorer.exe (AppCacheFinalize) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C1C90)[Address] EAT @explorer.exe (AppCacheFreeDownloadList) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C1CE8)[Address] EAT @explorer.exe (AppCacheFreeGroupList) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD005488)[Address] EAT @explorer.exe (AppCacheFreeIESpace) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFC8570)[Address] EAT @explorer.exe (AppCacheFreeSpace) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C1DCC)[Address] EAT @explorer.exe (AppCacheGetDownloadList) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C1E24)[Address] EAT @explorer.exe (AppCacheGetFallbackUrl) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C1E7C)[Address] EAT @explorer.exe (AppCacheGetGroupList) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD005464)[Address] EAT @explorer.exe (AppCacheGetIEGroupList) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C1ED4)[Address] EAT @explorer.exe (AppCacheGetInfo) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C1F2C)[Address] EAT @explorer.exe (AppCacheGetManifestUrl) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF9BB30)[Address] EAT @explorer.exe (AppCacheLookup) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFB56B8)[Address] EAT @explorer.exe (CommitUrlCacheEntryA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFA5F8C)[Address] EAT @explorer.exe (CommitUrlCacheEntryBinaryBlob) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF5BF24)[Address] EAT @explorer.exe (CommitUrlCacheEntryW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF61F50)[Address] EAT @explorer.exe (CreateMD5SSOHash) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD099180)[Address] EAT @explorer.exe (CreateUrlCacheContainerA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFC3808)[Address] EAT @explorer.exe (CreateUrlCacheContainerW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFC36B8)[Address] EAT @explorer.exe (CreateUrlCacheEntryA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFA5CC0)[Address] EAT @explorer.exe (CreateUrlCacheEntryExW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD007200)[Address] EAT @explorer.exe (CreateUrlCacheEntryW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0071DC)[Address] EAT @explorer.exe (CreateUrlCacheGroup) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C2E4C)[Address] EAT @explorer.exe (DeleteIE3Cache) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C7394)[Address] EAT @explorer.exe (DeleteUrlCacheContainerA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFC8BE0)[Address] EAT @explorer.exe (DeleteUrlCacheContainerW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFB94D0)[Address] EAT @explorer.exe (DeleteUrlCacheEntry) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFCBD40)[Address] EAT @explorer.exe (DeleteUrlCacheEntryA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFCBD40)[Address] EAT @explorer.exe (DeleteUrlCacheEntryW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFCA1B0)[Address] EAT @explorer.exe (DeleteUrlCacheGroup) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C2F4C)[Address] EAT @explorer.exe (DeleteWpadCacheForNetworks) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD080270)[Address] EAT @explorer.exe (DetectAutoProxyUrl) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD080694)[Address] EAT @explorer.exe (DispatchAPICall) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF414E8)[Address] EAT @explorer.exe (DllCanUnloadNow) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFBDC70)[Address] EAT @explorer.exe (DllGetClassObject) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF57470)[Address] EAT @explorer.exe (DllInstall) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFFCD10)[Address] EAT @explorer.exe (DllRegisterServer) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD062E30)[Address] EAT @explorer.exe (DllUnregisterServer) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD062E64)[Address] EAT @explorer.exe (FindCloseUrlCache) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF4553C)[Address] EAT @explorer.exe (FindFirstUrlCacheContainerA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF6183C)[Address] EAT @explorer.exe (FindFirstUrlCacheContainerW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF4E8C8)[Address] EAT @explorer.exe (FindFirstUrlCacheEntryA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFBC580)[Address] EAT @explorer.exe (FindFirstUrlCacheEntryExA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF464A0)[Address] EAT @explorer.exe (FindFirstUrlCacheEntryExW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF589FC)[Address] EAT @explorer.exe (FindFirstUrlCacheEntryW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFC2DE0)[Address] EAT @explorer.exe (FindFirstUrlCacheGroup) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C3044)[Address] EAT @explorer.exe (FindNextUrlCacheContainerA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF61CA0)[Address] EAT @explorer.exe (FindNextUrlCacheContainerW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF4EB5C)[Address] EAT @explorer.exe (FindNextUrlCacheEntryA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFBC704)[Address] EAT @explorer.exe (FindNextUrlCacheEntryExA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C318C)[Address] EAT @explorer.exe (FindNextUrlCacheEntryExW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C335C)[Address] EAT @explorer.exe (FindNextUrlCacheEntryW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF58680)[Address] EAT @explorer.exe (FindNextUrlCacheGroup) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C352C)[Address] EAT @explorer.exe (ForceNexusLookup) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD099390)[Address] EAT @explorer.exe (ForceNexusLookupExW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0993E0)[Address] EAT @explorer.exe (FreeUrlCacheSpaceA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C3648)[Address] EAT @explorer.exe (FreeUrlCacheSpaceW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFC78B8)[Address] EAT @explorer.exe (FtpCommandA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD06D968)[Address] EAT @explorer.exe (FtpCommandW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD071494)[Address] EAT @explorer.exe (FtpCreateDirectoryA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD06DA4C)[Address] EAT @explorer.exe (FtpCreateDirectoryW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD071630)[Address] EAT @explorer.exe (FtpDeleteFileA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD06DAEC)[Address] EAT @explorer.exe (FtpDeleteFileW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD071798)[Address] EAT @explorer.exe (FtpFindFirstFileA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD06DB8C)[Address] EAT @explorer.exe (FtpFindFirstFileW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD071900)[Address] EAT @explorer.exe (FtpGetCurrentDirectoryA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD06DDF8)[Address] EAT @explorer.exe (FtpGetCurrentDirectoryW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD071AD8)[Address] EAT @explorer.exe (FtpGetFileA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD06DEB8)[Address] EAT @explorer.exe (FtpGetFileEx) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD071C60)[Address] EAT @explorer.exe (FtpGetFileSize) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD06E0DC)[Address] EAT @explorer.exe (FtpGetFileW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD071DF4)[Address] EAT @explorer.exe (FtpOpenFileA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD06E36C)[Address] EAT @explorer.exe (FtpOpenFileW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD071EF8)[Address] EAT @explorer.exe (FtpPutFileA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD06E44C)[Address] EAT @explorer.exe (FtpPutFileEx) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD071F88)[Address] EAT @explorer.exe (FtpPutFileW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0720EC)[Address] EAT @explorer.exe (FtpRemoveDirectoryA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD06E7CC)[Address] EAT @explorer.exe (FtpRemoveDirectoryW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0721C0)[Address] EAT @explorer.exe (FtpRenameFileA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD06E86C)[Address] EAT @explorer.exe (FtpRenameFileW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD07231C)[Address] EAT @explorer.exe (FtpSetCurrentDirectoryA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD06E920)[Address] EAT @explorer.exe (FtpSetCurrentDirectoryW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD07253C)[Address] EAT @explorer.exe (GetProxyDllInfo) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD058D3C)[Address] EAT @explorer.exe (GetUrlCacheConfigInfoA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C3868)[Address] EAT @explorer.exe (GetUrlCacheConfigInfoW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFC73F4)[Address] EAT @explorer.exe (GetUrlCacheEntryBinaryBlob) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFBB510)[Address] EAT @explorer.exe (GetUrlCacheEntryInfoA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C3B04)[Address] EAT @explorer.exe (GetUrlCacheEntryInfoExA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C3CBC)[Address] EAT @explorer.exe (GetUrlCacheEntryInfoExW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFAAB20)[Address] EAT @explorer.exe (GetUrlCacheEntryInfoW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFA9C80)[Address] EAT @explorer.exe (GetUrlCacheGroupAttributeA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C3F04)[Address] EAT @explorer.exe (GetUrlCacheGroupAttributeW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C416C)[Address] EAT @explorer.exe (GetUrlCacheHeaderData) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF736A0)[Address] EAT @explorer.exe (GopherCreateLocatorA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD07A424)[Address] EAT @explorer.exe (GopherCreateLocatorW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD07A424)[Address] EAT @explorer.exe (GopherFindFirstFileA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD07A424)[Address] EAT @explorer.exe (GopherFindFirstFileW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD07A424)[Address] EAT @explorer.exe (GopherGetAttributeA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD07A424)[Address] EAT @explorer.exe (GopherGetAttributeW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD07A424)[Address] EAT @explorer.exe (GopherGetLocatorTypeA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD07A424)[Address] EAT @explorer.exe (GopherGetLocatorTypeW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD07A424)[Address] EAT @explorer.exe (GopherOpenFileA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD07A424)[Address] EAT @explorer.exe (GopherOpenFileW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD07A424)[Address] EAT @explorer.exe (HttpAddRequestHeadersA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF6C8C0)[Address] EAT @explorer.exe (HttpAddRequestHeadersW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF72A20)[Address] EAT @explorer.exe (HttpCheckDavCompliance) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD085078)[Address] EAT @explorer.exe (HttpCloseDependencyHandle) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFABD00)[Address] EAT @explorer.exe (HttpDuplicateDependencyHandle) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFABE60)[Address] EAT @explorer.exe (HttpEndRequestA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFA56C0)[Address] EAT @explorer.exe (HttpEndRequestW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD085714)[Address] EAT @explorer.exe (HttpGetServerCredentials) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD09D5FC)[Address] EAT @explorer.exe (HttpGetTunnelSocket) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD067BD4)[Address] EAT @explorer.exe (HttpOpenDependencyHandle) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFB6090)[Address] EAT @explorer.exe (HttpOpenRequestA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD085D6C)[Address] EAT @explorer.exe (HttpOpenRequestW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF6ABE0)[Address] EAT @explorer.exe (HttpPushClose) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0688B4)[Address] EAT @explorer.exe (HttpPushEnable) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD068964)[Address] EAT @explorer.exe (HttpPushWait) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0689BC)[Address] EAT @explorer.exe (HttpQueryInfoA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF6F8B0)[Address] EAT @explorer.exe (HttpQueryInfoW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF7F3A0)[Address] EAT @explorer.exe (HttpSendRequestA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD002A14)[Address] EAT @explorer.exe (HttpSendRequestExA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD085814)[Address] EAT @explorer.exe (HttpSendRequestExW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFA54A4)[Address] EAT @explorer.exe (HttpSendRequestW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF7287C)[Address] EAT @explorer.exe (HttpWebSocketClose) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD095E40)[Address] EAT @explorer.exe (HttpWebSocketCompleteUpgrade) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0963CC)[Address] EAT @explorer.exe (HttpWebSocketQueryCloseStatus) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD095F88)[Address] EAT @explorer.exe (HttpWebSocketReceive) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD096878)[Address] EAT @explorer.exe (HttpWebSocketSend) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD096DBC)[Address] EAT @explorer.exe (HttpWebSocketShutdown) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD09707C)[Address] EAT @explorer.exe (IncrementUrlCacheHeaderData) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF904A4)[Address] EAT @explorer.exe (InternetAlgIdToStringA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0A2440)[Address] EAT @explorer.exe (InternetAlgIdToStringW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0A2618)[Address] EAT @explorer.exe (InternetAttemptConnect) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD05CC48)[Address] EAT @explorer.exe (InternetAutodial) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD061EF0)[Address] EAT @explorer.exe (InternetAutodialCallback) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD05955C)[Address] EAT @explorer.exe (InternetAutodialHangup) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD061F88)[Address] EAT @explorer.exe (InternetCanonicalizeUrlA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD05CCB0)[Address] EAT @explorer.exe (InternetCanonicalizeUrlW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD05E0CC)[Address] EAT @explorer.exe (InternetCheckConnectionA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD05CDBC)[Address] EAT @explorer.exe (InternetCheckConnectionW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD05E1DC)[Address] EAT @explorer.exe (InternetClearAllPerSiteCookieDecisions) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0867F8)[Address] EAT @explorer.exe (InternetCloseHandle) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF68400)[Address] EAT @explorer.exe (InternetCombineUrlA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD05D288)[Address] EAT @explorer.exe (InternetCombineUrlW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF64DA8)[Address] EAT @explorer.exe (InternetConfirmZoneCrossing) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0A33E4)[Address] EAT @explorer.exe (InternetConfirmZoneCrossingA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0A33E4)[Address] EAT @explorer.exe (InternetConfirmZoneCrossingW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFFFA00)[Address] EAT @explorer.exe (InternetConnectA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD05D3A0)[Address] EAT @explorer.exe (InternetConnectW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF71460)[Address] EAT @explorer.exe (InternetCrackUrlA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF8C300)[Address] EAT @explorer.exe (InternetCrackUrlW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFC1DD0)[Address] EAT @explorer.exe (InternetCreateUrlA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD05D4CC)[Address] EAT @explorer.exe (InternetCreateUrlW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF64880)[Address] EAT @explorer.exe (InternetDial) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD062018)[Address] EAT @explorer.exe (InternetDialA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD062018)[Address] EAT @explorer.exe (InternetDialW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0620D0)[Address] EAT @explorer.exe (InternetEnumPerSiteCookieDecisionA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD086804)[Address] EAT @explorer.exe (InternetEnumPerSiteCookieDecisionW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD08686C)[Address] EAT @explorer.exe (InternetErrorDlg) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0A349C)[Address] EAT @explorer.exe (InternetFindNextFileA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD070DF0)[Address] EAT @explorer.exe (InternetFindNextFileW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD073160)[Address] EAT @explorer.exe (InternetFortezzaCommand) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD068A14)[Address] EAT @explorer.exe (InternetFreeCookies) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFA1254)[Address] EAT @explorer.exe (InternetFreeProxyInfoList) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFD3098)[Address] EAT @explorer.exe (InternetGetCertByURL) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF421A8)[Address] EAT @explorer.exe (InternetGetCertByURLA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF421A8)[Address] EAT @explorer.exe (InternetGetConnectedState) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF63FF0)[Address] EAT @explorer.exe (InternetGetConnectedStateEx) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0061B4)[Address] EAT @explorer.exe (InternetGetConnectedStateExA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0061B4)[Address] EAT @explorer.exe (InternetGetConnectedStateExW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF812A4)[Address] EAT @explorer.exe (InternetGetCookieA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD087B40)[Address] EAT @explorer.exe (InternetGetCookieEx2) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFA1224)[Address] EAT @explorer.exe (InternetGetCookieExA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD087B64)[Address] EAT @explorer.exe (InternetGetCookieExW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFA126C)[Address] EAT @explorer.exe (InternetGetCookieW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD087E70)[Address] EAT @explorer.exe (InternetGetLastResponseInfoA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD05D564)[Address] EAT @explorer.exe (InternetGetLastResponseInfoW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD05E2D0)[Address] EAT @explorer.exe (InternetGetPerSiteCookieDecisionA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD086950)[Address] EAT @explorer.exe (InternetGetPerSiteCookieDecisionW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0869A0)[Address] EAT @explorer.exe (InternetGetProxyForUrl) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFD2DE0)[Address] EAT @explorer.exe (InternetGetSecurityInfoByURL) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD05D704)[Address] EAT @explorer.exe (InternetGetSecurityInfoByURLA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD05D704)[Address] EAT @explorer.exe (InternetGetSecurityInfoByURLW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD05E48C)[Address] EAT @explorer.exe (InternetGoOnline) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD06217C)[Address] EAT @explorer.exe (InternetGoOnlineA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD06217C)[Address] EAT @explorer.exe (InternetGoOnlineW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD062220)[Address] EAT @explorer.exe (InternetHangUp) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0622B8)[Address] EAT @explorer.exe (InternetInitializeAutoProxyDll) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF5A100)[Address] EAT @explorer.exe (InternetLockRequestFile) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFAB8D0)[Address] EAT @explorer.exe (InternetOpenA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF846D0)[Address] EAT @explorer.exe (InternetOpenUrlA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD05D81C)[Address] EAT @explorer.exe (InternetOpenUrlW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD05E590)[Address] EAT @explorer.exe (InternetOpenW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF84540)[Address] EAT @explorer.exe (InternetQueryDataAvailable) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF60660)[Address] EAT @explorer.exe (InternetQueryFortezzaStatus) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD068A74)[Address] EAT @explorer.exe (InternetQueryOptionA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF66F40)[Address] EAT @explorer.exe (InternetQueryOptionW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF674F0)[Address] EAT @explorer.exe (InternetReadFile) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF801F0)[Address] EAT @explorer.exe (InternetReadFileExA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFB6D90)[Address] EAT @explorer.exe (InternetReadFileExW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFB6D00)[Address] EAT @explorer.exe (InternetSecurityProtocolToStringA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0A27F0)[Address] EAT @explorer.exe (InternetSecurityProtocolToStringW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0A2960)[Address] EAT @explorer.exe (InternetSetCookieA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD087E90)[Address] EAT @explorer.exe (InternetSetCookieEx2) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD087EB8)[Address] EAT @explorer.exe (InternetSetCookieExA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD087F18)[Address] EAT @explorer.exe (InternetSetCookieExW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF8BDA0)[Address] EAT @explorer.exe (InternetSetCookieW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD087FBC)[Address] EAT @explorer.exe (InternetSetDialState) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD062338)[Address] EAT @explorer.exe (InternetSetDialStateA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD062338)[Address] EAT @explorer.exe (InternetSetDialStateW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD062390)[Address] EAT @explorer.exe (InternetSetFilePointer) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD00763C)[Address] EAT @explorer.exe (InternetSetOptionA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF65EB0)[Address] EAT @explorer.exe (InternetSetOptionExA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD05EBA4)[Address] EAT @explorer.exe (InternetSetOptionExW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD05ECA0)[Address] EAT @explorer.exe (InternetSetOptionW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF66370)[Address] EAT @explorer.exe (InternetSetPerSiteCookieDecisionA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD086A38)[Address] EAT @explorer.exe (InternetSetPerSiteCookieDecisionW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD086AD0)[Address] EAT @explorer.exe (InternetSetStatusCallback) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF864B0)[Address] EAT @explorer.exe (InternetSetStatusCallbackA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF864B0)[Address] EAT @explorer.exe (InternetSetStatusCallbackW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFCB9BC)[Address] EAT @explorer.exe (InternetShowSecurityInfoByURL) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD05D8B0)[Address] EAT @explorer.exe (InternetShowSecurityInfoByURLA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD05D8B0)[Address] EAT @explorer.exe (InternetShowSecurityInfoByURLW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD05E73C)[Address] EAT @explorer.exe (InternetTimeFromSystemTime) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFB7860)[Address] EAT @explorer.exe (InternetTimeFromSystemTimeA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFB7860)[Address] EAT @explorer.exe (InternetTimeFromSystemTimeW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD01D9A8)[Address] EAT @explorer.exe (InternetTimeToSystemTime) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD003590)[Address] EAT @explorer.exe (InternetTimeToSystemTimeA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD003590)[Address] EAT @explorer.exe (InternetTimeToSystemTimeW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0034C0)[Address] EAT @explorer.exe (InternetUnlockRequestFile) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFAB644)[Address] EAT @explorer.exe (InternetWriteFile) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFA5760)[Address] EAT @explorer.exe (InternetWriteFileExA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD07A424)[Address] EAT @explorer.exe (InternetWriteFileExW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD07A424)[Address] EAT @explorer.exe (IsHostInProxyBypassList) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF89E94)[Address] EAT @explorer.exe (IsUrlCacheEntryExpiredA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C43A0)[Address] EAT @explorer.exe (IsUrlCacheEntryExpiredW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0073E4)[Address] EAT @explorer.exe (LoadUrlCacheContent) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD07A424)[Address] EAT @explorer.exe (ParseX509EncodedCertificateForListBoxEntry) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0A2AD0)[Address] EAT @explorer.exe (PrivacyGetZonePreferenceW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF8D40C)[Address] EAT @explorer.exe (PrivacySetZonePreferenceW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFFCF94)[Address] EAT @explorer.exe (ReadUrlCacheEntryStream) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFA46E4)[Address] EAT @explorer.exe (ReadUrlCacheEntryStreamEx) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C44F0)[Address] EAT @explorer.exe (RegisterUrlCacheNotification) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF42A20)[Address] EAT @explorer.exe (ResumeSuspendedDownload) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0613F8)[Address] EAT @explorer.exe (RetrieveUrlCacheEntryFileA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C4600)[Address] EAT @explorer.exe (RetrieveUrlCacheEntryFileW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C47DC)[Address] EAT @explorer.exe (RetrieveUrlCacheEntryStreamA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C49B4)[Address] EAT @explorer.exe (RetrieveUrlCacheEntryStreamW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD005FD0)[Address] EAT @explorer.exe (RunOnceUrlCache) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF421A8)[Address] EAT @explorer.exe (SetUrlCacheConfigInfoA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C4BB8)[Address] EAT @explorer.exe (SetUrlCacheConfigInfoW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C4CEC)[Address] EAT @explorer.exe (SetUrlCacheEntryGroup) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C4DEC)[Address] EAT @explorer.exe (SetUrlCacheEntryGroupA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C4DEC)[Address] EAT @explorer.exe (SetUrlCacheEntryGroupW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF889B0)[Address] EAT @explorer.exe (SetUrlCacheEntryInfoA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF98EE8)[Address] EAT @explorer.exe (SetUrlCacheEntryInfoW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C4FB8)[Address] EAT @explorer.exe (SetUrlCacheGroupAttributeA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C5174)[Address] EAT @explorer.exe (SetUrlCacheGroupAttributeW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C5364)[Address] EAT @explorer.exe (SetUrlCacheHeaderData) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C5524)[Address] EAT @explorer.exe (ShowCertificate) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0A2AD0)[Address] EAT @explorer.exe (ShowClientAuthCerts) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0A2AD0)[Address] EAT @explorer.exe (ShowSecurityInfo) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0A2AF0)[Address] EAT @explorer.exe (ShowX509EncodedCertificate) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0A2C80)[Address] EAT @explorer.exe (UnlockUrlCacheEntryFile) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C5644)[Address] EAT @explorer.exe (UnlockUrlCacheEntryFileA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C5644)[Address] EAT @explorer.exe (UnlockUrlCacheEntryFileW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C577C)[Address] EAT @explorer.exe (UnlockUrlCacheEntryStream) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFCFA10)[Address] EAT @explorer.exe (UpdateUrlCacheContentPath) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C58BC)[Address] EAT @explorer.exe (UrlCacheCheckEntriesExist) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C59DC)[Address] EAT @explorer.exe (UrlCacheCloseEntryHandle) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C5A34)[Address] EAT @explorer.exe (UrlCacheContainerSetEntryMaximumAge) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C5A80)[Address] EAT @explorer.exe (UrlCacheCreateContainer) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCF4EC5C)[Address] EAT @explorer.exe (UrlCacheFindFirstEntry) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFC8948)[Address] EAT @explorer.exe (UrlCacheFindNextEntry) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD008A90)[Address] EAT @explorer.exe (UrlCacheFreeEntryInfo) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFD0A60)[Address] EAT @explorer.exe (UrlCacheGetContentPaths) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C5AD8)[Address] EAT @explorer.exe (UrlCacheGetEntryInfo) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFBC358)[Address] EAT @explorer.exe (UrlCacheGetGlobalLimit) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C5B30)[Address] EAT @explorer.exe (UrlCacheReadEntryStream) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C5B88)[Address] EAT @explorer.exe (UrlCacheReloadSettings) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C5BE8)[Address] EAT @explorer.exe (UrlCacheRetrieveEntryFile) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C5C40)[Address] EAT @explorer.exe (UrlCacheRetrieveEntryStream) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C5C98)[Address] EAT @explorer.exe (UrlCacheSetGlobalLimit) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD0C5CF8)[Address] EAT @explorer.exe (UrlCacheUpdateEntryExtraData) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFCFB2E78)[Address] EAT @explorer.exe (UrlZonesDetach) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFD09D998) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000AAKS-00V0A0 ATA Device +++++--- User ---[MBR] 531d890e5b32e08c48734c97b2e66802[bSP] 3a8996086261ddbf25e5256e2620e61c : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 MBUser = LL1 ... OK!User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) WDC WD1001FALS-00E3A0 ATA Device +++++--- User ---[MBR] 2146da4ca91d46e2b75f876e2346653d[bSP] 56c426319f86ed63111e4259364754e0 : Windows XP MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 MBUser = LL1 ... OK!User = LL2 ... OK! +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE3 @ USB) PNY USB 3.0 FD USB Device +++++--- User ---[MBR] 0c8b3300e1f904fe24884ddd953622f3[bSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR CodePartition table:0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 64 | Size: 60799 MBUser = LL1 ... OK!Error reading LL2 MBR! ([0x32] The request is not supported. ) Finished : << RKreport[0]_S_03282014_180247.txt >>
  13. cyclopean
    Here is the log Kevin. It didn't make an Addition.txt for some reason. Thanks! Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014Ran by Richard (administrator) on RICHARD-PC on 28-03-2014 12:33:48Running from C:\Users\Richard\DesktopWindows 7 Ultimate N Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe(AMD) C:\Windows\system32\atieclxx.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe(Google Inc.) C:\Users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)HKLM\...\Run: [ihefadl] - "C:\Users\Richard\AppData\Roaming\Xafoivug\namosec.exe"HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2011-09-20] (Nero AG)HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-13] (RealNetworks, Inc.)HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [iJNetworkScanUtility] - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-24] (CANON INC.)HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)HKLM-x32\...\Run: [ihefadl] - C:\Users\Richard\AppData\Roaming\Xafoivug\namosec.exeHKLM-x32\...\Run: [udahmaytuf] - "C:\Users\Richard\AppData\Roaming\Fyucqusy\koigsyi.exe"HKU\S-1-5-21-2902050937-303955776-554964296-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-05-28] (Google Inc.)HKU\S-1-5-21-2902050937-303955776-554964296-1000\...\Run: [Google Update] - C:\Users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-13] (Google Inc.)HKU\S-1-5-21-2902050937-303955776-554964296-1000\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)HKU\S-1-5-21-2902050937-303955776-554964296-1000\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAE49739D165CCE01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usURLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No FileSearchScopes: HKCU - {369F37B6-421E-40D3-BCF2-E9BD155FEAC4} URL = http://us.yhs4.search.yahoo.com/yhs/search?p={searchTerms}&ei=UTF-8&hspart=w3i&hsimp=yhs-synd1&type=W3i_DS,221,0_0,Search,20130625,0,0,6,7635BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabHandler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No FileHandler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Hosts: Hosts file not detected in the default directoryTcpip\Parameters: [DhcpNameServer] 192.168.1.254 Chrome: =======CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No FileCHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No FileCHR Extension: (YouTube) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-12]CHR Extension: (Google Search) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-12]CHR Extension: (RealDownloader) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-09-13]CHR Extension: (Google Wallet) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]CHR Extension: (Gmail) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-12]CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] ==================== Services (Whitelisted) ================= R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()S2 SecurityCenterServer8202235; "C:\Windows\SysWOW64\vointa.exe" -service "C:\Users\Richard\AppData\Roaming\Xafoivug\namosec.exe" ==================== Drivers (Whitelisted) ==================== R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-03-28] ()S3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-28 12:33 - 2014-03-28 12:33 - 00014187 _____ () C:\Users\Richard\Desktop\FRST.txt2014-03-28 12:33 - 2014-03-23 22:40 - 02157056 _____ (Farbar) C:\Users\Richard\Desktop\FRST64.exe2014-03-28 02:21 - 2014-03-28 02:21 - 00000000 ____D () C:\Windows\system32\config\HiveBackup2014-03-27 23:22 - 2014-03-28 12:31 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp2014-03-25 10:39 - 2014-03-25 23:31 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-03-25 10:39 - 2014-03-25 23:15 - 00000000 ____D () C:\Users\Richard\Desktop\mbar2014-03-25 06:01 - 2014-03-25 06:01 - 00006338 _____ () C:\Users\Richard\AppData\Local\duxqofwl2014-03-25 05:31 - 2014-03-25 23:27 - 00003348 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2902050937-303955776-554964296-10002014-03-25 04:00 - 2014-03-25 04:23 - 00003370 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2902050937-303955776-554964296-10002014-03-24 10:17 - 2014-03-24 21:35 - 00000000 ____D () C:\AdwCleaner2014-03-23 22:58 - 2014-03-28 12:33 - 00000000 ____D () C:\FRST2014-03-19 09:11 - 2014-03-19 09:11 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Mozilla2014-03-17 00:02 - 2014-03-17 00:02 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-03-17 00:02 - 2014-03-17 00:02 - 00000000 ____D () C:\Program Files\iTunes2014-03-17 00:02 - 2014-03-17 00:02 - 00000000 ____D () C:\Program Files\iPod2014-03-17 00:02 - 2014-03-17 00:02 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-03-17 00:00 - 2014-03-17 00:00 - 00000000 ____D () C:\Program Files (x86)\QuickTime2014-03-14 20:31 - 2014-03-14 20:31 - 00000000 _____ () C:\Users\Richard\AppData\Roaming\SharedSettings.ccs2014-03-11 17:35 - 2014-03-01 01:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-03-11 17:35 - 2014-03-01 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-03-11 17:35 - 2014-03-01 00:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-03-11 17:35 - 2014-02-28 23:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-03-11 17:35 - 2014-02-28 23:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-03-11 17:35 - 2014-02-28 23:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-03-11 17:35 - 2014-02-28 23:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-03-11 17:35 - 2014-02-28 23:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-03-11 17:35 - 2014-02-28 23:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-03-11 17:35 - 2014-02-28 23:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-03-11 17:35 - 2014-02-28 23:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-03-11 17:35 - 2014-02-28 23:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-03-11 17:35 - 2014-02-28 23:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-03-11 17:35 - 2014-02-28 23:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-03-11 17:35 - 2014-02-28 23:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-03-11 17:35 - 2014-02-28 23:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-03-11 17:35 - 2014-02-28 23:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-03-11 17:35 - 2014-02-28 22:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-03-11 17:35 - 2014-02-28 22:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-03-11 17:35 - 2014-02-28 22:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-03-11 17:35 - 2014-02-28 22:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-03-11 17:35 - 2014-02-28 22:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-03-11 17:35 - 2014-02-28 22:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-03-11 17:35 - 2014-02-28 22:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-03-11 17:35 - 2014-02-28 22:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-03-11 17:35 - 2014-02-28 22:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-03-11 17:35 - 2014-02-28 22:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-03-11 17:35 - 2014-02-28 22:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-03-11 17:35 - 2014-02-28 22:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-03-11 17:35 - 2014-02-28 22:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-03-11 17:35 - 2014-02-28 22:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-03-11 17:35 - 2014-02-28 22:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-03-11 17:35 - 2014-02-28 22:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-03-11 17:35 - 2014-02-28 22:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-03-11 17:35 - 2014-02-28 21:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-03-11 17:35 - 2014-02-28 21:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-03-11 17:35 - 2014-02-28 21:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-03-11 17:35 - 2014-02-28 21:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-03-11 17:35 - 2014-02-28 21:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-03-11 17:35 - 2014-02-28 21:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-03-11 17:35 - 2014-02-06 20:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-03-11 17:35 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll2014-03-11 17:35 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll2014-03-11 17:35 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll2014-03-11 17:34 - 2014-02-03 21:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2014-03-11 17:34 - 2014-02-03 21:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-03-11 17:34 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2014-03-11 17:34 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2014-03-10 20:02 - 2014-03-11 23:35 - 00000000 ____D () C:\Users\Richard\Documents\Tax Docs 2013 ==================== One Month Modified Files and Folders ======= 2014-03-28 12:35 - 2014-03-28 12:33 - 00014187 _____ () C:\Users\Richard\Desktop\FRST.txt2014-03-28 12:33 - 2014-03-23 22:58 - 00000000 ____D () C:\FRST2014-03-28 12:32 - 2013-05-28 21:49 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-03-28 12:32 - 2013-05-28 20:50 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job2014-03-28 12:31 - 2014-03-27 23:22 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp2014-03-28 12:31 - 2013-07-01 23:50 - 00011898 _____ () C:\Windows\setupact.log2014-03-28 12:31 - 2013-07-01 23:49 - 00300470 _____ () C:\Windows\PFRO.log2014-03-28 12:31 - 2013-05-28 20:56 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys2014-03-28 12:31 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-03-28 07:40 - 2013-05-28 12:40 - 01836429 _____ () C:\Windows\WindowsUpdate.log2014-03-28 07:19 - 2013-05-30 00:44 - 00000000 ____D () C:\Users\Richard\AppData\Local\CrashDumps2014-03-28 07:08 - 2013-05-29 00:46 - 00000000 ____D () C:\Users\Richard\Documents\Flight Simulator X Files2014-03-28 07:08 - 2013-05-28 21:49 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-03-28 06:52 - 2013-05-28 21:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-03-28 06:46 - 2009-07-13 23:50 - 00025408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-03-28 06:46 - 2009-07-13 23:50 - 00025408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-03-28 06:16 - 2013-06-02 15:09 - 00000000 ____D () C:\Users\Richard\Documents\Outlook Files2014-03-28 05:03 - 2013-07-19 14:08 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2902050937-303955776-554964296-1000UA.job2014-03-28 05:03 - 2013-07-19 14:08 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2902050937-303955776-554964296-1000Core.job2014-03-28 05:00 - 2009-07-14 00:12 - 00803274 _____ () C:\Windows\system32\PerfStringBackup.INI2014-03-28 02:21 - 2014-03-28 02:21 - 00000000 ____D () C:\Windows\system32\config\HiveBackup2014-03-28 00:03 - 2013-05-28 21:49 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-03-28 00:03 - 2013-05-28 21:49 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-03-26 01:32 - 2013-05-29 01:56 - 00007605 _____ () C:\Users\Richard\AppData\Local\resmon.resmoncfg2014-03-25 23:33 - 2013-09-13 12:19 - 00000000 ____D () C:\Users\Richard\AppData\Local\Apple Computer2014-03-25 23:31 - 2014-03-25 10:39 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-03-25 23:27 - 2014-03-25 05:31 - 00003348 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2902050937-303955776-554964296-10002014-03-25 23:27 - 2013-09-13 10:14 - 00003218 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2902050937-303955776-554964296-10002014-03-25 23:15 - 2014-03-25 10:39 - 00000000 ____D () C:\Users\Richard\Desktop\mbar2014-03-25 22:18 - 2009-07-14 00:38 - 00000000 ____D () C:\Windows\addins2014-03-25 13:13 - 2013-05-28 20:50 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job2014-03-25 06:01 - 2014-03-25 06:01 - 00006338 _____ () C:\Users\Richard\AppData\Local\duxqofwl2014-03-25 05:11 - 2014-02-17 01:50 - 00000000 ____D () C:\ProgramData\MSNDynFiles2014-03-25 04:23 - 2014-03-25 04:00 - 00003370 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2902050937-303955776-554964296-10002014-03-25 04:23 - 2013-11-23 21:42 - 00003240 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2902050937-303955776-554964296-10002014-03-25 03:13 - 2013-07-19 14:08 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2902050937-303955776-554964296-1000UA2014-03-25 03:13 - 2013-07-19 14:08 - 00003498 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2902050937-303955776-554964296-1000Core2014-03-24 21:35 - 2014-03-24 10:17 - 00000000 ____D () C:\AdwCleaner2014-03-24 10:08 - 2013-05-28 20:37 - 00000000 ____D () C:\Users\Richard2014-03-23 22:40 - 2014-03-28 12:33 - 02157056 _____ (Farbar) C:\Users\Richard\Desktop\FRST64.exe2014-03-19 09:11 - 2014-03-19 09:11 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Mozilla2014-03-18 23:18 - 2013-06-01 13:13 - 00000000 ____D () C:\Program Files\Microsoft Office 152014-03-18 03:01 - 2013-07-14 03:00 - 00000000 ____D () C:\Windows\system32\MRT2014-03-18 03:00 - 2013-05-28 22:59 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-03-17 00:02 - 2014-03-17 00:02 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-03-17 00:02 - 2014-03-17 00:02 - 00000000 ____D () C:\Program Files\iTunes2014-03-17 00:02 - 2014-03-17 00:02 - 00000000 ____D () C:\Program Files\iPod2014-03-17 00:02 - 2014-03-17 00:02 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-03-17 00:00 - 2014-03-17 00:00 - 00000000 ____D () C:\Program Files (x86)\QuickTime2014-03-14 20:31 - 2014-03-14 20:31 - 00000000 _____ () C:\Users\Richard\AppData\Roaming\SharedSettings.ccs2014-03-12 03:19 - 2009-07-13 23:50 - 00451704 _____ () C:\Windows\system32\FNTCACHE.DAT2014-03-12 03:18 - 2014-01-01 12:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-03-12 03:18 - 2014-01-01 12:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-03-11 23:35 - 2014-03-10 20:02 - 00000000 ____D () C:\Users\Richard\Documents\Tax Docs 20132014-03-11 20:52 - 2013-05-28 21:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-03-11 20:52 - 2013-05-28 21:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-03-11 20:52 - 2013-05-28 21:49 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-03-01 01:05 - 2014-03-11 17:35 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-03-01 00:17 - 2014-03-11 17:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-03-01 00:16 - 2014-03-11 17:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-02-28 23:58 - 2014-03-11 17:35 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-02-28 23:52 - 2014-03-11 17:35 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-02-28 23:51 - 2014-03-11 17:35 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-02-28 23:42 - 2014-03-11 17:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-02-28 23:40 - 2014-03-11 17:35 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-02-28 23:37 - 2014-03-11 17:35 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-02-28 23:33 - 2014-03-11 17:35 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-02-28 23:33 - 2014-03-11 17:35 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-02-28 23:32 - 2014-03-11 17:35 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-02-28 23:30 - 2014-03-11 17:35 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-02-28 23:27 - 2013-05-29 23:47 - 00000000 ____D () C:\ProgramData\Esellerate2014-02-28 23:23 - 2014-03-11 17:35 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-02-28 23:17 - 2014-03-11 17:35 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-02-28 23:11 - 2014-03-11 17:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-02-28 23:02 - 2014-03-11 17:35 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-02-28 22:54 - 2014-03-11 17:35 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-02-28 22:52 - 2014-03-11 17:35 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-02-28 22:51 - 2014-03-11 17:35 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-02-28 22:47 - 2014-03-11 17:35 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-02-28 22:43 - 2014-03-11 17:35 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-02-28 22:43 - 2014-03-11 17:35 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-02-28 22:42 - 2014-03-11 17:35 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-02-28 22:40 - 2014-03-11 17:35 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-02-28 22:38 - 2014-03-11 17:35 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-02-28 22:37 - 2014-03-11 17:35 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-02-28 22:35 - 2014-03-11 17:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-02-28 22:18 - 2014-03-11 17:35 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-02-28 22:16 - 2014-03-11 17:35 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-02-28 22:14 - 2014-03-11 17:35 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-02-28 22:10 - 2014-03-11 17:35 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-02-28 22:03 - 2014-03-11 17:35 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-02-28 22:00 - 2014-03-11 17:35 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-02-28 21:57 - 2014-03-11 17:35 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-02-28 21:38 - 2014-03-11 17:35 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-02-28 21:32 - 2014-03-11 17:35 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-02-28 21:27 - 2014-03-11 17:35 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-02-28 21:25 - 2014-03-11 17:35 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-02-28 21:25 - 2014-03-11 17:35 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll Some content of TEMP:====================C:\Users\Richard\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-21 04:05 ==================== End Of Log ============================
  14. cyclopean
    Hello Kevin, System rebooted and full scan performed! Logs follow. Thanks! 2014/03/27 23:22:57 -0500 RICHARD-PC (null) MESSAGE Executing scheduled update: Daily2014/03/27 23:22:59 -0500 RICHARD-PC (null) MESSAGE Starting protection2014/03/27 23:22:59 -0500 RICHARD-PC (null) MESSAGE Protection started successfully2014/03/27 23:22:59 -0500 RICHARD-PC (null) MESSAGE Starting IP protection2014/03/27 23:23:00 -0500 RICHARD-PC (null) MESSAGE IP Protection started successfully2014/03/27 23:23:11 -0500 RICHARD-PC (null) MESSAGE Scheduled update executed successfully: database updated from version v2014.03.26.02 to version v2014.03.28.012014/03/27 23:23:11 -0500 RICHARD-PC (null) MESSAGE Starting database refresh2014/03/27 23:23:11 -0500 RICHARD-PC (null) MESSAGE Stopping IP protection2014/03/27 23:23:11 -0500 RICHARD-PC (null) MESSAGE IP Protection stopped successfully2014/03/27 23:23:13 -0500 RICHARD-PC (null) MESSAGE Database refreshed successfully2014/03/27 23:23:13 -0500 RICHARD-PC (null) MESSAGE Starting IP protection2014/03/27 23:23:13 -0500 RICHARD-PC (null) MESSAGE IP Protection started successfully2014/03/27 23:30:17 -0500 RICHARD-PC Richard IP-BLOCK 46.229.172.156 (Type: outgoing, Port: 49455, Process: explorer.exe)2014/03/27 23:30:17 -0500 RICHARD-PC Richard IP-BLOCK 37.9.49.237 (Type: outgoing, Port: 49462, Process: explorer.exe)2014/03/27 23:30:17 -0500 RICHARD-PC Richard IP-BLOCK 46.229.172.156 (Type: outgoing, Port: 49465, Process: explorer.exe)2014/03/27 23:51:04 -0500 RICHARD-PC Richard IP-BLOCK 99.249.29.20 (Type: outgoing, Port: 57642, Process: explorer.exe)2014/03/27 23:55:55 -0500 RICHARD-PC Richard IP-BLOCK 74.70.132.222 (Type: outgoing, Port: 60576, Process: explorer.exe) 2014/03/28 00:24:49 -0500 RICHARD-PC Richard IP-BLOCK 80.255.144.237 (Type: outgoing, Port: 60409, Process: explorer.exe)2014/03/28 00:32:27 -0500 RICHARD-PC Richard IP-BLOCK 88.214.193.174 (Type: outgoing, Port: 64471, Process: explorer.exe)2014/03/28 00:33:17 -0500 RICHARD-PC Richard IP-BLOCK 88.214.193.174 (Type: outgoing, Port: 65021, Process: explorer.exe)2014/03/28 00:46:31 -0500 RICHARD-PC Richard IP-BLOCK 74.70.132.222 (Type: outgoing, Port: 55705, Process: explorer.exe)2014/03/28 00:46:54 -0500 RICHARD-PC Richard IP-BLOCK 80.255.144.237 (Type: outgoing, Port: 55888, Process: explorer.exe)2014/03/28 01:10:04 -0500 RICHARD-PC Richard IP-BLOCK 88.214.193.174 (Type: outgoing, Port: 54895, Process: explorer.exe)2014/03/28 01:19:39 -0500 RICHARD-PC Richard MESSAGE Executing scheduled update: Daily2014/03/28 01:19:51 -0500 RICHARD-PC Richard MESSAGE Scheduled update executed successfully: database updated from version v2014.03.28.01 to version v2014.03.28.022014/03/28 01:19:52 -0500 RICHARD-PC Richard MESSAGE Starting database refresh2014/03/28 01:19:52 -0500 RICHARD-PC Richard MESSAGE Stopping IP protection2014/03/28 01:19:55 -0500 RICHARD-PC Richard MESSAGE IP Protection stopped successfully2014/03/28 01:22:05 -0500 RICHARD-PC Richard MESSAGE Database refreshed successfully2014/03/28 01:22:05 -0500 RICHARD-PC Richard MESSAGE Starting IP protection2014/03/28 01:22:08 -0500 RICHARD-PC Richard MESSAGE IP Protection started successfully2014/03/28 01:26:18 -0500 RICHARD-PC Richard IP-BLOCK 78.140.143.46 (Type: outgoing, Port: 49423, Process: explorer.exe)2014/03/28 02:02:04 -0500 RICHARD-PC Richard IP-BLOCK 78.140.143.46 (Type: outgoing, Port: 58202, Process: explorer.exe)2014/03/28 02:16:47 -0500 RICHARD-PC Richard IP-BLOCK 62.16.38.131 (Type: outgoing, Port: 49544, Process: explorer.exe)2014/03/28 02:16:55 -0500 RICHARD-PC Richard IP-BLOCK 62.16.38.131 (Type: outgoing, Port: 49610, Process: explorer.exe)2014/03/28 02:16:55 -0500 RICHARD-PC Richard IP-BLOCK 62.16.38.131 (Type: outgoing, Port: 49611, Process: explorer.exe)2014/03/28 02:17:36 -0500 RICHARD-PC Richard IP-BLOCK 62.16.38.131 (Type: outgoing, Port: 49830, Process: explorer.exe)2014/03/28 02:17:36 -0500 RICHARD-PC Richard IP-BLOCK 62.16.38.131 (Type: outgoing, Port: 49831, Process: explorer.exe)2014/03/28 02:17:36 -0500 RICHARD-PC Richard IP-BLOCK 62.16.38.131 (Type: outgoing, Port: 49836, Process: explorer.exe)2014/03/28 02:17:36 -0500 RICHARD-PC Richard IP-BLOCK 62.16.38.131 (Type: outgoing, Port: 49837, Process: explorer.exe)2014/03/28 02:25:10 -0500 RICHARD-PC Richard IP-BLOCK 88.214.193.174 (Type: outgoing, Port: 54681, Process: explorer.exe)2014/03/28 02:32:10 -0500 RICHARD-PC Richard IP-BLOCK 62.16.38.131 (Type: outgoing, Port: 58911, Process: explorer.exe)2014/03/28 02:32:10 -0500 RICHARD-PC Richard IP-BLOCK 62.16.38.131 (Type: outgoing, Port: 58912, Process: explorer.exe)2014/03/28 02:32:10 -0500 RICHARD-PC Richard IP-BLOCK 62.16.38.131 (Type: outgoing, Port: 58916, Process: explorer.exe)2014/03/28 02:32:10 -0500 RICHARD-PC Richard IP-BLOCK 62.16.38.131 (Type: outgoing, Port: 58917, Process: explorer.exe)2014/03/28 02:43:48 -0500 RICHARD-PC Richard IP-BLOCK 88.214.193.174 (Type: outgoing, Port: 64869, Process: explorer.exe)2014/03/28 03:02:14 -0500 RICHARD-PC Richard IP-BLOCK 62.16.38.131 (Type: outgoing, Port: 59919, Process: explorer.exe)2014/03/28 03:02:22 -0500 RICHARD-PC Richard IP-BLOCK 62.16.38.131 (Type: outgoing, Port: 59920, Process: explorer.exe)2014/03/28 03:02:30 -0500 RICHARD-PC Richard IP-BLOCK 62.16.38.131 (Type: outgoing, Port: 60088, Process: explorer.exe)2014/03/28 03:02:30 -0500 RICHARD-PC Richard IP-BLOCK 62.16.38.131 (Type: outgoing, Port: 60089, Process: explorer.exe)2014/03/28 03:03:36 -0500 RICHARD-PC Richard IP-BLOCK 109.251.115.16 (Type: outgoing, Port: 60857, Process: explorer.exe)2014/03/28 03:03:36 -0500 RICHARD-PC Richard IP-BLOCK 184.64.59.68 (Type: outgoing, Port: 60858, Process: explorer.exe)2014/03/28 03:03:36 -0500 RICHARD-PC Richard IP-BLOCK 188.129.241.164 (Type: outgoing, Port: 60859, Process: explorer.exe)2014/03/28 03:03:36 -0500 RICHARD-PC Richard IP-BLOCK 62.16.38.131 (Type: outgoing, Port: 60860, Process: explorer.exe)2014/03/28 03:05:29 -0500 RICHARD-PC Richard IP-BLOCK 188.231.147.199 (Type: outgoing, Port: 62157, Process: explorer.exe)2014/03/28 03:05:29 -0500 RICHARD-PC Richard IP-BLOCK 62.16.38.131 (Type: outgoing, Port: 62178, Process: explorer.exe)2014/03/28 03:05:29 -0500 RICHARD-PC Richard IP-BLOCK 62.16.38.131 (Type: outgoing, Port: 62179, Process: explorer.exe)2014/03/28 03:20:28 -0500 RICHARD-PC Richard IP-BLOCK 188.239.5.123 (Type: outgoing, Port: 55936, Process: explorer.exe)2014/03/28 03:28:28 -0500 RICHARD-PC Richard IP-BLOCK 188.231.147.199 (Type: outgoing, Port: 59778, Process: explorer.exe)2014/03/28 03:28:36 -0500 RICHARD-PC Richard IP-BLOCK 62.16.38.131 (Type: outgoing, Port: 59868, Process: explorer.exe)2014/03/28 03:28:36 -0500 RICHARD-PC Richard IP-BLOCK 62.16.38.131 (Type: outgoing, Port: 59869, Process: explorer.exe)2014/03/28 03:28:36 -0500 RICHARD-PC Richard IP-BLOCK 62.16.38.131 (Type: outgoing, Port: 59930, Process: explorer.exe)2014/03/28 03:28:36 -0500 RICHARD-PC Richard IP-BLOCK 62.16.38.131 (Type: outgoing, Port: 59931, Process: explorer.exe)2014/03/28 03:31:13 -0500 RICHARD-PC Richard IP-BLOCK 62.16.38.131 (Type: outgoing, Port: 62438, Process: explorer.exe)2014/03/28 03:31:13 -0500 RICHARD-PC Richard IP-BLOCK 62.16.38.131 (Type: outgoing, Port: 62446, Process: explorer.exe)2014/03/28 03:31:13 -0500 RICHARD-PC Richard IP-BLOCK 62.16.38.131 (Type: outgoing, Port: 62481, Process: explorer.exe)2014/03/28 03:31:13 -0500 RICHARD-PC Richard IP-BLOCK 62.16.38.131 (Type: outgoing, Port: 62483, Process: explorer.exe)2014/03/28 03:44:07 -0500 RICHARD-PC Richard IP-BLOCK 188.239.5.123 (Type: outgoing, Port: 49972, Process: explorer.exe)2014/03/28 05:03:14 -0500 RICHARD-PC (null) MESSAGE Starting protection2014/03/28 05:03:14 -0500 RICHARD-PC (null) MESSAGE Protection started successfully2014/03/28 05:03:14 -0500 RICHARD-PC (null) MESSAGE Starting IP protection2014/03/28 05:03:15 -0500 RICHARD-PC (null) MESSAGE IP Protection started successfully2014/03/28 05:04:59 -0500 RICHARD-PC Richard IP-BLOCK 188.254.235.254 (Type: outgoing, Port: 49199, Process: explorer.exe)
  15. cyclopean
    Hello Kevin - No boot, logs below. Thanks! Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014Ran by SYSTEM at 2014-03-27 09:03:26 Run:2Running from F:\Boot Mode: Recovery============================================== Content of fixlist:*****************StartHKLM\...\Run: [usgimeyqufybkyy] - "C:\Users\Richard\AppData\Roaming\Miinhy\novevo.exe"C:\Users\Richard\AppData\Roaming\MiinhyHKU\Richard\...\Run: [bqdckkbd] - C:\Users\Richard\AppData\Local\ebrpqrsg.exe [118784 2014-03-25] ()C:\Users\Richard\AppData\Local\ebrpqrsg.exeS1 ejgzteza; C:\Windows\system32\drivers\ejgzteza.sys [55104 2014-03-25] (Microsoft Corporation)C:\Windows\system32\drivers\ejgzteza.sys2014-03-24 18:36 - 2014-03-25 08:06 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Qihynak2014-03-24 07:08 - 2014-03-25 08:04 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Piatymvy2014-03-24 07:08 - 2014-03-25 00:59 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Miinhy2014-03-23 13:39 - 2014-03-25 00:16 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Syalcero2014-03-22 18:12 - 2014-03-22 18:12 - 00106496 _____ () C:\Users\Richard\AppData\Local\pmtbhdqk.exe2014-03-22 04:00 - 2014-03-22 04:00 - 00005911 _____ () C:\Users\Richard\AppData\Local\lcqibmel2014-03-21 11:39 - 2014-03-21 11:39 - 00005911 _____ () C:\Users\Richard\AppData\Local\gvupnbox2014-03-20 06:09 - 2014-03-20 06:09 - 00005911 _____ () C:\Users\Richard\AppData\Local\eboboaqd2014-03-14 17:33 - 2014-03-14 17:33 - 00012326 _____ () C:\Users\Richard\AppData\Local\xuhgjnch2014-03-14 17:32 - 2014-03-14 17:32 - 00068465 _____ () C:\Users\Richard\AppData\Local\eccrersoEnd***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Usgimeyqufybkyy => Value deleted successfully.C:\Users\Richard\AppData\Roaming\Miinhy => Moved successfully.HKU\Richard\Software\Microsoft\Windows\CurrentVersion\Run\\bqdckkbd => Value deleted successfully.C:\Users\Richard\AppData\Local\ebrpqrsg.exe => Moved successfully.ejgzteza => Service deleted successfully.C:\Windows\system32\drivers\ejgzteza.sys => Moved successfully.C:\Users\Richard\AppData\Roaming\Qihynak => Moved successfully.C:\Users\Richard\AppData\Roaming\Piatymvy => Moved successfully."C:\Users\Richard\AppData\Roaming\Miinhy" => File/Directory not found.C:\Users\Richard\AppData\Roaming\Syalcero => Moved successfully.C:\Users\Richard\AppData\Local\pmtbhdqk.exe => Moved successfully.C:\Users\Richard\AppData\Local\lcqibmel => Moved successfully.C:\Users\Richard\AppData\Local\gvupnbox => Moved successfully.C:\Users\Richard\AppData\Local\eboboaqd => Moved successfully.C:\Users\Richard\AppData\Local\xuhgjnch => Moved successfully.C:\Users\Richard\AppData\Local\eccrerso => Moved successfully. ==== End of Fixlog ====
  16. cyclopean
    Hello Kevin, Here is the log file; Thanks! Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014Ran by SYSTEM on MININT-DVOPIPO on 27-03-2014 02:21:27Running from F:\Windows 7 Ultimate N Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Recovery The current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-16] (Realtek Semiconductor)HKLM\...\Run: [usgimeyqufybkyy] - "C:\Users\Richard\AppData\Roaming\Miinhy\novevo.exe"HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2011-09-20] (Nero AG)HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-13] (RealNetworks, Inc.)HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [iJNetworkScanUtility] - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-24] (CANON INC.)HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)HKU\Richard\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-05-28] (Google Inc.)HKU\Richard\...\Run: [Google Update] - C:\Users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-12] (Google Inc.)HKU\Richard\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)HKU\Richard\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)HKU\Richard\...\Run: [bqdckkbd] - C:\Users\Richard\AppData\Local\ebrpqrsg.exe [118784 2014-03-25] () ==================== Services (Whitelisted) ================= S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()S2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () ==================== Drivers (Whitelisted) ==================== S1 ejgzteza; C:\Windows\system32\drivers\ejgzteza.sys [55104 2014-03-25] (Microsoft Corporation)S3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()S3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-03-25] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-25 23:12 - 2014-03-25 23:12 - 00055104 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ejgzteza.sys2014-03-25 12:21 - 2014-03-25 12:21 - 00118784 _____ () C:\Users\Richard\AppData\Local\ebrpqrsg.exe2014-03-25 08:07 - 2014-03-25 21:23 - 00094656 _____ (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp2014-03-25 07:42 - 2014-03-25 19:47 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys2014-03-25 07:39 - 2014-03-25 20:31 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys2014-03-25 07:39 - 2014-03-25 20:15 - 00000000 ____D () C:\Users\Richard\Desktop\mbar2014-03-25 03:01 - 2014-03-25 03:01 - 00006338 _____ () C:\Users\Richard\AppData\Local\duxqofwl2014-03-25 02:31 - 2014-03-25 20:27 - 00003348 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2902050937-303955776-554964296-10002014-03-25 01:00 - 2014-03-25 01:23 - 00003370 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2902050937-303955776-554964296-10002014-03-24 18:36 - 2014-03-25 08:06 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Qihynak2014-03-24 07:17 - 2014-03-24 18:35 - 00000000 ____D () C:\AdwCleaner2014-03-24 07:08 - 2014-03-25 08:04 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Piatymvy2014-03-24 07:08 - 2014-03-25 00:59 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Miinhy2014-03-23 20:36 - 2014-03-23 20:36 - 00000000 ____D () C:\Users\Richard\Documents\New folder (2)2014-03-23 20:31 - 2014-03-23 20:31 - 00000000 ____D () C:\Users\Richard\Documents\New folder2014-03-23 19:58 - 2014-03-27 02:21 - 00000000 ____D () C:\FRST2014-03-23 13:39 - 2014-03-25 00:16 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Syalcero2014-03-22 18:12 - 2014-03-22 18:12 - 00106496 _____ () C:\Users\Richard\AppData\Local\pmtbhdqk.exe2014-03-22 04:00 - 2014-03-22 04:00 - 00005911 _____ () C:\Users\Richard\AppData\Local\lcqibmel2014-03-21 11:39 - 2014-03-21 11:39 - 00005911 _____ () C:\Users\Richard\AppData\Local\gvupnbox2014-03-20 06:09 - 2014-03-20 06:09 - 00005911 _____ () C:\Users\Richard\AppData\Local\eboboaqd2014-03-19 06:11 - 2014-03-19 06:11 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Mozilla2014-03-16 21:02 - 2014-03-16 21:02 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-03-16 21:02 - 2014-03-16 21:02 - 00000000 ____D () C:\Program Files\iTunes2014-03-16 21:02 - 2014-03-16 21:02 - 00000000 ____D () C:\Program Files\iPod2014-03-16 21:02 - 2014-03-16 21:02 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-03-16 21:00 - 2014-03-16 21:00 - 00000000 ____D () C:\Program Files (x86)\QuickTime2014-03-14 17:33 - 2014-03-14 17:33 - 00012326 _____ () C:\Users\Richard\AppData\Local\xuhgjnch2014-03-14 17:32 - 2014-03-14 17:32 - 00068465 _____ () C:\Users\Richard\AppData\Local\eccrerso2014-03-14 17:31 - 2014-03-14 17:31 - 00000000 _____ () C:\Users\Richard\AppData\Roaming\SharedSettings.ccs2014-03-11 14:35 - 2014-02-28 22:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll2014-03-11 14:35 - 2014-02-28 21:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2014-03-11 14:35 - 2014-02-28 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll2014-03-11 14:35 - 2014-02-28 20:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll2014-03-11 14:35 - 2014-02-28 20:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll2014-03-11 14:35 - 2014-02-28 20:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll2014-03-11 14:35 - 2014-02-28 20:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2014-03-11 14:35 - 2014-02-28 20:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll2014-03-11 14:35 - 2014-02-28 20:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll2014-03-11 14:35 - 2014-02-28 20:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2014-03-11 14:35 - 2014-02-28 20:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe2014-03-11 14:35 - 2014-02-28 20:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll2014-03-11 14:35 - 2014-02-28 20:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-03-11 14:35 - 2014-02-28 20:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe2014-03-11 14:35 - 2014-02-28 20:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2014-03-11 14:35 - 2014-02-28 20:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-03-11 14:35 - 2014-02-28 20:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll2014-03-11 14:35 - 2014-02-28 19:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll2014-03-11 14:35 - 2014-02-28 19:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-03-11 14:35 - 2014-02-28 19:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-03-11 14:35 - 2014-02-28 19:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-03-11 14:35 - 2014-02-28 19:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-03-11 14:35 - 2014-02-28 19:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-03-11 14:35 - 2014-02-28 19:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2014-03-11 14:35 - 2014-02-28 19:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-03-11 14:35 - 2014-02-28 19:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-03-11 14:35 - 2014-02-28 19:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-03-11 14:35 - 2014-02-28 19:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2014-03-11 14:35 - 2014-02-28 19:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll2014-03-11 14:35 - 2014-02-28 19:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-03-11 14:35 - 2014-02-28 19:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-03-11 14:35 - 2014-02-28 19:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll2014-03-11 14:35 - 2014-02-28 19:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-03-11 14:35 - 2014-02-28 19:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-03-11 14:35 - 2014-02-28 18:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-03-11 14:35 - 2014-02-28 18:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll2014-03-11 14:35 - 2014-02-28 18:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-03-11 14:35 - 2014-02-28 18:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-03-11 14:35 - 2014-02-28 18:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll2014-03-11 14:35 - 2014-02-28 18:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-03-11 14:35 - 2014-02-06 17:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys2014-03-11 14:35 - 2014-01-28 18:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\System32\wer.dll2014-03-11 14:35 - 2014-01-28 18:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll2014-03-11 14:35 - 2014-01-27 18:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\System32\wwansvc.dll2014-03-11 14:34 - 2014-02-03 18:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll2014-03-11 14:34 - 2014-02-03 18:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll2014-03-11 14:34 - 2014-02-03 18:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2014-03-11 14:34 - 2014-02-03 18:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2014-03-10 17:02 - 2014-03-11 20:35 - 00000000 ____D () C:\Users\Richard\Documents\Tax Docs 2013 ==================== One Month Modified Files and Folders ======= 2014-03-27 02:21 - 2014-03-23 19:58 - 00000000 ____D () C:\FRST2014-03-26 00:20 - 2013-07-19 11:08 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2902050937-303955776-554964296-1000UA.job2014-03-26 00:19 - 2013-07-19 11:08 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2902050937-303955776-554964296-1000Core.job2014-03-26 00:00 - 2013-05-28 09:40 - 01775871 _____ () C:\Windows\WindowsUpdate.log2014-03-25 23:52 - 2013-05-28 18:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-03-25 23:49 - 2013-05-28 18:49 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-03-25 23:42 - 2013-06-02 12:09 - 00000000 ____D () C:\Users\Richard\Documents\Outlook Files2014-03-25 23:12 - 2014-03-25 23:12 - 00055104 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ejgzteza.sys2014-03-25 22:32 - 2013-05-28 22:56 - 00007605 _____ () C:\Users\Richard\AppData\Local\resmon.resmoncfg2014-03-25 22:21 - 2013-05-28 21:46 - 00000000 ____D () C:\Users\Richard\Documents\Flight Simulator X Files2014-03-25 21:37 - 2009-07-13 20:50 - 00025408 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-03-25 21:37 - 2009-07-13 20:50 - 00025408 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-03-25 21:23 - 2014-03-25 08:07 - 00094656 _____ (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp2014-03-25 21:23 - 2013-07-01 20:50 - 00010878 _____ () C:\Windows\setupact.log2014-03-25 21:23 - 2013-07-01 20:49 - 00296740 _____ () C:\Windows\PFRO.log2014-03-25 21:23 - 2013-05-28 18:49 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-03-25 21:23 - 2013-05-28 17:56 - 00034752 _____ () C:\Windows\System32\Drivers\WPRO_41_2001.sys2014-03-25 21:23 - 2013-05-28 17:50 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job2014-03-25 21:23 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-03-25 21:00 - 2013-05-29 21:44 - 00000000 ____D () C:\Users\Richard\AppData\Local\CrashDumps2014-03-25 20:33 - 2013-09-13 09:19 - 00000000 ____D () C:\Users\Richard\AppData\Local\Apple Computer2014-03-25 20:31 - 2014-03-25 07:39 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys2014-03-25 20:27 - 2014-03-25 02:31 - 00003348 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2902050937-303955776-554964296-10002014-03-25 20:27 - 2013-09-13 07:14 - 00003218 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2902050937-303955776-554964296-10002014-03-25 20:15 - 2014-03-25 07:39 - 00000000 ____D () C:\Users\Richard\Desktop\mbar2014-03-25 19:47 - 2014-03-25 07:42 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys2014-03-25 19:18 - 2009-07-13 21:38 - 00000000 ____D () C:\Windows\addins2014-03-25 12:21 - 2014-03-25 12:21 - 00118784 _____ () C:\Users\Richard\AppData\Local\ebrpqrsg.exe2014-03-25 10:13 - 2013-05-28 17:50 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job2014-03-25 08:06 - 2014-03-24 18:36 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Qihynak2014-03-25 08:04 - 2014-03-24 07:08 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Piatymvy2014-03-25 03:01 - 2014-03-25 03:01 - 00006338 _____ () C:\Users\Richard\AppData\Local\duxqofwl2014-03-25 02:11 - 2014-02-16 22:50 - 00000000 ____D () C:\ProgramData\MSNDynFiles2014-03-25 01:23 - 2014-03-25 01:00 - 00003370 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2902050937-303955776-554964296-10002014-03-25 01:23 - 2013-11-23 18:42 - 00003240 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2902050937-303955776-554964296-10002014-03-25 00:59 - 2014-03-24 07:08 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Miinhy2014-03-25 00:16 - 2014-03-23 13:39 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Syalcero2014-03-25 00:13 - 2013-07-19 11:08 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2902050937-303955776-554964296-1000UA2014-03-25 00:13 - 2013-07-19 11:08 - 00003498 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2902050937-303955776-554964296-1000Core2014-03-24 18:35 - 2014-03-24 07:17 - 00000000 ____D () C:\AdwCleaner2014-03-24 07:08 - 2013-05-28 17:37 - 00000000 ____D () C:\users\Richard2014-03-23 20:36 - 2014-03-23 20:36 - 00000000 ____D () C:\Users\Richard\Documents\New folder (2)2014-03-23 20:31 - 2014-03-23 20:31 - 00000000 ____D () C:\Users\Richard\Documents\New folder2014-03-23 19:57 - 2009-07-13 21:12 - 00803274 _____ () C:\Windows\System32\PerfStringBackup.INI2014-03-22 18:12 - 2014-03-22 18:12 - 00106496 _____ () C:\Users\Richard\AppData\Local\pmtbhdqk.exe2014-03-22 04:00 - 2014-03-22 04:00 - 00005911 _____ () C:\Users\Richard\AppData\Local\lcqibmel2014-03-21 11:39 - 2014-03-21 11:39 - 00005911 _____ () C:\Users\Richard\AppData\Local\gvupnbox2014-03-20 06:09 - 2014-03-20 06:09 - 00005911 _____ () C:\Users\Richard\AppData\Local\eboboaqd2014-03-19 06:11 - 2014-03-19 06:11 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Mozilla2014-03-18 20:18 - 2013-06-01 10:13 - 00000000 ____D () C:\Program Files\Microsoft Office 152014-03-18 00:01 - 2013-07-14 00:00 - 00000000 ____D () C:\Windows\System32\MRT2014-03-18 00:00 - 2013-05-28 19:59 - 90015360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe2014-03-16 21:02 - 2014-03-16 21:02 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-03-16 21:02 - 2014-03-16 21:02 - 00000000 ____D () C:\Program Files\iTunes2014-03-16 21:02 - 2014-03-16 21:02 - 00000000 ____D () C:\Program Files\iPod2014-03-16 21:02 - 2014-03-16 21:02 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-03-16 21:00 - 2014-03-16 21:00 - 00000000 ____D () C:\Program Files (x86)\QuickTime2014-03-14 17:33 - 2014-03-14 17:33 - 00012326 _____ () C:\Users\Richard\AppData\Local\xuhgjnch2014-03-14 17:32 - 2014-03-14 17:32 - 00068465 _____ () C:\Users\Richard\AppData\Local\eccrerso2014-03-14 17:31 - 2014-03-14 17:31 - 00000000 _____ () C:\Users\Richard\AppData\Roaming\SharedSettings.ccs2014-03-12 00:19 - 2009-07-13 20:50 - 00451704 _____ () C:\Windows\System32\FNTCACHE.DAT2014-03-12 00:18 - 2014-01-01 09:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-03-12 00:18 - 2014-01-01 09:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-03-11 20:35 - 2014-03-10 17:02 - 00000000 ____D () C:\Users\Richard\Documents\Tax Docs 20132014-03-11 17:52 - 2013-05-28 18:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-03-11 17:52 - 2013-05-28 18:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-03-11 17:52 - 2013-05-28 18:49 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-02-28 22:05 - 2014-03-11 14:35 - 23133696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll2014-02-28 21:17 - 2014-03-11 14:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2014-02-28 21:16 - 2014-03-11 14:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll2014-02-28 20:58 - 2014-03-11 14:35 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll2014-02-28 20:52 - 2014-03-11 14:35 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll2014-02-28 20:51 - 2014-03-11 14:35 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll2014-02-28 20:42 - 2014-03-11 14:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2014-02-28 20:40 - 2014-03-11 14:35 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll2014-02-28 20:37 - 2014-03-11 14:35 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll2014-02-28 20:33 - 2014-03-11 14:35 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2014-02-28 20:33 - 2014-03-11 14:35 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe2014-02-28 20:32 - 2014-03-11 14:35 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll2014-02-28 20:30 - 2014-03-11 14:35 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-02-28 20:27 - 2013-05-29 20:47 - 00000000 ____D () C:\ProgramData\Esellerate2014-02-28 20:23 - 2014-03-11 14:35 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe2014-02-28 20:17 - 2014-03-11 14:35 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2014-02-28 20:11 - 2014-03-11 14:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-02-28 20:02 - 2014-03-11 14:35 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll2014-02-28 19:54 - 2014-03-11 14:35 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll2014-02-28 19:52 - 2014-03-11 14:35 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-02-28 19:51 - 2014-03-11 14:35 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-02-28 19:47 - 2014-03-11 14:35 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-02-28 19:43 - 2014-03-11 14:35 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-02-28 19:43 - 2014-03-11 14:35 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-02-28 19:42 - 2014-03-11 14:35 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2014-02-28 19:40 - 2014-03-11 14:35 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-02-28 19:38 - 2014-03-11 14:35 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-02-28 19:37 - 2014-03-11 14:35 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-02-28 19:35 - 2014-03-11 14:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2014-02-28 19:18 - 2014-03-11 14:35 - 13051904 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll2014-02-28 19:16 - 2014-03-11 14:35 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-02-28 19:14 - 2014-03-11 14:35 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-02-28 19:10 - 2014-03-11 14:35 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll2014-02-28 19:03 - 2014-03-11 14:35 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-02-28 19:00 - 2014-03-11 14:35 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-02-28 18:57 - 2014-03-11 14:35 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-02-28 18:38 - 2014-03-11 14:35 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll2014-02-28 18:32 - 2014-03-11 14:35 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-02-28 18:27 - 2014-03-11 14:35 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-02-28 18:25 - 2014-03-11 14:35 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll2014-02-28 18:25 - 2014-03-11 14:35 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll Some content of TEMP:====================C:\Users\Richard\AppData\Local\Temp\Quarantine.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2014-03-21 01:04:23Restore point made on: 2014-03-21 01:08:53Restore point made on: 2014-03-25 08:03:51Restore point made on: 2014-03-25 16:17:52Restore point made on: 2014-03-25 19:00:32Restore point made on: 2014-03-25 23:12:23 ==================== Memory info =========================== Percentage of memory in use: 10%Total physical RAM: 8146.68 MBAvailable physical RAM: 7331.33 MBTotal Pagefile: 8144.88 MBAvailable Pagefile: 7315.87 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.89 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.75 GB) (Free:387.12 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (Games) (Fixed) (Total:931.51 GB) (Free:809.49 GB) NTFSDrive e: (GSP1RMCNULXFRER_EN_DVD) (CDROM) (Total:2.77 GB) (Free:0 GB) UDFDrive f: (USB30FD) (Removable) (Total:59.36 GB) (Free:55.93 GB) FAT32Drive g: (Elements) (Fixed) (Total:931.51 GB) (Free:798.44 GB) NTFSDrive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 4CEFF2DC)Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: F2B80514) Partition: GPT Partition Type. ========================================================Disk: 2 (MBR Code: Windows XP) (Size: 59 GB) (Disk ID: C3072E18) Partition: GPT Partition Type. ========================================================Disk: 3 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 000AD541) Partition: GPT Partition Type. LastRegBack: 2014-03-21 01:05 ==================== End Of Log ============================
  17. cyclopean
    Hey Kevin, Just an update for you - now the machine will not boot. It just keeps looping at the BIOS screen continually...not sure what that means at this point. Thanks!
  18. cyclopean
    Hello Kevin, Well I wish I could report things were better, but they're either the same or decidedly worse. As I tested the system everything at first seemed okay - just slight delays in launching things like browsers and programs. Then the issues began to show their ugly heads again - browsers staying blank for a long time; failing and recovering, and applications taking 5 minutes to launch and then stuttering through their execution. Rebooting the computer is an affair all by itself with the screen blinking rapidly and then going back to the un-rebooted state. The final reboot I've done tonight came back to a screen that's entirely striped like a pajama suit. I'm so surprised that MBAM let whatever is affecting me through. I hope you have other suggestions that could help me otherwise I think I'm hosed! Thanks for the help! The logs follow...... Malwarebytes Anti-Rootkit BETA 1.07.0.1009www.malwarebytes.org Database version: v2014.03.25.04 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16521Richard :: RICHARD-PC [administrator] 3/25/2014 10:42:41 AMmbar-log-2014-03-25 (10-42-41).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 261633Time elapsed: 17 minute(s), 34 second(s) Memory Processes Detected: 8C:\Users\Richard\AppData\Roaming\Qihynak\osiziz.exe (Spyware.Zbot) -> 1464 -> Delete on reboot.C:\Users\Richard\AppData\Roaming\Qihynak\osiziz.exe (Spyware.Zbot) -> 16620 -> Delete on reboot.C:\Users\Richard\AppData\Roaming\Qihynak\osiziz.exe (Spyware.Zbot) -> 20560 -> Delete on reboot.C:\Users\Richard\AppData\Roaming\Qihynak\osiziz.exe (Spyware.Zbot) -> 14340 -> Delete on reboot.C:\Users\Richard\AppData\Roaming\Qihynak\osiziz.exe (Spyware.Zbot) -> 18812 -> Delete on reboot.C:\Users\Richard\AppData\Roaming\Qihynak\osiziz.exe (Spyware.Zbot) -> 9744 -> Delete on reboot.C:\Users\Richard\AppData\Roaming\Qihynak\osiziz.exe (Spyware.Zbot) -> 21404 -> Delete on reboot.C:\Users\Richard\AppData\Roaming\Qihynak\osiziz.exe (Spyware.Zbot) -> 19032 -> Delete on reboot. Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 8HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Fyzierneabmued (Spyware.Zbot) -> Data: "C:\Users\Richard\AppData\Roaming\Qihynak\osiziz.exe" -> Delete on reboot.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Fyzierneabmued (Spyware.Zbot) -> Data: C:\Users\Richard\AppData\Roaming\Qihynak\osiziz.exe -> Delete on reboot.HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Fyzierneabmued (Spyware.Zbot) -> Data: C:\Users\Richard\AppData\Roaming\Qihynak\osiziz.exe -> Delete on reboot.HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Fyzierneabmued (Spyware.Zbot) -> Data: C:\Users\Richard\AppData\Roaming\Qihynak\osiziz.exe -> Delete on reboot.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Beuqy (Spyware.Zbot) -> Data: "C:\Users\Richard\AppData\Roaming\Piatymvy\inpoy.exe" -> Delete on reboot.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Beuqy (Spyware.Zbot) -> Data: "C:\Users\Richard\AppData\Roaming\Piatymvy\inpoy.exe" -> Delete on reboot.HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Beuqy (Spyware.Zbot) -> Data: C:\Users\Richard\AppData\Roaming\Piatymvy\inpoy.exe -> Delete on reboot.HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Beuqy (Spyware.Zbot) -> Data: C:\Users\Richard\AppData\Roaming\Piatymvy\inpoy.exe -> Delete on reboot. Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 3C:\Users\Richard\AppData\Roaming\Qihynak\osiziz.exe (Spyware.Zbot) -> Delete on reboot.C:\Users\Richard\AppData\Roaming\Piatymvy\inpoy.exe (Spyware.Zbot) -> Delete on reboot.C:\Users\Richard\AppData\Local\Temp\UpdateFlashPlayer_627dec2b.exe (Spyware.Zbot) -> Delete on reboot. Physical Sectors Detected: 0(No malicious items detected) (end) Malwarebytes Anti-Rootkit BETA 1.07.0.1009www.malwarebytes.org Database version: v2014.03.25.05 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16521Richard :: RICHARD-PC [administrator] 3/25/2014 11:09:34 AMmbar-log-2014-03-25 (11-09-34).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 260710Time elapsed: 2 hour(s), 17 minute(s), 13 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 1C:\Users\Richard\AppData\Local\Temp\UpdateFlashPlayer_da5f38ae.exe (Trojan.Agent.ED) -> Delete on reboot. Physical Sectors Detected: 0(No malicious items detected) (end) Malwarebytes Anti-Rootkit BETA 1.07.0.1009www.malwarebytes.org Database version: v2014.03.26.01 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16521Richard :: RICHARD-PC [administrator] 3/25/2014 10:47:57 PMmbar-log-2014-03-25 (22-47-57).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 260882Time elapsed: 17 minute(s), 8 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end) system-log.txt
  19. cyclopean
    Here are the results Kevin. Things appeared to be moving snappy at first, but as I play around, there is latency launching browsers and applications - even closing them is problematic sometimes. There is even latency doing a restart. Thanks! ======================================================================================================================================================== Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014Ran by Richard at 2014-03-24 10:06:21 Run:1Running from C:\Users\Richard\DesktopBoot Mode: Normal============================================== Content of fixlist:*****************StartHKLM\...\Run: [ihefadl] - "C:\Users\Richard\AppData\Roaming\Xafoivug\namosec.exe"C:\Users\Richard\AppData\Roaming\XafoivugHKLM\...\Run: [usgimeyqufybkyy] - C:\Users\Richard\AppData\Roaming\Miinhy\novevo.exe [296126 2013-12-23] ()C:\Users\Richard\AppData\Roaming\MiinhyHKLM\...\Run: [beuqy] - C:\Users\Richard\AppData\Roaming\Piatymvy\inpoy.exe [299209 2013-12-26] ()C:\Users\Richard\AppData\Roaming\PiatymvyHKLM-x32\...\Run: [udahmaytuf] - "C:\Users\Richard\AppData\Roaming\Fyucqusy\koigsyi.exe"C:\Users\Richard\AppData\Roaming\FyucqusyHKLM-x32\...\Run: [usgimeyqufybkyy] - C:\Users\Richard\AppData\Roaming\Miinhy\novevo.exe [296126 2013-12-23] ()C:\Users\Richard\AppData\Roaming\MiinhyHKLM-x32\...\Run: [Xenekyvycac] - C:\Users\Richard\AppData\Roaming\Dofawy\zegaerl.exe [296126 2014-02-22] ()C:\Users\Richard\AppData\Roaming\DofawyHKLM-x32\...\Run: [Cokoofogcuiveq] - C:\Users\Richard\AppData\Roaming\Fyfecual\cueho.exe [304882 2013-09-14] ()C:\Users\Richard\AppData\Roaming\FyfecualHKLM-x32\...\Run: [Nixiydpop] - C:\Users\Richard\AppData\Roaming\Syalcero\ukocg.exe [304882 2013-07-29] ()HKLM-x32\...\Run: [beuqy] - C:\Users\Richard\AppData\Roaming\Piatymvy\inpoy.exe [299209 2013-12-26] ()C:\Users\Richard\AppData\Roaming\PiatymvyHKLM-x32\...\Run: [ihefadl] - "C:\Users\Richard\AppData\Roaming\Xafoivug\namosec.exe"C:\Users\Richard\AppData\Roaming\XafoivugHKU\S-1-5-21-2902050937-303955776-554964296-1000\...\Run: [cnqsvluq] - "C:\Users\Richard\AppData\Local\wwbhthva.exe"C:\Users\Richard\AppData\Local\wwbhthva.exeHKU\S-1-5-21-2902050937-303955776-554964296-1000\...\Run: [ocrmmcxa] - C:\Users\Richard\AppData\Local\kpbpivdt.exe [110592 2014-03-19] ()C:\Users\Richard\AppData\Local\kpbpivdt.exeHKU\S-1-5-21-2902050937-303955776-554964296-1000\...\Run: [jtcjwpur] - C:\Users\Richard\AppData\Local\aqucfugc.exe [106496 2014-03-20] ()C:\Users\Richard\AppData\Local\aqucfugc.exeHKU\S-1-5-21-2902050937-303955776-554964296-1000\...\Run: [oaeqltse] - C:\Users\Richard\AppData\Local\mgtkkvgh.exe [106496 2014-03-22] ()C:\Users\Richard\AppData\Local\mgtkkvgh.exeHKU\S-1-5-21-2902050937-303955776-554964296-1000\...\Run: [xdhsaitq] - C:\Users\Richard\AppData\Local\pmtbhdqk.exe [106496 2014-03-22] ()HKU\S-1-5-21-2902050937-303955776-554964296-1000\...\Run: [usgimeyqufybkyy] - C:\Users\Richard\AppData\Roaming\Miinhy\novevo.exe [296126 2013-12-23] ()C:\Users\Richard\AppData\Roaming\Miinhy\novevo.exeHKU\S-1-5-21-2902050937-303955776-554964296-1000\...\Run: [ckhistei] - C:\Users\Richard\AppData\Local\fioftvoc.exe [114688 2014-03-23] ()C:\Users\Richard\AppData\Local\fioftvoc.exeHKU\S-1-5-21-2902050937-303955776-554964296-1000\...\Run: [beuqy] - C:\Users\Richard\AppData\Roaming\Piatymvy\inpoy.exe [299209 2013-12-26] ()C:\Users\Richard\AppData\Roaming\Piatymvy\inpoy.exeHKU\S-1-5-21-2902050937-303955776-554964296-1000\...\Run: [ihefadl] - C:\Users\Richard\AppData\Roaming\Xafoivug\namosec.exeC:\Users\Richard\AppData\Roaming\Xafoivug\namosec.exeSearchScopes: HKCU - {B9194313-1CA3-4C3A-B5D0-CF4ACB4719D3} URL = http://search.condui...urce=45&UM=2&q={searchTerms}S3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X]C:\Users\Richard\FlightBeam_Phoenix Sky Harbor - HD.regC:\Users\Richard\FlightBeam_San Francisco X.regC:\Users\Richard\FSDreamTeam_Chicago Ohare.regC:\Users\Richard\FSDreamTeam_Dallas-Fort Worth.regC:\Users\Richard\FSDreamTeam_Geneva.regC:\Users\Richard\FSDreamTeam_GSX.regC:\Users\Richard\FSDreamTeam_JFK V2.regC:\Users\Richard\FSDreamTeam_JFK.regC:\Users\Richard\FSDreamTeam_KFLL.regC:\Users\Richard\FSDreamTeam_KLAS.regC:\Users\Richard\FSDreamTeam_Los Angeles V2.regC:\Users\Richard\FSDreamTeam_Vancouver CYVR.regC:\Users\Richard\FSDreamTeam_ZurichX.regC:\Users\Richard\QualityWings_Ultimate 757 Collection.regC:\Users\Richard\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exeC:\Users\Richard\AppData\Local\Temp\lowproc.exeC:\Users\Richard\AppData\Local\Temp\stubhelper.dllC:\Users\Richard\AppData\Local\Temp\UpdateFlashPlayer_1b831219.exeC:\Users\Richard\AppData\Local\Temp\UpdateFlashPlayer_2949ed18.exeC:\Users\Richard\AppData\Local\Temp\UpdateFlashPlayer_7d466054.exeC:\Users\Richard\AppData\Local\Temp\UpdateFlashPlayer_a5b6c43b.exeC:\Users\Richard\AppData\Local\Temp\UpdateFlashPlayer_d14764c5.exe2009-07-13 21:34 - 2013-06-07 00:08 - 00001943 ____A C:\Windows\system32\Drivers\etc\hostsTask: {89CED01B-5A42-48E2-8F52-E8C8EF129833} - System32\Tasks\0 => Iexplore.exe <==== ATTENTIONTask: {E01BF966-DF19-4C07-895A-39813EC57F4F} - System32\Tasks\4882 => Wscript.exe C:\Users\Richard\AppData\Local\Temp\launchie.vbs //B <==== ATTENTIONAlternateDataStreams: C:\ProgramData\TEMP:00934A10AlternateDataStreams: C:\ProgramData\TEMP:74603393End***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Ihefadl => Value deleted successfully.C:\Users\Richard\AppData\Roaming\Xafoivug => Moved successfully.HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Usgimeyqufybkyy => Value deleted successfully.C:\Users\Richard\AppData\Roaming\Miinhy => Moved successfully.HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Beuqy => Value deleted successfully.C:\Users\Richard\AppData\Roaming\Piatymvy => Moved successfully.HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Udahmaytuf => Value deleted successfully.C:\Users\Richard\AppData\Roaming\Fyucqusy => Moved successfully.HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Usgimeyqufybkyy => Value deleted successfully."C:\Users\Richard\AppData\Roaming\Miinhy" => File/Directory not found.HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Xenekyvycac => Value deleted successfully.C:\Users\Richard\AppData\Roaming\Dofawy => Moved successfully.HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Cokoofogcuiveq => Value deleted successfully.C:\Users\Richard\AppData\Roaming\Fyfecual => Moved successfully.HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Nixiydpop => Value deleted successfully.HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Beuqy => Value deleted successfully."C:\Users\Richard\AppData\Roaming\Piatymvy" => File/Directory not found.HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Ihefadl => Value deleted successfully."C:\Users\Richard\AppData\Roaming\Xafoivug" => File/Directory not found.HKU\S-1-5-21-2902050937-303955776-554964296-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cnqsvluq => Value deleted successfully."C:\Users\Richard\AppData\Local\wwbhthva.exe" => File/Directory not found.HKU\S-1-5-21-2902050937-303955776-554964296-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ocrmmcxa => Value deleted successfully.C:\Users\Richard\AppData\Local\kpbpivdt.exe => Moved successfully.HKU\S-1-5-21-2902050937-303955776-554964296-1000\Software\Microsoft\Windows\CurrentVersion\Run\\jtcjwpur => Value deleted successfully.C:\Users\Richard\AppData\Local\aqucfugc.exe => Moved successfully.HKU\S-1-5-21-2902050937-303955776-554964296-1000\Software\Microsoft\Windows\CurrentVersion\Run\\oaeqltse => Value deleted successfully.C:\Users\Richard\AppData\Local\mgtkkvgh.exe => Moved successfully.HKU\S-1-5-21-2902050937-303955776-554964296-1000\Software\Microsoft\Windows\CurrentVersion\Run\\xdhsaitq => Value deleted successfully.HKU\S-1-5-21-2902050937-303955776-554964296-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Usgimeyqufybkyy => Value deleted successfully."C:\Users\Richard\AppData\Roaming\Miinhy\novevo.exe" => File/Directory not found.HKU\S-1-5-21-2902050937-303955776-554964296-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ckhistei => Value deleted successfully.C:\Users\Richard\AppData\Local\fioftvoc.exe => Moved successfully.HKU\S-1-5-21-2902050937-303955776-554964296-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Beuqy => Value deleted successfully.C:\Users\Richard\AppData\Roaming\Piatymvy\inpoy.exe => Moved successfully.HKU\S-1-5-21-2902050937-303955776-554964296-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Ihefadl => Value deleted successfully."C:\Users\Richard\AppData\Roaming\Xafoivug\namosec.exe" => File/Directory not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B9194313-1CA3-4C3A-B5D0-CF4ACB4719D3} => Key deleted successfully.HKCR\CLSID\{B9194313-1CA3-4C3A-B5D0-CF4ACB4719D3} => Key not found.AsrCDDrv => Service deleted successfully.VGPU => Service deleted successfully.C:\Users\Richard\FlightBeam_Phoenix Sky Harbor - HD.reg => Moved successfully.C:\Users\Richard\FlightBeam_San Francisco X.reg => Moved successfully.C:\Users\Richard\FSDreamTeam_Chicago Ohare.reg => Moved successfully.C:\Users\Richard\FSDreamTeam_Dallas-Fort Worth.reg => Moved successfully.C:\Users\Richard\FSDreamTeam_Geneva.reg => Moved successfully.C:\Users\Richard\FSDreamTeam_GSX.reg => Moved successfully.C:\Users\Richard\FSDreamTeam_JFK V2.reg => Moved successfully.C:\Users\Richard\FSDreamTeam_JFK.reg => Moved successfully.C:\Users\Richard\FSDreamTeam_KFLL.reg => Moved successfully.C:\Users\Richard\FSDreamTeam_KLAS.reg => Moved successfully.C:\Users\Richard\FSDreamTeam_Los Angeles V2.reg => Moved successfully.C:\Users\Richard\FSDreamTeam_Vancouver CYVR.reg => Moved successfully.C:\Users\Richard\FSDreamTeam_ZurichX.reg => Moved successfully.C:\Users\Richard\QualityWings_Ultimate 757 Collection.reg => Moved successfully.C:\Users\Richard\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.C:\Users\Richard\AppData\Local\Temp\lowproc.exe => Moved successfully.C:\Users\Richard\AppData\Local\Temp\stubhelper.dll => Moved successfully.C:\Users\Richard\AppData\Local\Temp\UpdateFlashPlayer_1b831219.exe => Moved successfully.C:\Users\Richard\AppData\Local\Temp\UpdateFlashPlayer_2949ed18.exe => Moved successfully.C:\Users\Richard\AppData\Local\Temp\UpdateFlashPlayer_7d466054.exe => Moved successfully.C:\Users\Richard\AppData\Local\Temp\UpdateFlashPlayer_a5b6c43b.exe => Moved successfully.C:\Users\Richard\AppData\Local\Temp\UpdateFlashPlayer_d14764c5.exe => Moved successfully.C:\Windows\system32\Drivers\etc\hosts => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89CED01B-5A42-48E2-8F52-E8C8EF129833} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89CED01B-5A42-48E2-8F52-E8C8EF129833} => Key deleted successfully.C:\Windows\System32\Tasks\0 => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E01BF966-DF19-4C07-895A-39813EC57F4F} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E01BF966-DF19-4C07-895A-39813EC57F4F} => Key deleted successfully.C:\Windows\System32\Tasks\4882 => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4882 => Key deleted successfully.C:\ProgramData\TEMP => ":00934A10" ADS removed successfully.C:\ProgramData\TEMP => ":74603393" ADS removed successfully. ==== End of Fixlog ==== # AdwCleaner v3.022 - Report created 24/03/2014 at 21:35:44# Updated 13/03/2014 by Xplode# Operating System : Windows 7 Ultimate N Service Pack 1 (64 bits)# Username : Richard - RICHARD-PC# Running from : C:\Users\Richard\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\StarAppFolder Deleted : C:\ProgramData\Tarma InstallerFolder Deleted : C:\ProgramData\cOOntiNuetaosave ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbhoKey Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCSKey Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}Key Deleted : HKLM\Software\SProtectorKey Deleted : [x64] HKLM\SOFTWARE\Tarma Installer ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16521 -\\ Google Chrome v33.0.1750.154 [ File : C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2554 octets] - [24/03/2014 10:17:47]AdwCleaner[s0].txt - [2404 octets] - [24/03/2014 21:35:44] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2464 octets] ########## 2014/03/25 00:04:07 -0500 RICHARD-PC Richard IP-BLOCK 72.227.178.35 (Type: outgoing, Port: 49411, Process: explorer.exe)2014/03/25 00:04:56 -0500 RICHARD-PC Richard IP-BLOCK 72.227.178.35 (Type: outgoing, Port: 49836, Process: explorer.exe)2014/03/25 00:05:39 -0500 RICHARD-PC Richard IP-BLOCK 146.185.239.20 (Type: outgoing, Port: 50094, Process: svchost.exe)2014/03/25 00:10:49 -0500 RICHARD-PC Richard IP-BLOCK 146.185.239.20 (Type: outgoing, Port: 52675, Process: svchost.exe)2014/03/25 00:16:00 -0500 RICHARD-PC Richard IP-BLOCK 146.185.239.20 (Type: outgoing, Port: 57038, Process: svchost.exe)2014/03/25 00:21:17 -0500 RICHARD-PC Richard IP-BLOCK 146.185.239.20 (Type: outgoing, Port: 60201, Process: svchost.exe)2014/03/25 00:25:55 -0500 RICHARD-PC Richard IP-BLOCK 109.236.82.184 (Type: outgoing, Port: 63958, Process: inpoy.exe)2014/03/25 00:26:04 -0500 RICHARD-PC Richard IP-BLOCK 109.236.82.184 (Type: outgoing, Port: 64054, Process: inpoy.exe)2014/03/25 00:37:10 -0500 RICHARD-PC Richard DETECTION C:\Users\Richard\AppData\Local\xvdgxbkk.exe Trojan.Agent.ED QUARANTINE2014/03/25 00:41:49 -0500 RICHARD-PC Richard IP-BLOCK 146.185.239.20 (Type: outgoing, Port: 59465, Process: svchost.exe)2014/03/25 00:47:23 -0500 RICHARD-PC Richard IP-BLOCK 146.185.239.20 (Type: outgoing, Port: 63375, Process: svchost.exe)2014/03/25 00:52:37 -0500 RICHARD-PC Richard IP-BLOCK 146.185.239.20 (Type: outgoing, Port: 51009, Process: svchost.exe)2014/03/25 00:58:07 -0500 RICHARD-PC Richard IP-BLOCK 146.185.239.20 (Type: outgoing, Port: 54779, Process: svchost.exe)2014/03/25 01:03:27 -0500 RICHARD-PC Richard IP-BLOCK 146.185.239.20 (Type: outgoing, Port: 57119, Process: svchost.exe)2014/03/25 01:08:42 -0500 RICHARD-PC Richard IP-BLOCK 146.185.239.20 (Type: outgoing, Port: 60914, Process: svchost.exe)2014/03/25 01:14:08 -0500 RICHARD-PC Richard IP-BLOCK 146.185.239.20 (Type: outgoing, Port: 63633, Process: svchost.exe)2014/03/25 01:17:38 -0500 RICHARD-PC Richard MESSAGE Executing scheduled update: Daily2014/03/25 01:17:50 -0500 RICHARD-PC Richard MESSAGE Scheduled update executed successfully: database updated from version v2014.03.25.01 to version v2014.03.25.022014/03/25 01:17:50 -0500 RICHARD-PC Richard MESSAGE Starting database refresh2014/03/25 01:17:50 -0500 RICHARD-PC Richard MESSAGE Stopping IP protection2014/03/25 01:18:00 -0500 RICHARD-PC Richard MESSAGE IP Protection stopped successfully2014/03/25 01:24:58 -0500 RICHARD-PC Richard MESSAGE Database refreshed successfully2014/03/25 01:24:58 -0500 RICHARD-PC Richard MESSAGE Starting IP protection2014/03/25 01:25:04 -0500 RICHARD-PC Richard MESSAGE IP Protection started successfully2014/03/25 01:25:15 -0500 RICHARD-PC Richard IP-BLOCK 146.185.239.20 (Type: outgoing, Port: 51574, Process: svchost.exe)2014/03/25 02:01:55 -0500 RICHARD-PC Richard IP-BLOCK 96.228.234.199 (Type: outgoing, Port: 62696, Process: explorer.exe)2014/03/25 02:02:11 -0500 RICHARD-PC Richard IP-BLOCK 46.163.172.235 (Type: outgoing, Port: 62764, Process: explorer.exe)2014/03/25 02:02:28 -0500 RICHARD-PC Richard IP-BLOCK 109.86.215.143 (Type: outgoing, Port: 62883, Process: explorer.exe)2014/03/25 02:02:44 -0500 RICHARD-PC Richard IP-BLOCK 72.225.139.217 (Type: outgoing, Port: 62940, Process: explorer.exe)2014/03/25 02:04:54 -0500 RICHARD-PC Richard IP-BLOCK 109.86.215.143 (Type: outgoing, Port: 63446, Process: explorer.exe)2014/03/25 02:04:54 -0500 RICHARD-PC Richard IP-BLOCK 72.225.139.217 (Type: outgoing, Port: 63448, Process: explorer.exe)2014/03/25 02:07:50 -0500 RICHARD-PC Richard IP-BLOCK 109.86.215.143 (Type: outgoing, Port: 63711, Process: explorer.exe)2014/03/25 02:07:50 -0500 RICHARD-PC Richard IP-BLOCK 72.225.139.217 (Type: outgoing, Port: 63751, Process: explorer.exe)2014/03/25 02:10:23 -0500 RICHARD-PC Richard DETECTION C:\Users\Richard\AppData\Roaming\Miinhy\novevo.exe Spyware.Zbot QUARANTINE2014/03/25 02:10:23 -0500 RICHARD-PC Richard ERROR Quarantine failed: DeleteFile failed with error code 52014/03/25 02:21:59 -0500 RICHARD-PC Richard DETECTION C:\Users\Richard\AppData\Roaming\Miinhy\novevo.exe Spyware.Zbot QUARANTINE2014/03/25 02:21:59 -0500 RICHARD-PC Richard ERROR Quarantine failed: DeleteFile failed with error code 52014/03/25 02:22:21 -0500 RICHARD-PC Richard DETECTION C:\Users\Richard\AppData\Roaming\Miinhy\novevo.exe Spyware.Zbot QUARANTINE2014/03/25 02:22:21 -0500 RICHARD-PC Richard ERROR Quarantine failed: DeleteFile failed with error code 52014/03/25 02:22:35 -0500 RICHARD-PC Richard DETECTION C:\Users\Richard\AppData\Roaming\Miinhy\novevo.exe Spyware.Zbot QUARANTINE2014/03/25 02:22:35 -0500 RICHARD-PC Richard ERROR Quarantine failed: DeleteFile failed with error code 52014/03/25 02:23:01 -0500 RICHARD-PC Richard IP-BLOCK 88.214.193.174 (Type: outgoing, Port: 56861, Process: explorer.exe)2014/03/25 02:23:18 -0500 RICHARD-PC Richard IP-BLOCK 109.86.215.143 (Type: outgoing, Port: 57364, Process: explorer.exe)2014/03/25 02:23:18 -0500 RICHARD-PC Richard IP-BLOCK 72.225.139.217 (Type: outgoing, Port: 57379, Process: explorer.exe)2014/03/25 02:24:06 -0500 RICHARD-PC Richard IP-BLOCK 88.214.193.174 (Type: outgoing, Port: 57986, Process: inpoy.exe)2014/03/25 02:31:13 -0500 RICHARD-PC Richard IP-BLOCK 88.214.193.174 (Type: outgoing, Port: 61751, Process: inpoy.exe)2014/03/25 02:32:10 -0500 RICHARD-PC Richard IP-BLOCK 88.214.193.174 (Type: outgoing, Port: 62288, Process: explorer.exe)2014/03/25 02:33:15 -0500 RICHARD-PC Richard IP-BLOCK 88.214.193.174 (Type: outgoing, Port: 64024, Process: explorer.exe)2014/03/25 02:48:02 -0500 RICHARD-PC Richard DETECTION C:\Users\Richard\AppData\Roaming\Miinhy\novevo.exe Spyware.Zbot QUARANTINE2014/03/25 02:48:03 -0500 RICHARD-PC Richard ERROR Quarantine failed: DeleteFile failed with error code 52014/03/25 02:56:25 -0500 RICHARD-PC Richard IP-BLOCK 109.202.21.156 (Type: outgoing, Port: 55850, Process: explorer.exe)2014/03/25 02:56:25 -0500 RICHARD-PC Richard IP-BLOCK 95.78.166.17 (Type: outgoing, Port: 55852, Process: explorer.exe)2014/03/25 02:57:44 -0500 RICHARD-PC Richard DETECTION C:\Users\Richard\AppData\Roaming\Miinhy\novevo.exe Spyware.Zbot QUARANTINE2014/03/25 02:57:44 -0500 RICHARD-PC Richard ERROR Quarantine failed: DeleteFile failed with error code 52014/03/25 02:57:49 -0500 RICHARD-PC Richard DETECTION C:\Users\Richard\AppData\Roaming\Miinhy\novevo.exe Spyware.Zbot QUARANTINE2014/03/25 02:57:49 -0500 RICHARD-PC Richard ERROR Quarantine failed: DeleteFile failed with error code 52014/03/25 02:58:26 -0500 RICHARD-PC Richard IP-BLOCK 72.225.139.217 (Type: outgoing, Port: 57199, Process: explorer.exe)2014/03/25 02:59:15 -0500 RICHARD-PC Richard IP-BLOCK 192.133.137.15 (Type: outgoing, Port: 57930, Process: explorer.exe)2014/03/25 02:59:15 -0500 RICHARD-PC Richard IP-BLOCK 192.133.137.15 (Type: outgoing, Port: 57974, Process: explorer.exe)2014/03/25 02:59:23 -0500 RICHARD-PC Richard IP-BLOCK 109.202.21.156 (Type: outgoing, Port: 58221, Process: explorer.exe)2014/03/25 02:59:23 -0500 RICHARD-PC Richard IP-BLOCK 95.78.166.17 (Type: outgoing, Port: 58236, Process: explorer.exe)2014/03/25 03:01:19 -0500 RICHARD-PC Richard DETECTION C:\Users\Richard\AppData\Roaming\Miinhy\novevo.exe Spyware.Zbot QUARANTINE2014/03/25 03:01:19 -0500 RICHARD-PC Richard ERROR Quarantine failed: DeleteFile failed with error code 52014/03/25 03:01:32 -0500 RICHARD-PC Richard IP-BLOCK 72.225.139.217 (Type: outgoing, Port: 60123, Process: explorer.exe)2014/03/25 03:01:32 -0500 RICHARD-PC Richard IP-BLOCK 109.202.21.156 (Type: outgoing, Port: 60128, Process: explorer.exe)2014/03/25 03:01:32 -0500 RICHARD-PC Richard IP-BLOCK 95.78.166.17 (Type: outgoing, Port: 60133, Process: explorer.exe)2014/03/25 03:04:22 -0500 RICHARD-PC Richard IP-BLOCK 62.122.110.119 (Type: outgoing, Port: 62323, Process: explorer.exe)2014/03/25 03:06:27 -0500 RICHARD-PC Richard IP-BLOCK 188.231.147.199 (Type: outgoing, Port: 63085, Process: explorer.exe)2014/03/25 03:06:27 -0500 RICHARD-PC Richard IP-BLOCK 188.239.5.123 (Type: outgoing, Port: 63086, Process: explorer.exe)2014/03/25 03:06:27 -0500 RICHARD-PC Richard IP-BLOCK 62.16.38.131 (Type: outgoing, Port: 63087, Process: explorer.exe)2014/03/25 03:13:28 -0500 RICHARD-PC Richard IP-BLOCK 192.133.137.15 (Type: outgoing, Port: 64539, Process: explorer.exe)2014/03/25 03:13:28 -0500 RICHARD-PC Richard IP-BLOCK 192.133.137.15 (Type: outgoing, Port: 64540, Process: explorer.exe)2014/03/25 03:13:28 -0500 RICHARD-PC Richard IP-BLOCK 192.133.137.15 (Type: outgoing, Port: 64550, Process: explorer.exe)2014/03/25 03:13:28 -0500 RICHARD-PC Richard IP-BLOCK 192.133.137.15 (Type: outgoing, Port: 64554, Process: explorer.exe)2014/03/25 03:13:28 -0500 RICHARD-PC Richard IP-BLOCK 192.133.137.15 (Type: outgoing, Port: 64556, Process: explorer.exe)2014/03/25 03:14:38 -0500 RICHARD-PC Richard DETECTION C:\Users\Richard\AppData\Roaming\Miinhy\novevo.exe Spyware.Zbot QUARANTINE2014/03/25 03:14:39 -0500 RICHARD-PC Richard ERROR Quarantine failed: DeleteFile failed with error code 52014/03/25 03:14:47 -0500 RICHARD-PC Richard DETECTION C:\Users\Richard\AppData\Roaming\Miinhy\novevo.exe Spyware.Zbot QUARANTINE2014/03/25 03:14:47 -0500 RICHARD-PC Richard ERROR Quarantine failed: DeleteFile failed with error code 52014/03/25 03:15:31 -0500 RICHARD-PC Richard DETECTION C:\Users\Richard\AppData\Roaming\Miinhy\novevo.exe Spyware.Zbot QUARANTINE2014/03/25 03:15:31 -0500 RICHARD-PC Richard ERROR Quarantine failed: DeleteFile failed with error code 52014/03/25 03:16:02 -0500 RICHARD-PC Richard IP-BLOCK 192.133.137.15 (Type: outgoing, Port: 49348, Process: inpoy.exe)2014/03/25 03:16:02 -0500 RICHARD-PC Richard IP-BLOCK 192.133.137.15 (Type: outgoing, Port: 49388, Process: inpoy.exe)2014/03/25 03:16:13 -0500 RICHARD-PC Richard DETECTION C:\Users\Richard\AppData\Roaming\Syalcero\ukocg.exe Spyware.Zbot QUARANTINE2014/03/25 03:16:18 -0500 RICHARD-PC Richard DETECTION c:\users\richard\appdata\roaming\syalcero\ukocg.exe Spyware.Zbot QUARANTINE2014/03/25 03:16:18 -0500 RICHARD-PC Richard ERROR Quarantine failed: SDKQuarantine failed with error code 22014/03/25 03:17:07 -0500 RICHARD-PC Richard IP-BLOCK 192.133.137.15 (Type: outgoing, Port: 49854, Process: inpoy.exe)2014/03/25 03:17:59 -0500 RICHARD-PC Richard DETECTION c:\users\richard\appdata\roaming\syalcero\ukocg.exe Spyware.Zbot QUARANTINE2014/03/25 03:17:59 -0500 RICHARD-PC Richard ERROR Quarantine failed: SDKQuarantine failed with error code 22014/03/25 03:19:48 -0500 RICHARD-PC Richard IP-BLOCK 192.133.137.15 (Type: outgoing, Port: 51181, Process: explorer.exe)2014/03/25 03:25:07 -0500 RICHARD-PC Richard DETECTION c:\users\richard\appdata\roaming\syalcero\ukocg.exe Spyware.Zbot QUARANTINE2014/03/25 03:25:07 -0500 RICHARD-PC Richard ERROR Quarantine failed: SDKQuarantine failed with error code 22014/03/25 03:28:22 -0500 RICHARD-PC Richard IP-BLOCK 78.140.143.46 (Type: outgoing, Port: 56347, Process: inpoy.exe)2014/03/25 03:37:40 -0500 RICHARD-PC Richard DETECTION C:\Users\Richard\AppData\Roaming\Miinhy\novevo.exe Spyware.Zbot QUARANTINE2014/03/25 03:37:40 -0500 RICHARD-PC Richard ERROR Quarantine failed: DeleteFile failed with error code 52014/03/25 03:37:44 -0500 RICHARD-PC Richard DETECTION c:\users\richard\appdata\roaming\syalcero\ukocg.exe Spyware.Zbot QUARANTINE2014/03/25 03:37:44 -0500 RICHARD-PC Richard ERROR Quarantine failed: SDKQuarantine failed with error code 22014/03/25 03:42:54 -0500 RICHARD-PC Richard DETECTION C:\Users\Richard\AppData\Roaming\Miinhy\novevo.exe Spyware.Zbot QUARANTINE2014/03/25 03:42:54 -0500 RICHARD-PC Richard ERROR Quarantine failed: DeleteFile failed with error code 52014/03/25 03:46:20 -0500 RICHARD-PC Richard DETECTION c:\users\richard\appdata\roaming\syalcero\ukocg.exe Spyware.Zbot QUARANTINE2014/03/25 03:46:20 -0500 RICHARD-PC Richard ERROR Quarantine failed: SDKQuarantine failed with error code 22014/03/25 03:49:59 -0500 RICHARD-PC Richard DETECTION C:\Users\Richard\AppData\Roaming\Miinhy\novevo.exe Spyware.Zbot QUARANTINE2014/03/25 03:49:59 -0500 RICHARD-PC Richard ERROR Quarantine failed: DeleteFile failed with error code 52014/03/25 03:50:02 -0500 RICHARD-PC Richard DETECTION c:\users\richard\appdata\roaming\syalcero\ukocg.exe Spyware.Zbot QUARANTINE2014/03/25 03:50:02 -0500 RICHARD-PC Richard ERROR Quarantine failed: SDKQuarantine failed with error code 22014/03/25 03:50:59 -0500 RICHARD-PC Richard DETECTION C:\Users\Richard\AppData\Roaming\Miinhy\novevo.exe Spyware.Zbot QUARANTINE2014/03/25 03:50:59 -0500 RICHARD-PC Richard ERROR Quarantine failed: DeleteFile failed with error code 52014/03/25 03:51:02 -0500 RICHARD-PC Richard DETECTION c:\users\richard\appdata\roaming\syalcero\ukocg.exe Spyware.Zbot QUARANTINE2014/03/25 03:51:02 -0500 RICHARD-PC Richard ERROR Quarantine failed: SDKQuarantine failed with error code 22014/03/25 03:59:46 -0500 RICHARD-PC (null) MESSAGE Starting protection2014/03/25 03:59:46 -0500 RICHARD-PC (null) MESSAGE Protection started successfully2014/03/25 03:59:46 -0500 RICHARD-PC (null) MESSAGE Starting IP protection2014/03/25 03:59:47 -0500 RICHARD-PC (null) MESSAGE IP Protection started successfully2014/03/25 04:03:00 -0500 RICHARD-PC Richard IP-BLOCK 176.73.253.215 (Type: outgoing, Port: 49238, Process: osiziz.exe)2014/03/25 04:08:44 -0500 RICHARD-PC Richard IP-BLOCK 176.73.253.215 (Type: outgoing, Port: 51042, Process: explorer.exe)2014/03/25 04:10:07 -0500 RICHARD-PC Richard IP-BLOCK 146.185.239.20 (Type: outgoing, Port: 52135, Process: svchost.exe)2014/03/25 04:15:30 -0500 RICHARD-PC Richard IP-BLOCK 146.185.239.20 (Type: outgoing, Port: 55156, Process: svchost.exe)2014/03/25 04:20:48 -0500 RICHARD-PC Richard IP-BLOCK 146.185.239.20 (Type: outgoing, Port: 55585, Process: svchost.exe)2014/03/25 04:22:22 -0500 RICHARD-PC (null) MESSAGE Starting protection2014/03/25 04:22:22 -0500 RICHARD-PC (null) MESSAGE Protection started successfully2014/03/25 04:22:22 -0500 RICHARD-PC (null) MESSAGE Starting IP protection2014/03/25 04:22:23 -0500 RICHARD-PC (null) MESSAGE IP Protection started successfully2014/03/25 04:28:46 -0500 RICHARD-PC Richard IP-BLOCK 83.242.229.18 (Type: outgoing, Port: 49433, Process: explorer.exe)2014/03/25 04:30:57 -0500 RICHARD-PC Richard IP-BLOCK 80.255.144.237 (Type: outgoing, Port: 50661, Process: inpoy.exe)2014/03/25 04:31:54 -0500 RICHARD-PC Richard IP-BLOCK 80.255.144.237 (Type: outgoing, Port: 51285, Process: inpoy.exe)2014/03/25 04:32:43 -0500 RICHARD-PC Richard IP-BLOCK 146.185.239.20 (Type: outgoing, Port: 51688, Process: svchost.exe)2014/03/25 04:37:38 -0500 RICHARD-PC Richard IP-BLOCK 88.214.193.77 (Type: outgoing, Port: 53985, Process: explorer.exe)2014/03/25 04:37:38 -0500 RICHARD-PC Richard IP-BLOCK 88.214.193.77 (Type: outgoing, Port: 53986, Process: explorer.exe)2014/03/25 04:38:10 -0500 RICHARD-PC Richard IP-BLOCK 146.185.239.20 (Type: outgoing, Port: 54628, Process: svchost.exe)2014/03/25 04:40:36 -0500 RICHARD-PC Richard DETECTION C:\Users\Richard\AppData\Local\pogedwtv.exe Trojan.Agent.ED QUARANTINE2014/03/25 04:43:23 -0500 RICHARD-PC Richard IP-BLOCK 146.185.239.20 (Type: outgoing, Port: 58110, Process: svchost.exe)2014/03/25 04:48:39 -0500 RICHARD-PC Richard IP-BLOCK 146.185.239.20 (Type: outgoing, Port: 61256, Process: svchost.exe)2014/03/25 04:54:09 -0500 RICHARD-PC Richard IP-BLOCK 146.185.239.20 (Type: outgoing, Port: 49598, Process: svchost.exe)2014/03/25 04:59:15 -0500 RICHARD-PC Richard IP-BLOCK 146.185.239.20 (Type: outgoing, Port: 53016, Process: svchost.exe)2014/03/25 05:04:15 -0500 RICHARD-PC Richard IP-BLOCK 146.185.239.20 (Type: outgoing, Port: 57219, Process: svchost.exe)2014/03/25 05:09:41 -0500 RICHARD-PC Richard IP-BLOCK 146.185.239.20 (Type: outgoing, Port: 49505, Process: svchost.exe)2014/03/25 05:15:14 -0500 RICHARD-PC Richard IP-BLOCK 146.185.239.20 (Type: outgoing, Port: 56818, Process: svchost.exe)2014/03/25 05:20:48 -0500 RICHARD-PC Richard IP-BLOCK 146.185.239.20 (Type: outgoing, Port: 64826, Process: svchost.exe)2014/03/25 05:26:03 -0500 RICHARD-PC Richard IP-BLOCK 146.185.239.20 (Type: outgoing, Port: 55008, Process: svchost.exe)2014/03/25 05:28:20 -0500 RICHARD-PC (null) MESSAGE Starting protection2014/03/25 05:28:21 -0500 RICHARD-PC (null) MESSAGE Protection started successfully2014/03/25 05:28:21 -0500 RICHARD-PC (null) MESSAGE Starting IP protection2014/03/25 05:28:22 -0500 RICHARD-PC (null) MESSAGE IP Protection started successfully2014/03/25 05:35:23 -0500 RICHARD-PC Richard IP-BLOCK 192.133.137.15 (Type: outgoing, Port: 49295, Process: osiziz.exe)2014/03/25 05:41:24 -0500 RICHARD-PC Richard IP-BLOCK 146.185.239.20 (Type: outgoing, Port: 52579, Process: svchost.exe) CKScanner 2.4 - Additional Security Risks - These are not necessarily badscanner sequence 3.MN.11.CNAPXZ ----- EOF -----
  20. cyclopean
    Thanks for your help Kevin! Here are the reports: ============================================================================================== Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2014.03.24.01 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16521Richard :: RICHARD-PC [administrator] Protection: Enabled 3/23/2014 10:12:25 PMMBAM-log-2014-03-23 (22-32-52).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 318485Time elapsed: 15 minute(s), 38 second(s) Memory Processes Detected: 7C:\Windows\SysWOW64\vointa.exe (Trojan.Zbot.RSE) -> 2092 -> No action taken.C:\Users\Richard\AppData\Roaming\Xafoivug\namosec.exe (Trojan.Zbot.RSE) -> 8992 -> No action taken.C:\Windows\SysWOW64\inwemyiq.exe (Trojan.Agent.SCS) -> 18156 -> No action taken.C:\Windows\SysWOW64\ifavsyromi.exe (Trojan.Agent.SCS) -> 5112 -> No action taken.C:\Windows\SysWOW64\olnusidi.exe (Trojan.Agent.SCS) -> 9296 -> No action taken.C:\Windows\SysWOW64\toarniep.exe (Trojan.Agent.SCS) -> 17388 -> No action taken.C:\Windows\SysWOW64\zoaxsyakzy.exe (Trojan.Agent.SCS) -> 6684 -> No action taken. Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 6HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer8202235 (Trojan.Zbot.RSE) -> No action taken.HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1643077630 (Trojan.Agent.SCS) -> No action taken.HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer214126202 (Trojan.Agent.SCS) -> No action taken.HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2588727021 (Trojan.Agent.SCS) -> No action taken.HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2836789679 (Trojan.Agent.SCS) -> No action taken.HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3055749110 (Trojan.Agent.SCS) -> No action taken. Registry Values Detected: 2HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ihefadl (Trojan.Zbot.RSE) -> Data: C:\Users\Richard\AppData\Roaming\Xafoivug\namosec.exe -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ihefadl (Trojan.Zbot.RSE) -> Data: C:\Users\Richard\AppData\Roaming\Xafoivug\namosec.exe -> No action taken. Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 18C:\Windows\SysWOW64\vointa.exe (Trojan.Zbot.RSE) -> No action taken.C:\Users\Richard\AppData\Roaming\Xafoivug\namosec.exe (Trojan.Zbot.RSE) -> No action taken.C:\Windows\System32\vointa.exe (Trojan.Zbot.RSE) -> No action taken.C:\Users\Richard\AppData\Local\Temp\UpdateFlashPlayer_063c68dc.exe (Trojan.Agent.ED) -> No action taken.C:\Users\Richard\AppData\Local\Temp\UpdateFlashPlayer_11b0f7b5.exe (Trojan.Zbot.EC) -> No action taken.C:\Users\Richard\AppData\Local\Temp\UpdateFlashPlayer_19da3e72.exe (Trojan.Zbot.RSE) -> No action taken.C:\Users\Richard\AppData\Local\Temp\UpdateFlashPlayer_3a2dace3.exe (Trojan.Inject.ED) -> No action taken.C:\Users\Richard\AppData\Local\Temp\UpdateFlashPlayer_6a26bb02.exe (Trojan.Inject.ED) -> No action taken.C:\Windows\Tasks\Security Center Update - 1643077630.job (Trojan.Agent.RvGen) -> No action taken.C:\Windows\Tasks\Security Center Update - 214126202.job (Trojan.Agent.RvGen) -> No action taken.C:\Windows\Tasks\Security Center Update - 2588727021.job (Trojan.Agent.RvGen) -> No action taken.C:\Windows\Tasks\Security Center Update - 2836789679.job (Trojan.Agent.RvGen) -> No action taken.C:\Windows\Tasks\Security Center Update - 3055749110.job (Trojan.Agent.RvGen) -> No action taken.C:\Windows\SysWOW64\inwemyiq.exe (Trojan.Agent.SCS) -> No action taken.C:\Windows\SysWOW64\ifavsyromi.exe (Trojan.Agent.SCS) -> No action taken.C:\Windows\SysWOW64\olnusidi.exe (Trojan.Agent.SCS) -> No action taken.C:\Windows\SysWOW64\toarniep.exe (Trojan.Agent.SCS) -> No action taken.C:\Windows\SysWOW64\zoaxsyakzy.exe (Trojan.Agent.SCS) -> No action taken. (end) Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2014.03.24.01 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16521Richard :: RICHARD-PC [administrator] Protection: Enabled 3/23/2014 10:12:25 PMmbam-log-2014-03-23 (22-12-25).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 318485Time elapsed: 15 minute(s), 38 second(s) Memory Processes Detected: 7C:\Windows\SysWOW64\vointa.exe (Trojan.Zbot.RSE) -> 2092 -> Delete on reboot.C:\Users\Richard\AppData\Roaming\Xafoivug\namosec.exe (Trojan.Zbot.RSE) -> 8992 -> Delete on reboot.C:\Windows\SysWOW64\inwemyiq.exe (Trojan.Agent.SCS) -> 18156 -> Delete on reboot.C:\Windows\SysWOW64\ifavsyromi.exe (Trojan.Agent.SCS) -> 5112 -> Delete on reboot.C:\Windows\SysWOW64\olnusidi.exe (Trojan.Agent.SCS) -> 9296 -> Delete on reboot.C:\Windows\SysWOW64\toarniep.exe (Trojan.Agent.SCS) -> 17388 -> Delete on reboot.C:\Windows\SysWOW64\zoaxsyakzy.exe (Trojan.Agent.SCS) -> 6684 -> Delete on reboot. Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 6HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer8202235 (Trojan.Zbot.RSE) -> Quarantined and deleted successfully.HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1643077630 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer214126202 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2588727021 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2836789679 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3055749110 (Trojan.Agent.SCS) -> Quarantined and deleted successfully. Registry Values Detected: 2HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ihefadl (Trojan.Zbot.RSE) -> Data: C:\Users\Richard\AppData\Roaming\Xafoivug\namosec.exe -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ihefadl (Trojan.Zbot.RSE) -> Data: C:\Users\Richard\AppData\Roaming\Xafoivug\namosec.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 18C:\Windows\SysWOW64\vointa.exe (Trojan.Zbot.RSE) -> Delete on reboot.C:\Users\Richard\AppData\Roaming\Xafoivug\namosec.exe (Trojan.Zbot.RSE) -> Delete on reboot.C:\Windows\System32\vointa.exe (Trojan.Zbot.RSE) -> Delete on reboot.C:\Users\Richard\AppData\Local\Temp\UpdateFlashPlayer_063c68dc.exe (Trojan.Agent.ED) -> Quarantined and deleted successfully.C:\Users\Richard\AppData\Local\Temp\UpdateFlashPlayer_11b0f7b5.exe (Trojan.Zbot.EC) -> Quarantined and deleted successfully.C:\Users\Richard\AppData\Local\Temp\UpdateFlashPlayer_19da3e72.exe (Trojan.Zbot.RSE) -> Quarantined and deleted successfully.C:\Users\Richard\AppData\Local\Temp\UpdateFlashPlayer_3a2dace3.exe (Trojan.Inject.ED) -> Quarantined and deleted successfully.C:\Users\Richard\AppData\Local\Temp\UpdateFlashPlayer_6a26bb02.exe (Trojan.Inject.ED) -> Quarantined and deleted successfully.C:\Windows\Tasks\Security Center Update - 1643077630.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.C:\Windows\Tasks\Security Center Update - 214126202.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.C:\Windows\Tasks\Security Center Update - 2588727021.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.C:\Windows\Tasks\Security Center Update - 2836789679.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.C:\Windows\Tasks\Security Center Update - 3055749110.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.C:\Windows\SysWOW64\inwemyiq.exe (Trojan.Agent.SCS) -> Delete on reboot.C:\Windows\SysWOW64\ifavsyromi.exe (Trojan.Agent.SCS) -> Delete on reboot.C:\Windows\SysWOW64\olnusidi.exe (Trojan.Agent.SCS) -> Delete on reboot.C:\Windows\SysWOW64\toarniep.exe (Trojan.Agent.SCS) -> Delete on reboot.C:\Windows\SysWOW64\zoaxsyakzy.exe (Trojan.Agent.SCS) -> Delete on reboot. (end) Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014Ran by Richard (administrator) on RICHARD-PC on 23-03-2014 23:09:16Running from C:\Users\Richard\DesktopWindows 7 Ultimate N Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe(AMD) C:\Windows\system32\atieclxx.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe() C:\Users\Richard\AppData\Roaming\Piatymvy\inpoy.exe() C:\Users\Richard\AppData\Roaming\Piatymvy\inpoy.exe() C:\Users\Richard\AppData\Roaming\Piatymvy\inpoy.exe() C:\Users\Richard\AppData\Roaming\Piatymvy\inpoy.exe() C:\Users\Richard\AppData\Roaming\Miinhy\novevo.exe() C:\Users\Richard\AppData\Roaming\Piatymvy\inpoy.exe() C:\Users\Richard\AppData\Roaming\Piatymvy\inpoy.exe() C:\Users\Richard\AppData\Roaming\Piatymvy\inpoy.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)HKLM\...\Run: [ihefadl] - "C:\Users\Richard\AppData\Roaming\Xafoivug\namosec.exe"HKLM\...\Run: [usgimeyqufybkyy] - C:\Users\Richard\AppData\Roaming\Miinhy\novevo.exe [296126 2013-12-23] ()HKLM\...\Run: [beuqy] - C:\Users\Richard\AppData\Roaming\Piatymvy\inpoy.exe [299209 2013-12-26] ()HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2011-09-20] (Nero AG)HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-13] (RealNetworks, Inc.)HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [iJNetworkScanUtility] - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-24] (CANON INC.)HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)HKLM-x32\...\Run: [udahmaytuf] - "C:\Users\Richard\AppData\Roaming\Fyucqusy\koigsyi.exe"HKLM-x32\...\Run: [usgimeyqufybkyy] - C:\Users\Richard\AppData\Roaming\Miinhy\novevo.exe [296126 2013-12-23] ()HKLM-x32\...\Run: [Xenekyvycac] - C:\Users\Richard\AppData\Roaming\Dofawy\zegaerl.exe [296126 2014-02-22] ()HKLM-x32\...\Run: [Cokoofogcuiveq] - C:\Users\Richard\AppData\Roaming\Fyfecual\cueho.exe [304882 2013-09-14] ()HKLM-x32\...\Run: [Nixiydpop] - C:\Users\Richard\AppData\Roaming\Syalcero\ukocg.exe [304882 2013-07-29] ()HKLM-x32\...\Run: [beuqy] - C:\Users\Richard\AppData\Roaming\Piatymvy\inpoy.exe [299209 2013-12-26] ()HKLM-x32\...\Run: [ihefadl] - "C:\Users\Richard\AppData\Roaming\Xafoivug\namosec.exe"HKU\S-1-5-21-2902050937-303955776-554964296-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-05-28] (Google Inc.)HKU\S-1-5-21-2902050937-303955776-554964296-1000\...\Run: [Google Update] - C:\Users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-13] (Google Inc.)HKU\S-1-5-21-2902050937-303955776-554964296-1000\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)HKU\S-1-5-21-2902050937-303955776-554964296-1000\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)HKU\S-1-5-21-2902050937-303955776-554964296-1000\...\Run: [cnqsvluq] - "C:\Users\Richard\AppData\Local\wwbhthva.exe"HKU\S-1-5-21-2902050937-303955776-554964296-1000\...\Run: [ocrmmcxa] - C:\Users\Richard\AppData\Local\kpbpivdt.exe [110592 2014-03-19] ()HKU\S-1-5-21-2902050937-303955776-554964296-1000\...\Run: [jtcjwpur] - C:\Users\Richard\AppData\Local\aqucfugc.exe [106496 2014-03-20] ()HKU\S-1-5-21-2902050937-303955776-554964296-1000\...\Run: [oaeqltse] - C:\Users\Richard\AppData\Local\mgtkkvgh.exe [106496 2014-03-22] ()HKU\S-1-5-21-2902050937-303955776-554964296-1000\...\Run: [xdhsaitq] - C:\Users\Richard\AppData\Local\pmtbhdqk.exe [106496 2014-03-22] ()HKU\S-1-5-21-2902050937-303955776-554964296-1000\...\Run: [usgimeyqufybkyy] - C:\Users\Richard\AppData\Roaming\Miinhy\novevo.exe [296126 2013-12-23] ()HKU\S-1-5-21-2902050937-303955776-554964296-1000\...\Run: [ckhistei] - C:\Users\Richard\AppData\Local\fioftvoc.exe [114688 2014-03-23] ()HKU\S-1-5-21-2902050937-303955776-554964296-1000\...\Run: [beuqy] - C:\Users\Richard\AppData\Roaming\Piatymvy\inpoy.exe [299209 2013-12-26] ()HKU\S-1-5-21-2902050937-303955776-554964296-1000\...\Run: [ihefadl] - C:\Users\Richard\AppData\Roaming\Xafoivug\namosec.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAE49739D165CCE01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usURLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No FileSearchScopes: HKCU - {369F37B6-421E-40D3-BCF2-E9BD155FEAC4} URL = http://us.yhs4.search.yahoo.com/yhs/search?p={searchTerms}&ei=UTF-8&hspart=w3i&hsimp=yhs-synd1&type=W3i_DS,221,0_0,Search,20130625,0,0,6,7635SearchScopes: HKCU - {B9194313-1CA3-4C3A-B5D0-CF4ACB4719D3} URL = http://search.conduit.com/Results.aspx?ctid=CT3300019&SearchSource=45&UM=2&q={searchTerms}BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabHandler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No FileHandler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.1.254 Chrome: =======CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No FileCHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No FileCHR Extension: (YouTube) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-12]CHR Extension: (Google Search) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-12]CHR Extension: (RealDownloader) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-09-13]CHR Extension: (Google Wallet) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]CHR Extension: (Gmail) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-12]CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] ==================== Services (Whitelisted) ================= R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () ==================== Drivers (Whitelisted) ==================== R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-03-23] ()S3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-23 23:03 - 2014-03-23 23:05 - 00047571 _____ () C:\Users\Richard\Desktop\Addition.txt2014-03-23 23:01 - 2014-03-23 23:09 - 00017114 _____ () C:\Users\Richard\Desktop\FRST.txt2014-03-23 22:58 - 2014-03-23 23:09 - 00000000 ____D () C:\FRST2014-03-23 22:40 - 2014-03-23 22:40 - 02157056 _____ (Farbar) C:\Users\Richard\Desktop\FRST64.exe2014-03-23 21:57 - 2014-03-23 21:57 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Piatymvy2014-03-23 16:51 - 2014-03-23 16:51 - 00114688 _____ () C:\Users\Richard\AppData\Local\fioftvoc.exe2014-03-23 16:39 - 2014-03-23 16:39 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Syalcero2014-03-23 04:37 - 2014-03-23 04:37 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Fyfecual2014-03-23 00:43 - 2014-03-23 00:43 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Dofawy2014-03-22 21:12 - 2014-03-22 21:12 - 00106496 _____ () C:\Users\Richard\AppData\Local\pmtbhdqk.exe2014-03-22 21:12 - 2014-03-22 21:12 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Miinhy2014-03-22 10:03 - 2014-03-22 10:03 - 00688992 ____R (Swearware) C:\Users\Richard\Desktop\dds.scr2014-03-22 07:00 - 2014-03-22 07:00 - 00005911 _____ () C:\Users\Richard\AppData\Local\lcqibmel2014-03-22 05:29 - 2014-03-22 05:29 - 00106496 _____ () C:\Users\Richard\AppData\Local\mgtkkvgh.exe2014-03-21 14:39 - 2014-03-21 14:39 - 00005911 _____ () C:\Users\Richard\AppData\Local\gvupnbox2014-03-21 02:00 - 2014-03-23 22:40 - 00003348 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2902050937-303955776-554964296-10002014-03-21 01:59 - 2014-03-23 22:37 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp2014-03-20 15:27 - 2014-03-20 15:27 - 00106496 _____ () C:\Users\Richard\AppData\Local\aqucfugc.exe2014-03-20 12:39 - 2014-03-22 01:29 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Fyucqusy2014-03-20 09:09 - 2014-03-20 09:09 - 00005911 _____ () C:\Users\Richard\AppData\Local\eboboaqd2014-03-19 20:37 - 2014-03-23 22:37 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Xafoivug2014-03-19 14:28 - 2014-03-19 14:28 - 00110592 _____ () C:\Users\Richard\AppData\Local\kpbpivdt.exe2014-03-19 09:11 - 2014-03-19 09:11 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Mozilla2014-03-17 00:02 - 2014-03-17 00:02 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-03-17 00:02 - 2014-03-17 00:02 - 00000000 ____D () C:\Program Files\iTunes2014-03-17 00:02 - 2014-03-17 00:02 - 00000000 ____D () C:\Program Files\iPod2014-03-17 00:02 - 2014-03-17 00:02 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-03-17 00:00 - 2014-03-17 00:00 - 00000000 ____D () C:\Program Files (x86)\QuickTime2014-03-14 20:33 - 2014-03-14 20:33 - 00012326 _____ () C:\Users\Richard\AppData\Local\xuhgjnch2014-03-14 20:32 - 2014-03-14 20:32 - 00068465 _____ () C:\Users\Richard\AppData\Local\eccrerso2014-03-14 20:31 - 2014-03-14 20:31 - 00000000 _____ () C:\Users\Richard\AppData\Roaming\SharedSettings.ccs2014-03-11 17:35 - 2014-03-01 01:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-03-11 17:35 - 2014-03-01 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-03-11 17:35 - 2014-03-01 00:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-03-11 17:35 - 2014-02-28 23:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-03-11 17:35 - 2014-02-28 23:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-03-11 17:35 - 2014-02-28 23:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-03-11 17:35 - 2014-02-28 23:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-03-11 17:35 - 2014-02-28 23:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-03-11 17:35 - 2014-02-28 23:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-03-11 17:35 - 2014-02-28 23:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-03-11 17:35 - 2014-02-28 23:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-03-11 17:35 - 2014-02-28 23:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-03-11 17:35 - 2014-02-28 23:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-03-11 17:35 - 2014-02-28 23:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-03-11 17:35 - 2014-02-28 23:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-03-11 17:35 - 2014-02-28 23:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-03-11 17:35 - 2014-02-28 23:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-03-11 17:35 - 2014-02-28 22:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-03-11 17:35 - 2014-02-28 22:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-03-11 17:35 - 2014-02-28 22:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-03-11 17:35 - 2014-02-28 22:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-03-11 17:35 - 2014-02-28 22:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-03-11 17:35 - 2014-02-28 22:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-03-11 17:35 - 2014-02-28 22:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-03-11 17:35 - 2014-02-28 22:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-03-11 17:35 - 2014-02-28 22:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-03-11 17:35 - 2014-02-28 22:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-03-11 17:35 - 2014-02-28 22:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-03-11 17:35 - 2014-02-28 22:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-03-11 17:35 - 2014-02-28 22:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-03-11 17:35 - 2014-02-28 22:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-03-11 17:35 - 2014-02-28 22:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-03-11 17:35 - 2014-02-28 22:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-03-11 17:35 - 2014-02-28 22:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-03-11 17:35 - 2014-02-28 21:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-03-11 17:35 - 2014-02-28 21:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-03-11 17:35 - 2014-02-28 21:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-03-11 17:35 - 2014-02-28 21:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-03-11 17:35 - 2014-02-28 21:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-03-11 17:35 - 2014-02-28 21:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-03-11 17:35 - 2014-02-06 20:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-03-11 17:35 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll2014-03-11 17:35 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll2014-03-11 17:35 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll2014-03-11 17:34 - 2014-02-03 21:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2014-03-11 17:34 - 2014-02-03 21:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-03-11 17:34 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2014-03-11 17:34 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2014-03-10 20:02 - 2014-03-11 23:35 - 00000000 ____D () C:\Users\Richard\Documents\Tax Docs 2013 ==================== One Month Modified Files and Folders ======= 2014-03-23 23:09 - 2014-03-23 23:01 - 00017114 _____ () C:\Users\Richard\Desktop\FRST.txt2014-03-23 23:09 - 2014-03-23 22:58 - 00000000 ____D () C:\FRST2014-03-23 23:05 - 2014-03-23 23:03 - 00047571 _____ () C:\Users\Richard\Desktop\Addition.txt2014-03-23 22:57 - 2009-07-14 00:12 - 00803274 _____ () C:\Windows\system32\PerfStringBackup.INI2014-03-23 22:55 - 2013-05-28 21:49 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-03-23 22:54 - 2013-05-28 12:40 - 01582294 _____ () C:\Windows\WindowsUpdate.log2014-03-23 22:52 - 2013-05-28 21:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-03-23 22:44 - 2009-07-13 23:50 - 00025408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-03-23 22:44 - 2009-07-13 23:50 - 00025408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-03-23 22:40 - 2014-03-23 22:40 - 02157056 _____ (Farbar) C:\Users\Richard\Desktop\FRST64.exe2014-03-23 22:40 - 2014-03-21 02:00 - 00003348 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2902050937-303955776-554964296-10002014-03-23 22:40 - 2013-09-13 10:14 - 00003218 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2902050937-303955776-554964296-10002014-03-23 22:39 - 2013-05-28 21:49 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-03-23 22:39 - 2013-05-28 20:50 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job2014-03-23 22:37 - 2014-03-21 01:59 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp2014-03-23 22:37 - 2014-03-19 20:37 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Xafoivug2014-03-23 22:37 - 2013-07-01 23:50 - 00010206 _____ () C:\Windows\setupact.log2014-03-23 22:37 - 2013-07-01 23:49 - 00280966 _____ () C:\Windows\PFRO.log2014-03-23 22:37 - 2013-05-28 20:56 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys2014-03-23 22:37 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-03-23 22:10 - 2013-07-19 14:08 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2902050937-303955776-554964296-1000UA.job2014-03-23 22:01 - 2013-06-02 15:09 - 00000000 ____D () C:\Users\Richard\Documents\Outlook Files2014-03-23 21:57 - 2014-03-23 21:57 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Piatymvy2014-03-23 16:51 - 2014-03-23 16:51 - 00114688 _____ () C:\Users\Richard\AppData\Local\fioftvoc.exe2014-03-23 16:39 - 2014-03-23 16:39 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Syalcero2014-03-23 16:38 - 2013-05-30 00:44 - 00000000 ____D () C:\Users\Richard\AppData\Local\CrashDumps2014-03-23 16:37 - 2013-05-28 20:50 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job2014-03-23 04:37 - 2014-03-23 04:37 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Fyfecual2014-03-23 03:10 - 2013-07-19 14:08 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2902050937-303955776-554964296-1000Core.job2014-03-23 00:43 - 2014-03-23 00:43 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Dofawy2014-03-22 21:12 - 2014-03-22 21:12 - 00106496 _____ () C:\Users\Richard\AppData\Local\pmtbhdqk.exe2014-03-22 21:12 - 2014-03-22 21:12 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Miinhy2014-03-22 10:03 - 2014-03-22 10:03 - 00688992 ____R (Swearware) C:\Users\Richard\Desktop\dds.scr2014-03-22 07:00 - 2014-03-22 07:00 - 00005911 _____ () C:\Users\Richard\AppData\Local\lcqibmel2014-03-22 05:29 - 2014-03-22 05:29 - 00106496 _____ () C:\Users\Richard\AppData\Local\mgtkkvgh.exe2014-03-22 01:29 - 2014-03-20 12:39 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Fyucqusy2014-03-22 01:08 - 2013-05-29 00:46 - 00000000 ____D () C:\Users\Richard\Documents\Flight Simulator X Files2014-03-21 14:39 - 2014-03-21 14:39 - 00005911 _____ () C:\Users\Richard\AppData\Local\gvupnbox2014-03-21 13:00 - 2013-05-31 19:40 - 00000000 ____D () C:\ProgramData\cOOntiNuetaosave2014-03-20 15:27 - 2014-03-20 15:27 - 00106496 _____ () C:\Users\Richard\AppData\Local\aqucfugc.exe2014-03-20 09:09 - 2014-03-20 09:09 - 00005911 _____ () C:\Users\Richard\AppData\Local\eboboaqd2014-03-19 14:28 - 2014-03-19 14:28 - 00110592 _____ () C:\Users\Richard\AppData\Local\kpbpivdt.exe2014-03-19 09:11 - 2014-03-19 09:11 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Mozilla2014-03-18 23:18 - 2013-06-01 13:13 - 00000000 ____D () C:\Program Files\Microsoft Office 152014-03-18 03:01 - 2013-07-14 03:00 - 00000000 ____D () C:\Windows\system32\MRT2014-03-18 03:00 - 2013-05-28 22:59 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-03-17 23:33 - 2014-02-17 01:50 - 00000000 ____D () C:\ProgramData\MSNDynFiles2014-03-17 00:02 - 2014-03-17 00:02 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-03-17 00:02 - 2014-03-17 00:02 - 00000000 ____D () C:\Program Files\iTunes2014-03-17 00:02 - 2014-03-17 00:02 - 00000000 ____D () C:\Program Files\iPod2014-03-17 00:02 - 2014-03-17 00:02 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-03-17 00:00 - 2014-03-17 00:00 - 00000000 ____D () C:\Program Files (x86)\QuickTime2014-03-14 20:33 - 2014-03-14 20:33 - 00012326 _____ () C:\Users\Richard\AppData\Local\xuhgjnch2014-03-14 20:32 - 2014-03-14 20:32 - 00068465 _____ () C:\Users\Richard\AppData\Local\eccrerso2014-03-14 20:31 - 2014-03-14 20:31 - 00000000 _____ () C:\Users\Richard\AppData\Roaming\SharedSettings.ccs2014-03-12 03:19 - 2009-07-13 23:50 - 00451704 _____ () C:\Windows\system32\FNTCACHE.DAT2014-03-12 03:18 - 2014-01-01 12:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-03-12 03:18 - 2014-01-01 12:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-03-11 23:35 - 2014-03-10 20:02 - 00000000 ____D () C:\Users\Richard\Documents\Tax Docs 20132014-03-11 20:52 - 2013-05-28 21:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-03-11 20:52 - 2013-05-28 21:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-03-11 20:52 - 2013-05-28 21:49 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-03-10 00:30 - 2013-11-23 21:42 - 00003370 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2902050937-303955776-554964296-10002014-03-10 00:30 - 2013-11-23 21:42 - 00003240 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2902050937-303955776-554964296-10002014-03-01 01:05 - 2014-03-11 17:35 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-03-01 00:17 - 2014-03-11 17:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-03-01 00:16 - 2014-03-11 17:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-02-28 23:58 - 2014-03-11 17:35 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-02-28 23:52 - 2014-03-11 17:35 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-02-28 23:51 - 2014-03-11 17:35 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-02-28 23:42 - 2014-03-11 17:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-02-28 23:40 - 2014-03-11 17:35 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-02-28 23:37 - 2014-03-11 17:35 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-02-28 23:33 - 2014-03-11 17:35 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-02-28 23:33 - 2014-03-11 17:35 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-02-28 23:32 - 2014-03-11 17:35 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-02-28 23:30 - 2014-03-11 17:35 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-02-28 23:27 - 2013-05-29 23:47 - 00000000 ____D () C:\ProgramData\Esellerate2014-02-28 23:23 - 2014-03-11 17:35 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-02-28 23:17 - 2014-03-11 17:35 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-02-28 23:11 - 2014-03-11 17:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-02-28 23:02 - 2014-03-11 17:35 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-02-28 22:54 - 2014-03-11 17:35 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-02-28 22:52 - 2014-03-11 17:35 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-02-28 22:51 - 2014-03-11 17:35 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-02-28 22:47 - 2014-03-11 17:35 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-02-28 22:43 - 2014-03-11 17:35 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-02-28 22:43 - 2014-03-11 17:35 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-02-28 22:42 - 2014-03-11 17:35 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-02-28 22:40 - 2014-03-11 17:35 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-02-28 22:38 - 2014-03-11 17:35 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-02-28 22:37 - 2014-03-11 17:35 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-02-28 22:35 - 2014-03-11 17:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-02-28 22:18 - 2014-03-11 17:35 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-02-28 22:16 - 2014-03-11 17:35 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-02-28 22:14 - 2014-03-11 17:35 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-02-28 22:10 - 2014-03-11 17:35 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-02-28 22:03 - 2014-03-11 17:35 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-02-28 22:00 - 2014-03-11 17:35 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-02-28 21:57 - 2014-03-11 17:35 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-02-28 21:38 - 2014-03-11 17:35 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-02-28 21:32 - 2014-03-11 17:35 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-02-28 21:27 - 2014-03-11 17:35 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-02-28 21:25 - 2014-03-11 17:35 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-02-28 21:25 - 2014-03-11 17:35 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-02-25 00:01 - 2013-05-28 20:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-02-24 20:09 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF Files to move or delete:====================C:\Users\Richard\FlightBeam_Phoenix Sky Harbor - HD.regC:\Users\Richard\FlightBeam_San Francisco X.regC:\Users\Richard\FSDreamTeam_Chicago Ohare.regC:\Users\Richard\FSDreamTeam_Dallas-Fort Worth.regC:\Users\Richard\FSDreamTeam_Geneva.regC:\Users\Richard\FSDreamTeam_GSX.regC:\Users\Richard\FSDreamTeam_JFK V2.regC:\Users\Richard\FSDreamTeam_JFK.regC:\Users\Richard\FSDreamTeam_KFLL.regC:\Users\Richard\FSDreamTeam_KLAS.regC:\Users\Richard\FSDreamTeam_Los Angeles V2.regC:\Users\Richard\FSDreamTeam_Vancouver CYVR.regC:\Users\Richard\FSDreamTeam_ZurichX.regC:\Users\Richard\QualityWings_Ultimate 757 Collection.reg Some content of TEMP:====================C:\Users\Richard\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exeC:\Users\Richard\AppData\Local\Temp\lowproc.exeC:\Users\Richard\AppData\Local\Temp\stubhelper.dllC:\Users\Richard\AppData\Local\Temp\UpdateFlashPlayer_1b831219.exeC:\Users\Richard\AppData\Local\Temp\UpdateFlashPlayer_2949ed18.exeC:\Users\Richard\AppData\Local\Temp\UpdateFlashPlayer_7d466054.exeC:\Users\Richard\AppData\Local\Temp\UpdateFlashPlayer_a5b6c43b.exeC:\Users\Richard\AppData\Local\Temp\UpdateFlashPlayer_d14764c5.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-21 04:05 ==================== End Of Log ============================ Addition.txt
  21. cyclopean
    Yesterday as my computer resumed from hybernation, a java script file called b3.mookie1.com kept popping up on my screen asking to be run. Cancelling the request brought more and more requests with me having to sometimes hit cancel option more than 20 times to get rid of them. I ran my Malwarebytes Anti-Malware several times thinking I was infected with a virus - MBAM found pups but nothing that seemed related to this event. Finally the pop up java requests have stopped but now when I click on any anything in windows, at first it responds then after a while it takes a long time to respond. When I try to restore my computer to an earlier time, it fails with a catastrophic error. I downloaded and ran DDS with the instructions provided. It says it will place 2 files to my desktop, but it only produces one - attach.txt, even after running it several times using both dds.scr and dds.com I have copied and pasted the attach.txt file below. Any assistance will be greatly appreciated. Thanks! UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Ultimate N Boot Device: \Device\HarddiskVolume2Install Date: 5/28/2013 8:37:58 PMSystem Uptime: 3/22/2014 10:02:50 AM (0 hours ago).Motherboard: ASRock | | Z77MProcessor: Intel® Core i7-3770 CPU @ 3.40GHz | CPUSocket | 2788/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 466 GiB total, 388.67 GiB free.D: is CDROM ()E: is FIXED (NTFS) - 932 GiB total, 809.488 GiB free.F: is RemovableJ: is FIXED (NTFS) - 932 GiB total, 798.443 GiB free..==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Realtek PCIe GBE Family ControllerDevice ID: PCI\VEN_10EC&DEV_8168&SUBSYS_81681849&REV_06\4&2B8260C3&0&00E4Manufacturer: RealtekName: Realtek PCIe GBE Family ControllerPNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_81681849&REV_06\4&2B8260C3&0&00E4Service: RTL8167.==== System Restore Points ===================.RP181: 3/11/2014 4:40:16 AM - Windows UpdateRP182: 3/12/2014 3:00:23 AM - Windows UpdateRP184: 3/17/2014 11:35:34 PM - Windows Defender CheckpointRP185: 3/18/2014 3:00:10 AM - Windows UpdateRP186: 3/21/2014 4:04:08 AM - Windows UpdateRP188: 3/21/2014 4:08:43 AM - Windows Defender Checkpoint.==== Image File Execution Options =============..==== Installed Programs ======================..==== End Of File ===========================
  22. cyclopean
    This java script file keeps popping un my screen asking me to install it. Anybody knows what it is? And how come MWB doesn't stop it? I can't seem to get rid of it.....
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.