Jump to content

beaucomb

Members
  • Posts

    9
  • Joined

  • Last visited

Everything posted by beaucomb

  1. Everything seems to be running very well! Merry Christmas! 1. Fixlog.txt Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-12-2014 01Ran by Bruce at 2014-12-24 13:34:44 Run:2Running from C:\Users\Bruce\DesktopLoaded Profiles: Bruce & (Available profiles: Bruce)Boot Mode: Normal============================================== Content of fixlist:*****************startHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-2824077954-1205789865-475378249-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION2014-12-15 13:41 - 2014-12-18 15:08 - 00000339 _____ () C:\Users\Bruce\AppData\Roaming\ProdASC.Asc2014-12-15 13:31 - 2014-12-15 13:31 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\pw1v51q0u3vi.xml2014-12-15 13:30 - 2014-12-15 13:30 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\rzls5cbnuwyl.xml2014-12-14 16:06 - 2014-12-14 16:06 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\3rrjxmuyuhjq.xml2014-12-14 16:01 - 2014-12-14 16:01 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\oajv3ge2u30o.xml2014-12-14 15:41 - 2014-12-14 15:41 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\d5upmq1lu3my.xml2014-12-13 19:21 - 2014-12-13 19:21 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\nkhskxvsusig.xml2014-12-13 18:31 - 2014-12-13 18:31 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\bqu0rqu5ufgh.xml2014-12-13 17:51 - 2014-12-13 17:51 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\bpe4nxekuv1j.xml2014-12-13 16:36 - 2014-12-13 16:36 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\zzdu1ycyulf0.xml2014-12-13 16:33 - 2014-12-13 16:33 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\y1200142uw3b.xml2014-12-13 16:33 - 2014-12-13 16:33 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\x4j0rlgkugaj.xml2014-12-13 16:26 - 2014-12-13 16:26 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\sbe1p2gmuqbz.xml2014-12-13 16:16 - 2014-12-13 16:16 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\mp5zsoj3uupp.xml2014-12-03 12:23 - 2014-12-03 12:23 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\vpuz0mblumft.xml2014-12-03 12:20 - 2014-12-03 12:20 - 00000079 _____ () C:\Users\Bruce\AppData\Roaming\lhbjtl1ju4cn.xml2014-12-03 12:13 - 2014-12-03 12:13 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\15m4t4zyugz2.xml2014-12-03 12:00 - 2014-12-03 12:00 - 00000079 _____ () C:\Users\Bruce\AppData\Roaming\seysxkpsug1a.xml2014-12-03 11:57 - 2014-12-03 11:57 - 00000079 _____ () C:\Users\Bruce\AppData\Roaming\w2pb353ku5iv.xml2014-12-03 11:56 - 2014-12-03 11:56 - 00000079 _____ () C:\Users\Bruce\AppData\Roaming\z0blwszjugpi.xml2014-12-13 22:08 - 2014-10-10 21:41 - 00000000 ____D () C:\Users\Bruce\AppData\Roaming\%%d1mp8q22%RFMSend***************** "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully."HKU\S-1-5-21-2824077954-1205789865-475378249-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.C:\Users\Bruce\AppData\Roaming\ProdASC.Asc => Moved successfully.C:\Users\Bruce\AppData\Roaming\pw1v51q0u3vi.xml => Moved successfully.C:\Users\Bruce\AppData\Roaming\rzls5cbnuwyl.xml => Moved successfully.C:\Users\Bruce\AppData\Roaming\3rrjxmuyuhjq.xml => Moved successfully.C:\Users\Bruce\AppData\Roaming\oajv3ge2u30o.xml => Moved successfully.C:\Users\Bruce\AppData\Roaming\d5upmq1lu3my.xml => Moved successfully.C:\Users\Bruce\AppData\Roaming\nkhskxvsusig.xml => Moved successfully.C:\Users\Bruce\AppData\Roaming\bqu0rqu5ufgh.xml => Moved successfully.C:\Users\Bruce\AppData\Roaming\bpe4nxekuv1j.xml => Moved successfully.C:\Users\Bruce\AppData\Roaming\zzdu1ycyulf0.xml => Moved successfully.C:\Users\Bruce\AppData\Roaming\y1200142uw3b.xml => Moved successfully.C:\Users\Bruce\AppData\Roaming\x4j0rlgkugaj.xml => Moved successfully.C:\Users\Bruce\AppData\Roaming\sbe1p2gmuqbz.xml => Moved successfully.C:\Users\Bruce\AppData\Roaming\mp5zsoj3uupp.xml => Moved successfully.C:\Users\Bruce\AppData\Roaming\vpuz0mblumft.xml => Moved successfully.C:\Users\Bruce\AppData\Roaming\lhbjtl1ju4cn.xml => Moved successfully.C:\Users\Bruce\AppData\Roaming\15m4t4zyugz2.xml => Moved successfully.C:\Users\Bruce\AppData\Roaming\seysxkpsug1a.xml => Moved successfully.C:\Users\Bruce\AppData\Roaming\w2pb353ku5iv.xml => Moved successfully.C:\Users\Bruce\AppData\Roaming\z0blwszjugpi.xml => Moved successfully.C:\Users\Bruce\AppData\Roaming\%%d1mp8q22%RFMS => Moved successfully. ==== End of Fixlog 13:34:45 ==== 2. checkup.txt Results of screen317's Security Check version 0.99.93 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Adobe Reader XI Google Chrome (39.0.2171.71) Google Chrome (39.0.2171.95) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  2. Hi again, Adam. Below are pasted the two FRST logs. Let me know if you have any further recommendations, otherwise I think we are good to go. Thank you for everything! 1. FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-12-2014 01Ran by Bruce (administrator) on BRUCE-PC on 22-12-2014 11:43:22Running from C:\Users\Bruce\DesktopLoaded Profile: Bruce (Available profiles: Bruce)Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(O2Micro International) C:\Windows\System32\o2flash.exe(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-02-05] (IDT, Inc.)HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [7469568 2012-01-18] (Dell Inc.)HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [371024 2013-03-05] (Wave Systems Corp.)HKLM\...\Run: [DFEPApplication] => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-15] (Dell Inc.)HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)HKLM\...\Policies\Explorer: [NoFolderOptions] 0HKLM\...\Policies\Explorer: [NoControlPanel] 0HKU\S-1-5-21-2824077954-1205789865-475378249-1000\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)HKU\S-1-5-21-2824077954-1205789865-475378249-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)HKU\S-1-5-21-2824077954-1205789865-475378249-1000\...\RunOnce: [Adobe Speed Launcher] => 1418839056HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0Startup: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnkShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnkShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnkShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)ShellIconOverlayIdentifiers: [uninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-2824077954-1205789865-475378249-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKU\S-1-5-21-2824077954-1205789865-475378249-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-2824077954-1205789865-475378249-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2824077954-1205789865-475378249-1000 -> {E26E4C2D-80B9-49B9-9E08-AAC702DE94CC} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox:========FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-2824077954-1205789865-475378249-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Bruce\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) Chrome: =======CHR HomePage: Default -> hxxp://www.google.com/CHR StartupUrls: Default -> "hxxp://www.google.com/"CHR Profile: C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-20]CHR Extension: (Google Drive) - C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-20]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-20]CHR Extension: (YouTube) - C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-20]CHR Extension: (Google Search) - C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-20]CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-16]CHR Extension: (Google Wallet) - C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-20]CHR Extension: (Gmail) - C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-20]CHR HKU\S-1-5-21-2824077954-1205789865-475378249-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-15] (Dell Inc.)R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [231792 2013-03-11] ()R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [21504 2013-01-21] (Dell, Inc.) [File not signed]S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] () [File not signed]R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1773056 2013-02-26] (Wave Systems Corp.) [File not signed]R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6157312 2012-01-18] (Dell Inc.) [File not signed]S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254824 2013-03-08] (Wave Systems Corp.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-22] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics)S3 wbfcvusbdrv; C:\Windows\System32\Drivers\wbfcvusbdrv.sys [17120 2013-03-07] ()S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-22 11:42 - 2014-12-22 11:42 - 00000000 ____D () C:\Users\Bruce\Desktop\FRST-OlderVersion2014-12-18 19:23 - 2014-12-18 19:23 - 00034710 _____ () C:\Users\Bruce\Documents\J. MORRISON - FRANKS - LVP ONLY - CARRY OVER FROM 2014 - 10-14.xlsx2014-12-18 19:12 - 2014-12-18 20:45 - 00034746 _____ () C:\Users\Bruce\Documents\J. MORRISON - FRANKS - LAM ONLY INV AMENDED FOR 12-2014.xlsx2014-12-18 08:15 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-12-18 08:15 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-12-17 20:43 - 2014-12-17 20:45 - 00057423 _____ () C:\Users\Bruce\Documents\J MORRISON - GADDAM - UPPER LEVEL CPT - MBR & HALL&STRS - 12-14.xlsx2014-12-17 20:31 - 2014-12-17 20:31 - 00057433 _____ () C:\Users\Bruce\Documents\J MORRISON - GADDAM - MAIN LEVEL CPT - FR & OFF - 12-14.xlsx2014-12-17 20:04 - 2014-12-17 20:10 - 00057263 _____ () C:\Users\Bruce\Documents\J MORRISON - GADDAM - MAIN LEVEL HW NEW EXIST - 12-14.xlsx2014-12-17 19:32 - 2014-12-17 19:32 - 00335360 _____ () C:\Users\Bruce\Documents\CCA GLOBAL - FOD Small Group Census Request Part 2.xls2014-12-17 13:10 - 2014-12-17 13:10 - 00000096 _____ () C:\Users\Bruce\Desktop\MyEsetScan.txt2014-12-17 12:16 - 2014-12-17 12:16 - 00000000 ____D () C:\Program Files (x86)\ESET2014-12-17 12:11 - 2014-12-17 12:11 - 02347384 _____ (ESET) C:\Users\Bruce\Desktop\esetsmartinstaller_enu.exe2014-12-17 12:00 - 2014-12-17 12:00 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-12-17 12:00 - 2014-12-17 12:00 - 00000000 ____D () C:\ProgramData\RogueKiller2014-12-17 11:59 - 2014-12-17 11:59 - 18315864 _____ () C:\Users\Bruce\Desktop\RogueKillerX64.exe2014-12-17 11:54 - 2014-12-17 11:55 - 00000000 ____D () C:\AdwCleaner2014-12-17 11:53 - 2014-12-17 11:53 - 02166272 _____ () C:\Users\Bruce\Desktop\AdwCleaner.exe2014-12-17 10:41 - 2014-12-17 10:42 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Bruce\Desktop\tdsskiller.exe2014-12-17 10:34 - 2014-12-17 10:34 - 00043115 _____ () C:\ComboFix.txt2014-12-17 10:25 - 2014-12-17 10:34 - 00000000 ____D () C:\Qoobox2014-12-17 10:25 - 2014-12-17 10:33 - 00000000 ____D () C:\Windows\erdnt2014-12-17 10:25 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe2014-12-17 10:25 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe2014-12-17 10:25 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-12-17 10:25 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-12-17 10:25 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-12-17 10:25 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe2014-12-17 10:25 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe2014-12-17 10:25 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe2014-12-16 11:21 - 2014-12-16 11:21 - 00368256 _____ (RegNow.com) C:\Users\Bruce\Downloads\Download_MaxSDRDM.exe2014-12-15 20:32 - 2014-12-22 11:43 - 00018162 _____ () C:\Users\Bruce\Desktop\FRST.txt2014-12-15 20:32 - 2014-12-22 11:43 - 00000000 ____D () C:\FRST2014-12-15 20:32 - 2014-12-15 20:33 - 00033234 _____ () C:\Users\Bruce\Desktop\Addition.txt2014-12-15 20:31 - 2014-12-22 11:42 - 02122240 _____ (Farbar) C:\Users\Bruce\Desktop\FRST64.exe2014-12-15 17:56 - 2014-12-22 11:02 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-12-15 17:55 - 2014-12-15 17:55 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-12-15 17:55 - 2014-12-15 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-12-15 17:54 - 2014-12-15 17:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-12-15 17:54 - 2014-12-15 17:54 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-12-15 17:54 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-12-15 17:54 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-12-15 17:54 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-12-15 17:53 - 2014-12-15 17:54 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Bruce\Downloads\mbam-setup-2.0.4.1028.exe2014-12-15 17:26 - 2014-12-15 17:26 - 00000000 ____D () C:\Windows\system32\appmgmt2014-12-15 13:41 - 2014-12-18 15:08 - 00000339 _____ () C:\Users\Bruce\AppData\Roaming\ProdASC.Asc2014-12-15 13:31 - 2014-12-15 13:31 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\pw1v51q0u3vi.xml2014-12-15 13:30 - 2014-12-15 13:30 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\rzls5cbnuwyl.xml2014-12-14 16:06 - 2014-12-14 16:06 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\3rrjxmuyuhjq.xml2014-12-14 16:01 - 2014-12-14 16:01 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\oajv3ge2u30o.xml2014-12-14 15:41 - 2014-12-14 15:41 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\d5upmq1lu3my.xml2014-12-13 19:21 - 2014-12-13 19:21 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\nkhskxvsusig.xml2014-12-13 18:31 - 2014-12-13 18:31 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\bqu0rqu5ufgh.xml2014-12-13 17:51 - 2014-12-13 17:51 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\bpe4nxekuv1j.xml2014-12-13 16:36 - 2014-12-13 16:36 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\zzdu1ycyulf0.xml2014-12-13 16:33 - 2014-12-13 16:33 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\y1200142uw3b.xml2014-12-13 16:33 - 2014-12-13 16:33 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\x4j0rlgkugaj.xml2014-12-13 16:26 - 2014-12-13 16:26 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\sbe1p2gmuqbz.xml2014-12-13 16:16 - 2014-12-13 16:16 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\mp5zsoj3uupp.xml2014-12-13 03:02 - 2014-12-13 03:02 - 00283456 _____ () C:\Windows\Minidump\121314-32339-01.dmp2014-12-11 03:20 - 2014-12-11 03:20 - 00000000 ____D () C:\Windows\system32\appraiser2014-12-11 03:00 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll2014-12-11 03:00 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll2014-12-11 03:00 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll2014-12-11 03:00 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe2014-12-11 03:00 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe2014-12-11 03:00 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll2014-12-11 03:00 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll2014-12-11 03:00 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe2014-12-11 03:00 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe2014-12-11 03:00 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll2014-12-10 09:07 - 2014-12-03 20:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2014-12-10 09:07 - 2014-12-03 20:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll2014-12-10 09:07 - 2014-12-03 20:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2014-12-10 09:07 - 2014-12-03 20:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2014-12-10 09:07 - 2014-12-03 20:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-12-10 09:07 - 2014-12-03 20:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll2014-12-10 09:07 - 2014-12-03 20:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-12-10 09:07 - 2014-12-01 17:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe2014-12-10 09:07 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2014-12-10 09:07 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2014-12-10 09:07 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys2014-12-10 09:06 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-12-10 09:06 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-12-10 09:06 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-12-10 09:06 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-12-10 09:06 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-12-10 09:06 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-12-10 09:06 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-12-10 09:06 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-12-10 09:06 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-12-10 09:06 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-12-10 09:06 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-12-10 09:06 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-12-10 09:06 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-12-10 09:06 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-12-10 09:06 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-12-10 09:06 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-12-10 09:06 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-12-10 09:06 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-12-10 09:06 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-12-10 09:06 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-12-10 09:06 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-12-10 09:06 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-12-10 09:06 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-12-10 09:06 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-12-10 09:06 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-12-10 09:06 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-12-10 09:06 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-12-10 09:06 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-12-10 09:06 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-12-10 09:06 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-12-10 09:06 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-12-10 09:06 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-12-10 09:06 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-12-10 09:06 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-12-10 09:06 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-12-10 09:06 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-12-10 09:06 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-12-10 09:06 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-12-10 09:06 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-12-10 09:06 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-12-10 09:06 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-12-10 09:06 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-12-10 09:06 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-12-10 09:06 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-12-10 09:06 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-12-10 09:06 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-12-10 09:06 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-12-10 09:06 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-12-10 09:06 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-12-10 09:06 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-12-10 09:06 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-12-10 09:06 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-12-10 09:06 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-12-10 09:06 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-12-10 09:04 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2014-12-10 09:04 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2014-12-10 09:04 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe2014-12-10 09:04 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe2014-12-10 09:04 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll2014-12-10 09:04 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll2014-12-10 09:04 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll2014-12-10 09:04 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll2014-12-10 09:04 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe2014-12-10 09:04 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll2014-12-10 09:04 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll2014-12-10 09:04 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll2014-12-10 09:04 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll2014-12-10 09:04 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe2014-12-09 21:16 - 2014-12-09 21:35 - 00181488 _____ () C:\Users\Bruce\Documents\DENO - MAIN AREA - W SOME CPT & SOME HW 12-14.msr2014-12-09 14:17 - 2014-12-09 15:06 - 00192120 _____ () C:\Users\Bruce\Documents\SCOTT - UPPER LEVL CPT PROJ - DRAW 12-14.msr2014-12-08 22:38 - 2014-12-08 22:38 - 00008952 _____ () C:\Users\Bruce\Downloads\accent wall cork %232.jpeg2014-12-08 22:38 - 2014-12-08 22:38 - 00008952 _____ () C:\Users\Bruce\Downloads\accent wall cork %232 (1).jpeg2014-12-08 22:38 - 2014-12-08 22:38 - 00008567 _____ () C:\Users\Bruce\Downloads\accent wall ledger stone.jpeg2014-12-08 22:38 - 2014-12-08 22:38 - 00008166 _____ () C:\Users\Bruce\Downloads\accent wall in wood bath.jpeg2014-12-07 17:20 - 2014-12-13 03:02 - 759072059 _____ () C:\Windows\MEMORY.DMP2014-12-07 17:20 - 2014-12-13 03:02 - 00000000 ____D () C:\Windows\Minidump2014-12-07 17:20 - 2014-12-07 17:20 - 00721560 _____ () C:\Windows\Minidump\120714-15272-01.dmp2014-12-03 12:23 - 2014-12-03 12:23 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\vpuz0mblumft.xml2014-12-03 12:20 - 2014-12-03 12:20 - 00000079 _____ () C:\Users\Bruce\AppData\Roaming\lhbjtl1ju4cn.xml2014-12-03 12:13 - 2014-12-03 12:13 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\15m4t4zyugz2.xml2014-12-03 12:00 - 2014-12-03 12:00 - 00000079 _____ () C:\Users\Bruce\AppData\Roaming\seysxkpsug1a.xml2014-12-03 11:57 - 2014-12-03 11:57 - 00000079 _____ () C:\Users\Bruce\AppData\Roaming\w2pb353ku5iv.xml2014-12-03 11:56 - 2014-12-03 11:56 - 00000079 _____ () C:\Users\Bruce\AppData\Roaming\z0blwszjugpi.xml2014-12-01 12:21 - 2014-12-01 12:23 - 00045101 _____ () C:\Users\Bruce\Documents\REBEHN CPT RESTRETCH - 09-14.xlsx2014-11-30 16:26 - 2014-11-30 16:26 - 00089540 _____ () C:\Users\Bruce\Downloads\CONFIRMATION_PAGE_combo (4).js2014-11-30 16:24 - 2014-11-30 16:24 - 00089540 _____ () C:\Users\Bruce\Downloads\CONFIRMATION_PAGE_combo (2).js2014-11-30 16:18 - 2014-11-30 16:18 - 00089540 _____ () C:\Users\Bruce\Downloads\CONFIRMATION_PAGE_combo (6).js2014-11-30 16:17 - 2014-11-30 16:17 - 00089540 _____ () C:\Users\Bruce\Downloads\CONFIRMATION_PAGE_combo (5).js2014-11-30 16:16 - 2014-11-30 16:16 - 00089540 _____ () C:\Users\Bruce\Downloads\CONFIRMATION_PAGE_combo (3).js2014-11-30 16:15 - 2014-11-30 16:15 - 03179174 _____ () C:\Users\Bruce\Downloads\VID-20140526-WA0001.mp42014-11-30 16:14 - 2014-11-30 16:14 - 00089540 _____ () C:\Users\Bruce\Downloads\CONFIRMATION_PAGE_combo.js2014-11-30 16:14 - 2014-11-30 16:14 - 00089540 _____ () C:\Users\Bruce\Downloads\CONFIRMATION_PAGE_combo (1).js2014-11-24 15:32 - 2014-11-24 15:32 - 00001939 _____ () C:\Users\Public\Desktop\Measure.lnk2014-11-24 15:32 - 2014-11-24 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Measure2014-11-24 14:53 - 2014-12-22 10:25 - 00000000 ___RD () C:\Users\Bruce\Google Drive2014-11-24 14:52 - 2014-11-24 14:53 - 00001645 _____ () C:\Users\Bruce\Desktop\Google Drive.lnk2014-11-24 14:48 - 2014-11-24 14:48 - 00880784 _____ (Google Inc.) C:\Users\Bruce\Downloads\googledrivesync.exe2014-11-24 14:48 - 2014-11-24 14:48 - 00002044 _____ () C:\Users\Public\Desktop\Google Slides.lnk2014-11-24 14:48 - 2014-11-24 14:48 - 00002042 _____ () C:\Users\Public\Desktop\Google Sheets.lnk2014-11-24 14:48 - 2014-11-24 14:48 - 00002032 _____ () C:\Users\Public\Desktop\Google Docs.lnk2014-11-24 14:48 - 2014-11-24 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive2014-11-23 23:23 - 2014-12-22 11:41 - 00005014 _____ () C:\Windows\System32\Tasks\WSCEAA ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-22 11:41 - 2014-10-20 09:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-12-22 11:41 - 2014-09-29 10:30 - 02010447 _____ () C:\Windows\WindowsUpdate.log2014-12-22 11:08 - 2014-10-20 09:21 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfec798f61a5d8.job2014-12-22 10:50 - 2014-10-13 07:02 - 00000562 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2824077954-1205789865-475378249-1000.job2014-12-22 10:40 - 2009-07-13 22:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-12-22 10:40 - 2009-07-13 22:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-12-20 15:49 - 2014-10-11 08:58 - 00000000 ____D () C:\Users\Bruce\Documents\Outlook Files2014-12-20 15:49 - 2014-10-10 20:50 - 00000000 ____D () C:\Users\Bruce\Documents\Outlook PST2014-12-20 13:08 - 2014-10-20 09:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-12-20 13:06 - 2014-10-13 07:02 - 00003588 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2824077954-1205789865-475378249-10002014-12-19 19:36 - 2014-10-10 21:40 - 00007169 _____ () C:\Users\Bruce\AppData\Roaming\WindowPositions_RF_C6.INI2014-12-18 19:07 - 2014-10-20 18:51 - 00034986 _____ () C:\Users\Bruce\Documents\J. MORRISON - FRANKS - CPT AREAS - 10-14.xlsx2014-12-18 15:08 - 2014-11-21 02:18 - 00000517 _____ () C:\Users\Bruce\AppData\Roaming\Customer.Asc2014-12-17 12:01 - 2009-07-13 23:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI2014-12-17 11:56 - 2010-11-20 21:47 - 00181934 _____ () C:\Windows\PFRO.log2014-12-17 11:56 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-12-17 11:56 - 2009-07-13 22:51 - 00044916 _____ () C:\Windows\setupact.log2014-12-17 11:49 - 2014-09-29 10:51 - 00000000 ____D () C:\ProgramData\McAfee2014-12-17 10:34 - 2009-07-13 21:20 - 00000000 __RHD () C:\Users\Default2014-12-17 10:32 - 2009-07-13 20:34 - 00000215 _____ () C:\Windows\system.ini2014-12-17 10:30 - 2009-07-13 20:34 - 79953920 _____ () C:\Windows\system32\config\SOFTWARE.bak2014-12-17 10:30 - 2009-07-13 20:34 - 20447232 _____ () C:\Windows\system32\config\SYSTEM.bak2014-12-17 10:30 - 2009-07-13 20:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak2014-12-17 10:30 - 2009-07-13 20:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak2014-12-17 10:30 - 2009-07-13 20:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak2014-12-15 15:36 - 2014-10-10 19:14 - 00027861 _____ () C:\Users\Bruce\Documents\FLANAGAN - MULLICAN HICK - MUIRFIELD PROJ - 10-14.xlsx2014-12-15 11:21 - 2014-10-10 21:40 - 00001784 _____ () C:\Users\Bruce\Desktop\RFMS.lnk2014-12-13 22:08 - 2014-10-10 21:41 - 00000000 ____D () C:\Users\Bruce\AppData\Roaming\%%d1mp8q22%RFMS2014-12-13 03:49 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache2014-12-12 08:20 - 2014-10-20 09:15 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-12-11 03:20 - 2014-10-12 11:12 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-12-11 03:20 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-12-11 03:20 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat2014-12-11 03:04 - 2014-10-13 21:51 - 00000000 ____D () C:\Windows\system32\MRT2014-12-11 03:01 - 2014-10-13 21:51 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-12-10 22:12 - 2014-10-13 18:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2014-12-09 18:01 - 2014-10-10 19:13 - 00034837 _____ () C:\Users\Bruce\Documents\PRINCETON LIQUORS - LVT DISCOUNTED - 08-14.xlsx2014-12-02 21:25 - 2014-11-06 15:56 - 00000000 ____D () C:\Users\Bruce\Documents\MEASURE PROJECTS2014-11-24 14:53 - 2014-10-10 18:37 - 00000000 ____D () C:\Users\Bruce2014-11-24 14:48 - 2014-10-20 09:15 - 00000000 ____D () C:\Users\Bruce\AppData\Local\Google2014-11-24 14:48 - 2014-10-20 09:14 - 00000000 ____D () C:\Program Files (x86)\Google Some content of TEMP:====================C:\Users\Bruce\AppData\Local\Temp\dllnt_dump.dllC:\Users\Bruce\AppData\Local\Temp\Quarantine.exeC:\Users\Bruce\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-15 21:31 ==================== End Of Log ============================ 2. Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-12-2014 01Ran by Bruce at 2014-12-22 11:43:52Running from C:\Users\Bruce\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) HiddenCisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) HiddenCisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) HiddenCitrix Online Launcher (HKLM-x32\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)Custom (Version: 01.00.00.002 - Wave Systems Corp.) HiddenDell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.)Dell ControlVault Host Components Installer 64 bit (Version: 2.3.309.1625 - Broadcom Corporation) HiddenDell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.3.00003.072 - Dell Inc.)Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)Dell Feature Enhancement Pack (HKLM\...\{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}) (Version: 2.2.1 - Dell)Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)DellAccess (Version: 01.03.00.078 - Wave Systems Corp.) HiddenDW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.100.82.124 - Dell Inc.)EMBASSY Client Core (Version: 01.03.00.123 - Wave Systems Corp.) HiddenERAS Connector (Version: 02.09.05.0335 - Wave Systems Corp) HiddenGemalto (Version: 01.64.01.0010 - Wave Systems Corp) HiddenGemPcCCID (Version: 2.0.1 - Gemalto) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoToMeeting 7.0.5.2130 (HKU\S-1-5-21-2824077954-1205789865-475378249-1000\...\GoToMeeting) (Version: 7.0.5.2130 - CitrixOnline)HP Officejet 6600 Basic Device Software (HKLM\...\{B407F586-D027-45C3-9109-CC2943E839FA}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)HP Officejet 6600 Help (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard)HP Officejet 6600 Product Improvement Study (HKLM\...\{9DD732B9-9B16-4F28-8E21-4AB5E40AF7DE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)Intel® Network Connections 16.8.45.00 (HKLM\...\PROSetDX) (Version: 16.8.45.00 - Dell)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2639 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation)Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Measure (HKLM-x32\...\{2F4F417C-4A49-4AFF-A759-F759BFC52191}) (Version: 11.0.2502 - RFMS)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)Microsoft OneDrive (HKU\S-1-5-21-2824077954-1205789865-475378249-1000\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) HiddenPBA Driver-x64 (Version: 1.0.1.8 - Dell Inc.) HiddenPreboot Manager (Version: 03.05.00.043 - Wave Systems Corp.) HiddenPrivate Information Manager (Version: 07.03.00.032 - Wave Systems Corp.) HiddenShared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)SI TSS (Version: 2.1.41 - Security Innovation) HiddenSPBA (WBF) 5.9 (Version: 5.9.7.7232 - Authentec Inc.) HiddenST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0036 - ST Microelectronics)toolkit32for64bit (x32 Version: 7.70.13.0001 - Wave Systems Corp) HiddenTrusted Drive Manager (Version: 5.0.2.24 - Wave Systems Corp.) HiddenWave Crypto Runtime 2.0.9.0 x64 (Version: 02.00.09.0000 - Wave Systems Corp) HiddenWave Crypto Runtime 2.0.9.0 x86 (x32 Version: 02.00.09.0000 - Wave Systems Corp) HiddenWave Infrastructure Installer (Version: 07.70.13.0001 - Wave Systems Corp) HiddenWave Support Software Installer (Version: 05.15.00.024 - Wave Systems Corp) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2824077954-1205789865-475378249-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Bruce\AppData\Local\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)CustomCLSID: HKU\S-1-5-21-2824077954-1205789865-475378249-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Bruce\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2824077954-1205789865-475378249-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Bruce\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2824077954-1205789865-475378249-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Bruce\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2824077954-1205789865-475378249-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Bruce\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2824077954-1205789865-475378249-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Bruce\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 16-12-2014 12:27:57 Windows Update19-12-2014 03:00:49 Windows Update22-12-2014 10:36:02 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2014-12-17 10:31 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0283D675-A909-4AF6-A525-9EF0E6F06778} - System32\Tasks\HPCustParticipation HP Officejet 6600 => C:\Program Files\HP\HP Officejet 6600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)Task: {0C643862-B915-41C7-AF33-71B74D2E9704} - System32\Tasks\GoogleUpdateTaskMachineUA1cfec798f61a5d8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)Task: {6EFFB1B2-D91B-450B-86C4-68B60C4D476D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {855EC0FE-8BC1-48EA-865C-FA5E6A1CDF5A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)Task: {90021312-B630-498F-886A-D09115673ED0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-10-22] (Microsoft Corporation)Task: {A0256E65-FB98-4598-B0E6-9F1E16D220A0} - System32\Tasks\WSCEAA => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\WSCEAA.exe [2012-11-28] (Wave Systems Corp.)Task: {A80D771F-3B49-4B38-BBA2-55AE156284A4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)Task: {DCCCD4F9-4868-4305-AC1B-5D1F73547A8A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)Task: {F1624DE0-E55E-4FBE-B7CC-7C9954C80746} - System32\Tasks\G2MUpdateTask-S-1-5-21-2824077954-1205789865-475378249-1000 => C:\Users\Bruce\AppData\Local\Citrix\GoToMeeting\2130\g2mupdate.exe [2014-12-20] (Citrix Online, a division of Citrix Systems, Inc.)Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2824077954-1205789865-475378249-1000.job => C:\Users\Bruce\AppData\Local\Citrix\GoToMeeting\2130\g2mupdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfec798f61a5d8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-10-10 20:04 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll2013-03-11 09:05 - 2013-03-11 09:05 - 00231792 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe2013-03-11 09:04 - 2013-03-11 09:04 - 00039280 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\DeviceStatus.dll2012-05-11 08:47 - 2012-05-11 08:47 - 00003072 _____ () C:\Program Files (x86)\Security Innovation\SI TSS\bin\TspPopup_ENU.dll2014-10-10 20:21 - 2014-09-23 07:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll2014-09-29 12:07 - 2012-02-01 15:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2014-12-17 11:57 - 2014-12-17 11:57 - 00098816 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\win32api.pyd2014-12-17 11:57 - 2014-12-17 11:57 - 00110080 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\pywintypes27.dll2014-12-17 11:57 - 2014-12-17 11:57 - 00364544 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\pythoncom27.dll2014-12-17 11:57 - 2014-12-17 11:57 - 00045568 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\_socket.pyd2014-12-17 11:57 - 2014-12-17 11:57 - 01160704 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\_ssl.pyd2014-12-17 11:57 - 2014-12-17 11:57 - 00320512 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\win32com.shell.shell.pyd2014-12-17 11:57 - 2014-12-17 11:57 - 00713216 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\_hashlib.pyd2014-12-17 11:57 - 2014-12-17 11:57 - 01175040 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\wx._core_.pyd2014-12-17 11:57 - 2014-12-17 11:57 - 00805888 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\wx._gdi_.pyd2014-12-17 11:57 - 2014-12-17 11:57 - 00811008 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\wx._windows_.pyd2014-12-17 11:57 - 2014-12-17 11:57 - 01062400 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\wx._controls_.pyd2014-12-17 11:57 - 2014-12-17 11:57 - 00735232 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\wx._misc_.pyd2014-12-17 11:57 - 2014-12-17 11:57 - 00128512 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\_elementtree.pyd2014-12-17 11:57 - 2014-12-17 11:57 - 00127488 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\pyexpat.pyd2014-12-17 11:57 - 2014-12-17 11:57 - 00557056 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\pysqlite2._sqlite.pyd2014-12-17 11:57 - 2014-12-17 11:57 - 00087552 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\_ctypes.pyd2014-12-17 11:57 - 2014-12-17 11:57 - 00119808 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\win32file.pyd2014-12-17 11:57 - 2014-12-17 11:57 - 00108544 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\win32security.pyd2014-12-17 11:57 - 2014-12-17 11:57 - 00007168 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\hashobjs_ext.pyd2014-12-17 11:57 - 2014-12-17 11:57 - 00167936 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\win32gui.pyd2014-12-17 11:57 - 2014-12-17 11:57 - 00018432 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\win32event.pyd2014-12-17 11:57 - 2014-12-17 11:57 - 00038912 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\win32inet.pyd2014-12-17 11:57 - 2014-12-17 11:57 - 00011264 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\win32crypt.pyd2014-12-17 11:57 - 2014-12-17 11:57 - 00070656 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\wx._html2.pyd2014-12-17 11:57 - 2014-12-17 11:57 - 00027136 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\_multiprocessing.pyd2014-12-17 11:57 - 2014-12-17 11:57 - 00035840 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\win32process.pyd2014-12-17 11:57 - 2014-12-17 11:57 - 00686080 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\unicodedata.pyd2014-12-17 11:57 - 2014-12-17 11:57 - 00122368 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\wx._wizard.pyd2014-12-17 11:57 - 2014-12-17 11:57 - 00024064 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\win32pipe.pyd2014-12-17 11:57 - 2014-12-17 11:57 - 00025600 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\win32pdh.pyd2014-12-17 11:57 - 2014-12-17 11:57 - 00525640 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\windows._lib_cacheinvalidation.pyd2014-12-17 11:57 - 2014-12-17 11:57 - 00010240 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\select.pyd2014-12-17 11:57 - 2014-12-17 11:57 - 00017408 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\win32profile.pyd2014-12-17 11:57 - 2014-12-17 11:57 - 00022528 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\win32ts.pyd2014-12-17 11:57 - 2014-12-17 11:57 - 00078336 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\wx._animate.pyd2014-10-10 20:21 - 2014-09-23 05:43 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll2014-10-17 02:34 - 2014-10-17 02:34 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\2dace9622c68c6ce58d55a6950eeaa95\IsdiInterop.ni.dll2014-09-29 10:39 - 2012-05-30 12:55 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll2014-09-29 10:34 - 2013-11-13 15:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll2014-12-12 08:19 - 2014-12-05 19:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll2014-12-12 08:19 - 2014-12-05 19:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll2014-12-12 08:19 - 2014-12-05 19:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll2014-12-12 08:19 - 2014-12-05 19:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\54286184.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\54286184.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2824077954-1205789865-475378249-500 - Administrator - Disabled)Bruce (S-1-5-21-2824077954-1205789865-475378249-1000 - Administrator - Enabled) => C:\Users\BruceGuest (S-1-5-21-2824077954-1205789865-475378249-501 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= Name: Broadcom Usbccid Smartcard Reader (WUDF)Description: Broadcom Usbccid Smartcard Reader (WUDF)Class Guid: {50dd5230-ba8a-11d1-bf5d-0000f805f530}Manufacturer: BroadcomService: WUDFRdProblem: : Windows has stopped this device because it has reported problems. (Code 43)Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: Control Vault w/ Fingerprint Swipe SensorDescription: Control Vault w/ Fingerprint Swipe SensorClass Guid: {53d29ef7-377c-4d14-864b-eb3a85769359}Manufacturer: Broadcom CorporationService: WUDFRdProblem: : Windows has stopped this device because it has reported problems. (Code 43)Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Event log errors: ========================= Application errors:==================Error: (12/17/2014 00:16:46 PM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (12/17/2014 00:16:42 PM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (12/17/2014 00:16:42 PM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (12/17/2014 00:12:08 PM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (12/17/2014 00:12:05 PM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (12/17/2014 11:57:24 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/17/2014 11:50:37 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/17/2014 11:50:13 AM) (Source: DellFeatureEnhancementPack) (EventID: 0) (User: )Description: Unable to initialize the DellSmartSettingsSys.dll. Error number = 0xa0000008 Error: (12/17/2014 11:46:20 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program BCOE.EXE version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1234 Start Time: 01d01a2109b1b228 Termination Time: 0 Application Path: \\d1mp8q22\RFMS\BCOE.EXE Report Id: 9651f4f8-8614-11e4-9fa8-f01faf6d6df5 Error: (12/17/2014 10:50:31 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors:=============Error: (12/20/2014 09:43:08 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5} Error: (12/17/2014 00:01:02 PM) (Source: SCardSvr) (EventID: 610) (User: )Description: The handle is invalid.Broadcom Corp Contacted SmartCard 0GET_STATEXX XX XX XX Error: (12/17/2014 11:58:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (12/17/2014 11:56:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The WvPCR service depends on the TPM Base Services service which failed to start because of the following error: %%0 Error: (12/17/2014 11:56:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The SI TSS v1.2.1.41 TCS service depends on the TPM Base Services service which failed to start because of the following error: %%0 Error: (12/17/2014 11:50:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (12/17/2014 11:49:33 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The WvPCR service depends on the TPM Base Services service which failed to start because of the following error: %%0 Error: (12/17/2014 11:49:33 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The SI TSS v1.2.1.41 TCS service depends on the TPM Base Services service which failed to start because of the following error: %%0 Error: (12/17/2014 11:46:07 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {209500FC-6B45-4693-8871-6296C4843751} Error: (12/17/2014 10:51:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Microsoft Office Sessions:=========================Error: (12/17/2014 00:16:46 PM) (Source: SideBySide) (EventID: 80) (User: )Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Bruce\Desktop\esetsmartinstaller_enu.exe Error: (12/17/2014 00:16:42 PM) (Source: SideBySide) (EventID: 80) (User: )Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Bruce\Desktop\esetsmartinstaller_enu.exe Error: (12/17/2014 00:16:42 PM) (Source: SideBySide) (EventID: 80) (User: )Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Bruce\Desktop\esetsmartinstaller_enu.exe Error: (12/17/2014 00:12:08 PM) (Source: SideBySide) (EventID: 80) (User: )Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Bruce\Desktop\esetsmartinstaller_enu.exe Error: (12/17/2014 00:12:05 PM) (Source: SideBySide) (EventID: 80) (User: )Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Bruce\Downloads\esetsmartinstaller_enu.exe Error: (12/17/2014 11:57:24 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/17/2014 11:50:37 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/17/2014 11:50:13 AM) (Source: DellFeatureEnhancementPack) (EventID: 0) (User: )Description: Unable to initialize the DellSmartSettingsSys.dll. Error number = 0xa0000008 Error: (12/17/2014 11:46:20 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: BCOE.EXE0.0.0.0123401d01a2109b1b2280\\d1mp8q22\RFMS\BCOE.EXE9651f4f8-8614-11e4-9fa8-f01faf6d6df5 Error: (12/17/2014 10:50:31 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors:=================================== Date: 2014-12-17 10:29:55.799 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-17 10:29:55.768 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Core i5-3340M CPU @ 2.70GHzPercentage of memory in use: 32%Total physical RAM: 8097.22 MBAvailable physical RAM: 5460.26 MBTotal Pagefile: 16192.63 MBAvailable Pagefile: 13089.22 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.86 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:464.99 GB) (Free:406.13 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 430C7AE3)Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=465 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  3. Hi Adam, Sorry for the delay - I missed your last response! To my knowledge, the computer has been performing very well over the past few days. When I return to work tomorrow I will perform the last FRST scan and post the logs for your review. I cannot thank you enough for all of your assistance!
  4. Thanks again, Adam! 1. I uninstalled McAfee Anti-Virus 2. I reset Google Chrome and Internet Explorer. 3. AdwCleaner[sO].txt: # AdwCleaner v4.105 - Report created 17/12/2014 at 11:55:44# Updated 08/12/2014 by Xplode# Database : 2014-12-16.1 [Live]# Operating System : Windows 7 Professional Service Pack 1 (64 bits)# Username : Bruce - BRUCE-PC# Running from : C:\Users\Bruce\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A} ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17496 -\\ Google Chrome v39.0.2171.95 ************************* AdwCleaner[R0].txt - [857 octets] - [17/12/2014 11:54:06]AdwCleaner[s0].txt - [777 octets] - [17/12/2014 11:55:44] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [836 octets] ########## 4. RKreport_SCN_12172014_120350.log RogueKiller V10.1.0.0 (x64) [Dec 11 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Bruce [Administrator]Mode : Scan -- Date : 12/17/2014 12:03:50 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 12 ¤¤¤[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2824077954-1205789865-475378249-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2824077954-1205789865-475378249-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2824077954-1205789865-475378249-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2824077954-1205789865-475378249-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 1 ¤¤¤[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: TOSHIBA MQ01ACF050 +++++--- User ---[MBR] 6c336b36d1e0ef4a050b7b54bdc793d6[bSP] d2bb226f61196bf6567dd6daa278eb71 : HP MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 750 MB2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1617920 | Size: 476149 MBUser = LL1 ... OKUser = LL2 ... OK 5. ESET Online Scan Log: C:\FRST\Quarantine\C\Users\Bruce\AppData\Local\Temp\update.exe.xBAD Win64/Fleercivet.AA trojan
  5. Thanks, Adam! Copied below is the ComboFix.txt log. The TDSSKiller created 2 logs, both of which are attached here. ComboFix 14-12-14.01 - Bruce 12/17/2014 10:26:39.1.4 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8097.5394 [GMT -6:00]Running from: c:\users\Bruce\Desktop\ComboFix.exeAV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Bruce\AppData\Local\Temp\_MEI41162\_ctypes.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\_elementtree.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\_hashlib.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\_multiprocessing.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\_socket.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\_ssl.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\hashobjs_ext.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\pyexpat.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\pysqlite2._sqlite.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\python27.dllc:\users\Bruce\AppData\Local\Temp\_MEI41162\pythoncom27.dllc:\users\Bruce\AppData\Local\Temp\_MEI41162\PyWinTypes27.dllc:\users\Bruce\AppData\Local\Temp\_MEI41162\select.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\unicodedata.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\win32api.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\win32com.shell.shell.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\win32crypt.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\win32event.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\win32file.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\win32gui.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\win32inet.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\win32pdh.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\win32pipe.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\win32process.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\win32profile.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\win32security.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\win32ts.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\windows._lib_cacheinvalidation.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\wx._animate.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\wx._controls_.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\wx._core_.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\wx._gdi_.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\wx._html2.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\wx._misc_.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\wx._windows_.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\wx._wizard.pydc:\users\Bruce\AppData\Local\Temp\_MEI41162\wxbase294u_net_vc90.dllc:\users\Bruce\AppData\Local\Temp\_MEI41162\wxbase294u_vc90.dllc:\users\Bruce\AppData\Local\Temp\_MEI41162\wxmsw294u_adv_vc90.dllc:\users\Bruce\AppData\Local\Temp\_MEI41162\wxmsw294u_core_vc90.dllc:\users\Bruce\AppData\Local\Temp\_MEI41162\wxmsw294u_html_vc90.dllc:\users\Bruce\AppData\Local\Temp\_MEI41162\wxmsw294u_webview_vc90.dll..((((((((((((((((((((((((( Files Created from 2014-11-17 to 2014-12-17 )))))))))))))))))))))))))))))))..2014-12-17 16:30 . 2014-12-17 16:30 -------- d-----w- c:\users\Default\AppData\Local\temp2014-12-17 14:59 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04D85995-FB1F-4D15-9117-E9DB68778815}\mpengine.dll2014-12-16 18:28 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2014-12-16 02:32 . 2014-12-16 16:04 -------- d-----w- C:\FRST2014-12-15 23:56 . 2014-12-17 16:31 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-12-15 23:54 . 2014-11-21 12:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys2014-12-15 23:54 . 2014-11-21 12:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-12-15 23:54 . 2014-11-21 12:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-12-15 23:54 . 2014-12-15 23:55 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware2014-12-15 23:54 . 2014-12-15 23:54 -------- d-----w- c:\programdata\Malwarebytes2014-12-15 23:54 . 2014-12-15 23:54 -------- d-----w- c:\users\Bruce\AppData\Local\Programs2014-12-15 23:26 . 2014-12-15 23:26 -------- d-----w- c:\windows\system32\appmgmt2014-12-11 09:20 . 2014-12-11 09:20 -------- d-----w- c:\windows\system32\appraiser2014-12-11 09:00 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll2014-12-11 09:00 . 2014-07-07 02:06 206848 ----a-w- c:\windows\system32\mfps.dll2014-12-11 09:00 . 2014-07-07 02:06 55808 ----a-w- c:\windows\system32\rrinstaller.exe2014-12-11 09:00 . 2014-07-07 02:06 24576 ----a-w- c:\windows\system32\mfpmp.exe2014-12-11 09:00 . 2014-07-07 02:02 2048 ----a-w- c:\windows\system32\mferror.dll2014-12-11 09:00 . 2014-07-07 01:40 103424 ----a-w- c:\windows\SysWow64\mfps.dll2014-12-11 09:00 . 2014-07-07 01:39 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe2014-12-11 09:00 . 2014-07-07 01:39 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe2014-12-11 09:00 . 2014-07-07 01:37 2048 ----a-w- c:\windows\SysWow64\mferror.dll2014-12-11 09:00 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll2014-12-10 15:18 . 2014-10-11 00:45 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62EF69D9-35FD-4EEB-ADB5-F6BF91815847}\gapaengine.dll2014-12-10 15:07 . 2014-12-04 02:50 741376 ----a-w- c:\windows\system32\invagent.dll2014-12-10 15:07 . 2014-12-04 02:50 192000 ----a-w- c:\windows\system32\aepic.dll2014-12-10 15:07 . 2014-12-04 02:44 1083392 ----a-w- c:\windows\system32\aeinv.dll2014-12-10 15:07 . 2014-12-01 23:28 1232040 ----a-w- c:\windows\system32\aitstatic.exe2014-12-10 15:07 . 2014-12-04 02:50 413184 ----a-w- c:\windows\system32\generaltel.dll2014-12-10 15:07 . 2014-12-04 02:50 396800 ----a-w- c:\windows\system32\devinv.dll2014-12-10 15:07 . 2014-12-04 02:50 227328 ----a-w- c:\windows\system32\aepdu.dll2014-12-10 15:07 . 2014-11-11 03:09 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll2014-12-10 15:07 . 2014-11-11 02:44 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll2014-12-10 15:07 . 2014-11-11 01:46 119296 ----a-w- c:\windows\system32\drivers\tdx.sys2014-12-10 15:04 . 2014-10-30 02:03 165888 ----a-w- c:\windows\system32\charmap.exe2014-11-24 21:32 . 2014-11-24 21:32 -------- d-----w- c:\program files (x86)\Common Files\Intuit2014-11-24 20:53 . 2014-12-17 16:05 -------- d-----r- c:\users\Bruce\Google Drive2014-11-19 14:15 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll2014-11-19 14:15 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll2014-11-19 14:15 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll2014-11-19 14:15 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-12-11 17:47 . 2014-10-11 04:38 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll2014-12-11 17:46 . 2014-10-11 04:38 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll2014-12-11 17:46 . 2014-10-11 04:38 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll2014-12-11 09:01 . 2014-10-14 03:51 112710672 ----a-w- c:\windows\system32\MRT.exe2014-12-07 06:16 . 2014-10-29 14:34 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll2014-12-07 06:16 . 2014-10-30 06:56 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll2014-12-07 06:16 . 2014-10-30 06:56 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll2014-11-16 21:54 . 2014-10-29 14:34 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll2014-11-02 06:00 . 2014-10-11 04:38 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll2014-10-30 11:25 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe2014-10-25 01:57 . 2014-11-12 15:15 77824 ----a-w- c:\windows\system32\packager.dll2014-10-25 01:32 . 2014-11-12 15:15 67584 ----a-w- c:\windows\SysWow64\packager.dll2014-10-20 15:14 . 2014-09-29 16:30 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-10-20 15:14 . 2014-09-29 16:30 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-10-18 02:05 . 2014-11-12 15:15 861696 ----a-w- c:\windows\system32\oleaut32.dll2014-10-18 01:33 . 2014-11-12 15:15 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll2014-10-14 02:16 . 2014-11-12 15:16 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys2014-10-14 02:13 . 2014-11-12 15:16 683520 ----a-w- c:\windows\system32\termsrv.dll2014-10-14 02:13 . 2014-11-12 15:15 3241984 ----a-w- c:\windows\system32\msi.dll2014-10-14 02:12 . 2014-11-12 15:16 1460736 ----a-w- c:\windows\system32\lsasrv.dll2014-10-14 02:09 . 2014-11-12 15:16 146432 ----a-w- c:\windows\system32\msaudite.dll2014-10-14 02:07 . 2014-11-12 15:16 681984 ----a-w- c:\windows\system32\adtschema.dll2014-10-14 01:50 . 2014-11-12 15:16 22016 ----a-w- c:\windows\SysWow64\secur32.dll2014-10-14 01:50 . 2014-11-12 15:15 2363904 ----a-w- c:\windows\SysWow64\msi.dll2014-10-14 01:49 . 2014-11-12 15:16 96768 ----a-w- c:\windows\SysWow64\sspicli.dll2014-10-14 01:47 . 2014-11-12 15:16 146432 ----a-w- c:\windows\SysWow64\msaudite.dll2014-10-14 01:46 . 2014-11-12 15:16 681984 ----a-w- c:\windows\SysWow64\adtschema.dll2014-10-11 00:45 . 2014-11-02 17:10 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2014-10-10 00:57 . 2014-11-12 15:15 3198976 ----a-w- c:\windows\system32\win32k.sys2014-10-07 09:06 . 2014-10-11 02:20 590536 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe2014-10-03 02:12 . 2014-11-12 15:15 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll2014-10-03 02:11 . 2014-11-12 15:15 284672 ----a-w- c:\windows\system32\EncDump.dll2014-10-03 02:11 . 2014-11-12 15:15 680960 ----a-w- c:\windows\system32\audiosrv.dll2014-10-03 02:11 . 2014-11-12 15:15 440832 ----a-w- c:\windows\system32\AudioEng.dll2014-10-03 02:11 . 2014-11-12 15:15 296448 ----a-w- c:\windows\system32\AudioSes.dll2014-10-03 01:44 . 2014-11-12 15:15 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll2014-10-03 01:44 . 2014-11-12 15:15 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll2014-10-03 01:44 . 2014-11-12 15:15 195584 ----a-w- c:\windows\SysWow64\AudioSes.dll2014-09-29 18:18 . 2014-09-29 18:18 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe2014-09-29 18:18 . 2014-09-29 18:18 778752 ----a-w- c:\windows\system32\mssvp.dll2014-09-29 18:18 . 2014-09-29 18:18 75264 ----a-w- c:\windows\system32\msscntrs.dll2014-09-29 18:18 . 2014-09-29 18:18 666624 ----a-w- c:\windows\SysWow64\mssvp.dll2014-09-29 18:18 . 2014-09-29 18:18 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll2014-09-29 18:18 . 2014-09-29 18:18 591872 ----a-w- c:\windows\system32\SearchIndexer.exe2014-09-29 18:18 . 2014-09-29 18:18 491520 ----a-w- c:\windows\system32\mssph.dll2014-09-29 18:18 . 2014-09-29 18:18 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe2014-09-29 18:18 . 2014-09-29 18:18 337408 ----a-w- c:\windows\SysWow64\mssph.dll2014-09-29 18:18 . 2014-09-29 18:18 288256 ----a-w- c:\windows\system32\mssphtb.dll2014-09-29 18:18 . 2014-09-29 18:18 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe2014-09-29 18:18 . 2014-09-29 18:18 2315776 ----a-w- c:\windows\system32\tquery.dll2014-09-29 18:18 . 2014-09-29 18:18 2223616 ----a-w- c:\windows\system32\mssrch.dll2014-09-29 18:18 . 2014-09-29 18:18 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll2014-09-29 18:18 . 2014-09-29 18:18 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe2014-09-29 18:18 . 2014-09-29 18:18 1549312 ----a-w- c:\windows\SysWow64\tquery.dll2014-09-29 18:18 . 2014-09-29 18:18 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll2014-09-29 18:18 . 2014-09-29 18:18 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe2014-09-29 18:18 . 2014-09-29 18:18 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll2014-09-29 18:18 . 2014-09-29 18:18 2048 ----a-w- c:\windows\system32\msxml6r.dll2014-09-29 18:18 . 2014-09-29 18:18 2002432 ----a-w- c:\windows\system32\msxml6.dll2014-09-29 18:18 . 2014-09-29 18:18 1389056 ----a-w- c:\windows\SysWow64\msxml6.dll2014-09-29 18:18 . 2014-09-29 18:18 70656 ----a-w- c:\windows\SysWow64\fontsub.dll2014-09-29 18:18 . 2014-09-29 18:18 692736 ----a-w- c:\windows\system32\osk.exe2014-09-29 18:18 . 2014-09-29 18:18 646144 ----a-w- c:\windows\SysWow64\osk.exe2014-09-29 18:18 . 2014-09-29 18:18 46080 ----a-w- c:\windows\system32\atmlib.dll2014-09-29 18:18 . 2014-09-29 18:18 41472 ----a-w- c:\windows\system32\lpk.dll2014-09-29 18:18 . 2014-09-29 18:18 368128 ----a-w- c:\windows\system32\atmfd.dll2014-09-29 18:18 . 2014-09-29 18:18 34304 ----a-w- c:\windows\SysWow64\atmlib.dll2014-09-29 18:18 . 2014-09-29 18:18 295424 ----a-w- c:\windows\SysWow64\atmfd.dll2014-09-29 18:18 . 2014-09-29 18:18 25600 ----a-w- c:\windows\SysWow64\lpk.dll2014-09-29 18:18 . 2014-09-29 18:18 1474048 ----a-w- c:\windows\system32\crypt32.dll2014-09-29 18:18 . 2014-09-29 18:18 14336 ----a-w- c:\windows\system32\dciman32.dll2014-09-29 18:18 . 2014-09-29 18:18 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll2014-09-29 18:18 . 2014-09-29 18:18 10240 ----a-w- c:\windows\SysWow64\dciman32.dll2014-09-29 18:18 . 2014-09-29 18:18 100864 ----a-w- c:\windows\system32\fontsub.dll2014-09-29 18:18 . 2014-09-29 18:18 859648 ----a-w- c:\windows\system32\IKEEXT.DLL2014-09-29 18:18 . 2014-09-29 18:18 830464 ----a-w- c:\windows\system32\nshwfp.dll2014-09-29 18:18 . 2014-09-29 18:18 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll2014-09-29 18:18 . 2014-09-29 18:18 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL2014-09-29 18:18 . 2014-09-29 18:18 228864 ----a-w- c:\windows\system32\wwansvc.dll2014-09-29 18:18 . 2014-09-29 18:18 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL2014-09-29 18:18 . 2014-09-29 18:18 197120 ----a-w- c:\windows\system32\credui.dll2014-09-29 18:18 . 2014-09-29 18:18 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll2014-09-29 18:18 . 2014-09-29 18:18 168960 ----a-w- c:\windows\SysWow64\credui.dll2014-09-29 18:18 . 2014-09-29 18:18 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll2014-09-29 18:18 . 2014-09-29 18:18 722944 ----a-w- c:\windows\system32\objsel.dll2014-09-29 18:18 . 2014-09-29 18:18 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll2014-09-29 18:18 . 2014-09-29 18:18 6656 ----a-w- c:\windows\system32\apisetschema.dll2014-09-29 18:18 . 2014-09-29 18:18 57344 ----a-w- c:\windows\system32\cngprovider.dll2014-09-29 18:18 . 2014-09-29 18:18 56832 ----a-w- c:\windows\system32\adprovider.dll2014-09-29 18:18 . 2014-09-29 18:18 5550016 ----a-w- c:\windows\system32\ntoskrnl.exe2014-09-29 18:18 . 2014-09-29 18:18 538112 ----a-w- c:\windows\SysWow64\objsel.dll2014-09-29 18:18 . 2014-09-29 18:18 53760 ----a-w- c:\windows\system32\capiprovider.dll2014-09-29 18:18 . 2014-09-29 18:18 52736 ----a-w- c:\windows\system32\dpapiprovider.dll2014-09-29 18:18 . 2014-09-29 18:18 51200 ----a-w- c:\windows\SysWow64\cngprovider.dll2014-09-29 18:18 . 2014-09-29 18:18 49664 ----a-w- c:\windows\SysWow64\adprovider.dll2014-09-29 18:18 . 2014-09-29 18:18 48128 ----a-w- c:\windows\SysWow64\capiprovider.dll2014-09-29 18:18 . 2014-09-29 18:18 47616 ----a-w- c:\windows\SysWow64\dpapiprovider.dll2014-09-29 18:18 . 2014-09-29 18:18 44544 ----a-w- c:\windows\system32\dimsroam.dll2014-09-29 18:18 . 2014-09-29 18:18 43520 ----a-w- c:\windows\system32\csrsrv.dll2014-09-29 18:18 . 2014-09-29 18:18 424960 ----a-w- c:\windows\system32\KernelBase.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2014-10-11 02:37 222920 ----a-w- c:\users\Bruce\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2014-10-11 02:37 222920 ----a-w- c:\users\Bruce\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2014-10-11 02:37 222920 ----a-w- c:\users\Bruce\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]2014-10-14 16:29 1729752 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]2014-10-14 16:29 1729752 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]2014-10-14 16:29 1729752 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"HP Officejet 6600 (NET)"="c:\program files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-10-21 22869088].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-02-22 292088]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-06-07 56128]"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128].c:\users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-15 507448].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-15 507448].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"DisableCAD"= 1 (0x1).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 WvPCR;WvPCR;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]R3 McAWFwk;McAfee Activation Service;c:\progra~1\COMMON~1\mcafee\actwiz\mcawfwk.exe;c:\progra~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [x]R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDFw7x64.sys [x]R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDRw7x64.sys [x]R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [x]S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [x]S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [x]S2 EmbassyService;EmbassyService;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [x]S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x]S2 McOobeSv2;McAfee OOBE Service2;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x]S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x]S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]S2 PbaDrvSvc_x64;Dell PBA x64 Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [x]S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [x]S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys;c:\windows\SYSNATIVE\Drivers\cvusbdrv.sys [x]S3 dcdbas;System Management Driver;c:\windows\system32\DRIVERS\dcdbas64.sys;c:\windows\SYSNATIVE\DRIVERS\dcdbas64.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjw7x64.sys [x]S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_ACCEL.sys;c:\windows\SYSNATIVE\DRIVERS\ST_ACCEL.sys [x]S3 wbfcvusbdrv;WBF Control Vault;c:\windows\system32\Drivers\wbfcvusbdrv.sys;c:\windows\SYSNATIVE\Drivers\wbfcvusbdrv.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - MBAMSWISSARMY*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-12-12 14:14 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-12-17 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-2824077954-1205789865-475378249-1000.job- c:\users\Bruce\AppData\Local\Citrix\GoToMeeting\2033\g2mupdate.exe [2014-12-03 19:13].2014-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20 15:15].2014-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20 15:15].2014-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cfec798f61a5d8.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20 15:15]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2014-10-11 02:37 261832 ----a-w- c:\users\Bruce\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2014-10-11 02:37 261832 ----a-w- c:\users\Bruce\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2014-10-11 02:37 261832 ----a-w- c:\users\Bruce\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]2014-10-14 18:27 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]2014-10-14 18:27 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]2014-10-14 18:27 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]2013-03-05 19:32 136024 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]2013-03-05 19:32 136024 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Apoint"="c:\program files\DellTPad\Apoint.exe" [2013-02-21 698712]"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-02-05 1702912]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-09 170264]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-09 398616]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-09 440600]"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2012-01-18 7469568]"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2013-03-05 371024]"DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2012-08-15 7077432]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105TCP: DhcpNameServer = 75.75.75.75 75.75.76.76.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Toolbar-Locked - (no file)...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.15".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\windows\system32\o2flash.exec:\program files (x86)\Malwarebytes Anti-Malware\mbam.exec:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe.**************************************************************************.Completion time: 2014-12-17 10:34:54 - machine was rebootedComboFix-quarantined-files.txt 2014-12-17 16:34.Pre-Run: 431,840,055,296 bytes freePost-Run: 431,292,923,904 bytes free.- - End Of File - - D032B7F9226EC66D0F11E6260249A130 TDSSKiller.3.0.0.42_17.12.2014_10.42.28_log.txt TDSSKiller.3.0.0.42_17.12.2014_10.45.07_log.txt
  6. All right, Adam. I've made it through steps 1 and 2 (logs pasted below). I cannot download ComboFix - upon attempting, the result is "Failed - Download error." Please advise! 1. Do you recognise these files? No 2. Fixlog.txt: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01Ran by Bruce at 2014-12-16 09:10:43 Run:1Running from C:\Users\Bruce\DesktopLoaded Profiles: Bruce & (Available profiles: Bruce)Boot Mode: Normal============================================== Content of fixlist:*****************startCloseProcesses:HKLM-x32\...\Run: [] => [X]HKU\S-1-5-21-2824077954-1205789865-475378249-1000\...\Run: [1613486462] => C:\Users\Bruce\AppData\Roaming\mskyls.exeC:\Users\Bruce\AppData\Roaming\mskyls.exeHKU\S-1-5-21-2824077954-1205789865-475378249-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2824077954-1205789865-475378249-1000 -> DefaultScope {E26E4C2D-80B9-49B9-9E08-AAC702DE94CC} URL = SearchScopes: HKU\S-1-5-21-2824077954-1205789865-475378249-1000 -> {E26E4C2D-80B9-49B9-9E08-AAC702DE94CC} URL = CHR HKU\S-1-5-21-2824077954-1205789865-475378249-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path2014-12-15 16:14 - 2014-12-15 16:34 - 00000584 _____ () C:\ProgramData\@system.temp2014-12-15 16:14 - 2014-12-15 16:34 - 00000320 ____H () C:\ProgramData\@system3.att2014-12-15 16:13 - 2014-12-15 20:06 - 00000000 ____D () C:\Users\Bruce\AppData\Roaming\FrameworkUpdate2014-12-15 16:13 - 2014-12-15 16:13 - 00000480 ____H () C:\Users\Bruce\AppData\Roaming\麽鎒駓覜2014-12-15 16:12 - 2014-12-15 16:13 - 00003026 _____ () C:\Windows\System32\Tasks\suyggdf2014-12-15 16:11 - 2014-12-15 16:12 - 00000000 ____D () C:\ProgramData\Windows Genuine AdvantageC:\Users\Bruce\AppData\Local\Temp\01aw1xj0.dllC:\Users\Bruce\AppData\Local\Temp\0cjvn3wc.dllC:\Users\Bruce\AppData\Local\Temp\0olceg2b.dllC:\Users\Bruce\AppData\Local\Temp\0pap3ig4.dllC:\Users\Bruce\AppData\Local\Temp\1larqct3.dllC:\Users\Bruce\AppData\Local\Temp\2ds0ghrp.dllC:\Users\Bruce\AppData\Local\Temp\2ys14syx.dllC:\Users\Bruce\AppData\Local\Temp\3sjrqdx0.dllC:\Users\Bruce\AppData\Local\Temp\3u2rqndq.dllC:\Users\Bruce\AppData\Local\Temp\4cak12ju.dllC:\Users\Bruce\AppData\Local\Temp\4cnh50bs.dllC:\Users\Bruce\AppData\Local\Temp\4mom2j1s.dllC:\Users\Bruce\AppData\Local\Temp\52uknnct.dllC:\Users\Bruce\AppData\Local\Temp\5ilsxins.dllC:\Users\Bruce\AppData\Local\Temp\aoleluz0.dllC:\Users\Bruce\AppData\Local\Temp\b2rsz3ip.dllC:\Users\Bruce\AppData\Local\Temp\bbi1nzqk.dllC:\Users\Bruce\AppData\Local\Temp\cbquw4o0.dllC:\Users\Bruce\AppData\Local\Temp\cdo1198667821.dllC:\Users\Bruce\AppData\Local\Temp\cdo1347323570.dllC:\Users\Bruce\AppData\Local\Temp\co0io4ft.dllC:\Users\Bruce\AppData\Local\Temp\cpkwqt1k.dllC:\Users\Bruce\AppData\Local\Temp\ctbifd0l.dllC:\Users\Bruce\AppData\Local\Temp\ctxut101.dllC:\Users\Bruce\AppData\Local\Temp\cvd1din5.dllC:\Users\Bruce\AppData\Local\Temp\d2af04gj.dllC:\Users\Bruce\AppData\Local\Temp\dcfq51um.dllC:\Users\Bruce\AppData\Local\Temp\dddzqp51.dllC:\Users\Bruce\AppData\Local\Temp\dfjk3sb5.dllC:\Users\Bruce\AppData\Local\Temp\dhp41ljl.dllC:\Users\Bruce\AppData\Local\Temp\ebrudvgc.dllC:\Users\Bruce\AppData\Local\Temp\edofwmea.dllC:\Users\Bruce\AppData\Local\Temp\ewdqgupi.dllC:\Users\Bruce\AppData\Local\Temp\fav2r4xd.dllC:\Users\Bruce\AppData\Local\Temp\fbyxigfo.dllC:\Users\Bruce\AppData\Local\Temp\fp4o3b3w.dllC:\Users\Bruce\AppData\Local\Temp\fzeg2l3m.dllC:\Users\Bruce\AppData\Local\Temp\g2qd3qpy.dllC:\Users\Bruce\AppData\Local\Temp\g3gm3xvd.dllC:\Users\Bruce\AppData\Local\Temp\gmodbaqo.dllC:\Users\Bruce\AppData\Local\Temp\gpe0h4s2.dllC:\Users\Bruce\AppData\Local\Temp\gwqf2f1y.dllC:\Users\Bruce\AppData\Local\Temp\h1yvmful.dllC:\Users\Bruce\AppData\Local\Temp\h4vsa352.dllC:\Users\Bruce\AppData\Local\Temp\hfh5rcmy.dllC:\Users\Bruce\AppData\Local\Temp\hppyca5s.dllC:\Users\Bruce\AppData\Local\Temp\iagwmfpy.dllC:\Users\Bruce\AppData\Local\Temp\in3nxdja.dllC:\Users\Bruce\AppData\Local\Temp\j02nuhwo.dllC:\Users\Bruce\AppData\Local\Temp\jfndicbx.dllC:\Users\Bruce\AppData\Local\Temp\jlour33l.dllC:\Users\Bruce\AppData\Local\Temp\KB18004496.exeC:\Users\Bruce\AppData\Local\Temp\kgnu0vrp.dllC:\Users\Bruce\AppData\Local\Temp\ldyz5ayo.dllC:\Users\Bruce\AppData\Local\Temp\ljmeesn3.dllC:\Users\Bruce\AppData\Local\Temp\lxdzq0av.dllC:\Users\Bruce\AppData\Local\Temp\m3ajvjnj.dllC:\Users\Bruce\AppData\Local\Temp\m5edmxow.dllC:\Users\Bruce\AppData\Local\Temp\mkpmzby2.dllC:\Users\Bruce\AppData\Local\Temp\mzedqmxx.dllC:\Users\Bruce\AppData\Local\Temp\nzxr0hxj.dllC:\Users\Bruce\AppData\Local\Temp\o00ibrcj.dllC:\Users\Bruce\AppData\Local\Temp\o151dvgy.dllC:\Users\Bruce\AppData\Local\Temp\oaluym0d.dllC:\Users\Bruce\AppData\Local\Temp\okcg2wgk.dllC:\Users\Bruce\AppData\Local\Temp\oqrrn4oe.dllC:\Users\Bruce\AppData\Local\Temp\ozgm25j4.dllC:\Users\Bruce\AppData\Local\Temp\pd5q1drr.dllC:\Users\Bruce\AppData\Local\Temp\q3jxhqvx.dllC:\Users\Bruce\AppData\Local\Temp\qfx2p24p.dllC:\Users\Bruce\AppData\Local\Temp\qqxstapm.dllC:\Users\Bruce\AppData\Local\Temp\qsujacgb.dllC:\Users\Bruce\AppData\Local\Temp\rfzddm45.dllC:\Users\Bruce\AppData\Local\Temp\rjl4rvbn.dllC:\Users\Bruce\AppData\Local\Temp\savlsnyd.dllC:\Users\Bruce\AppData\Local\Temp\snzvfgui.dllC:\Users\Bruce\AppData\Local\Temp\solplgqx.dllC:\Users\Bruce\AppData\Local\Temp\spuebldn.dllC:\Users\Bruce\AppData\Local\Temp\syr01jnz.dllC:\Users\Bruce\AppData\Local\Temp\tfdhr5cn.dllC:\Users\Bruce\AppData\Local\Temp\toz5rx4a.dllC:\Users\Bruce\AppData\Local\Temp\tvpdeupd.dllC:\Users\Bruce\AppData\Local\Temp\u3jwbgh4.dllC:\Users\Bruce\AppData\Local\Temp\u45lvdj0.dllC:\Users\Bruce\AppData\Local\Temp\ujifse10.dllC:\Users\Bruce\AppData\Local\Temp\update.exeC:\Users\Bruce\AppData\Local\Temp\vbxetvl2.dllC:\Users\Bruce\AppData\Local\Temp\wbm0skxz.dllC:\Users\Bruce\AppData\Local\Temp\wfuzly1e.dllC:\Users\Bruce\AppData\Local\Temp\wszywdj5.dllC:\Users\Bruce\AppData\Local\Temp\wvscf0fz.dllC:\Users\Bruce\AppData\Local\Temp\xdilb0tw.dllC:\Users\Bruce\AppData\Local\Temp\xdweyzd.exeC:\Users\Bruce\AppData\Local\Temp\xedcb3lb.dllC:\Users\Bruce\AppData\Local\Temp\xmxn22rm.dllC:\Users\Bruce\AppData\Local\Temp\xpywhhqf.dllC:\Users\Bruce\AppData\Local\Temp\xt3knbff.dllC:\Users\Bruce\AppData\Local\Temp\y2a44dwz.dllC:\Users\Bruce\AppData\Local\Temp\yqr4uj1x.dllC:\Users\Bruce\AppData\Local\Temp\z5l13xwn.dllC:\Users\Bruce\AppData\Local\Temp\za22k5ln.dllC:\Users\Bruce\AppData\Local\Temp\zfwfkwdq.dllC:\Users\Bruce\AppData\Local\Temp\zwbo2kli.dllCustomCLSID: HKU\S-1-5-21-2824077954-1205789865-475378249-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?Task: {B3DCF021-A547-4B4F-8148-19E5CE7A8429} - System32\Tasks\suyggdf => C:\Users\Bruce\AppData\Local\Temp\xdweyzdjiepwhd.exe <==== ATTENTIONC:\Users\Bruce\AppData\Local\Temp\xdweyzdjiepwhd.exeCMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:end***************** Processes closed successfully.HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.HKU\S-1-5-21-2824077954-1205789865-475378249-1000\Software\Microsoft\Windows\CurrentVersion\Run\\1613486462 => value deleted successfully."C:\Users\Bruce\AppData\Roaming\mskyls.exe" => File/Directory not found."HKU\S-1-5-21-2824077954-1205789865-475378249-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key not found."HKU\S-1-5-21-2824077954-1205789865-475378249-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully."HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found."HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully."HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.HKU\S-1-5-21-2824077954-1205789865-475378249-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully."HKU\S-1-5-21-2824077954-1205789865-475378249-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E26E4C2D-80B9-49B9-9E08-AAC702DE94CC}" => Key deleted successfully."HKCR\CLSID\{E26E4C2D-80B9-49B9-9E08-AAC702DE94CC}" => Key not found."HKU\S-1-5-21-2824077954-1205789865-475378249-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully.C:\ProgramData\@system.temp => Moved successfully.C:\ProgramData\@system3.att => Moved successfully.C:\Users\Bruce\AppData\Roaming\FrameworkUpdate => Moved successfully.C:\Users\Bruce\AppData\Roaming\麽鎒駓覜 => Moved successfully.C:\Windows\System32\Tasks\suyggdf => Moved successfully.C:\ProgramData\Windows Genuine Advantage => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\01aw1xj0.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\0cjvn3wc.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\0olceg2b.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\0pap3ig4.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\1larqct3.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\2ds0ghrp.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\2ys14syx.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\3sjrqdx0.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\3u2rqndq.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\4cak12ju.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\4cnh50bs.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\4mom2j1s.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\52uknnct.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\5ilsxins.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\aoleluz0.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\b2rsz3ip.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\bbi1nzqk.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\cbquw4o0.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\cdo1198667821.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\cdo1347323570.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\co0io4ft.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\cpkwqt1k.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\ctbifd0l.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\ctxut101.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\cvd1din5.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\d2af04gj.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\dcfq51um.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\dddzqp51.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\dfjk3sb5.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\dhp41ljl.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\ebrudvgc.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\edofwmea.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\ewdqgupi.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\fav2r4xd.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\fbyxigfo.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\fp4o3b3w.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\fzeg2l3m.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\g2qd3qpy.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\g3gm3xvd.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\gmodbaqo.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\gpe0h4s2.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\gwqf2f1y.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\h1yvmful.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\h4vsa352.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\hfh5rcmy.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\hppyca5s.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\iagwmfpy.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\in3nxdja.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\j02nuhwo.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\jfndicbx.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\jlour33l.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\KB18004496.exe => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\kgnu0vrp.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\ldyz5ayo.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\ljmeesn3.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\lxdzq0av.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\m3ajvjnj.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\m5edmxow.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\mkpmzby2.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\mzedqmxx.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\nzxr0hxj.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\o00ibrcj.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\o151dvgy.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\oaluym0d.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\okcg2wgk.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\oqrrn4oe.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\ozgm25j4.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\pd5q1drr.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\q3jxhqvx.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\qfx2p24p.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\qqxstapm.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\qsujacgb.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\rfzddm45.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\rjl4rvbn.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\savlsnyd.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\snzvfgui.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\solplgqx.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\spuebldn.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\syr01jnz.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\tfdhr5cn.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\toz5rx4a.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\tvpdeupd.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\u3jwbgh4.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\u45lvdj0.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\ujifse10.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\update.exe => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\vbxetvl2.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\wbm0skxz.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\wfuzly1e.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\wszywdj5.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\wvscf0fz.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\xdilb0tw.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\xdweyzd.exe => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\xedcb3lb.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\xmxn22rm.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\xpywhhqf.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\xt3knbff.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\y2a44dwz.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\yqr4uj1x.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\z5l13xwn.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\za22k5ln.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\zfwfkwdq.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\zwbo2kli.dll => Moved successfully."HKU\S-1-5-21-2824077954-1205789865-475378249-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B3DCF021-A547-4B4F-8148-19E5CE7A8429}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3DCF021-A547-4B4F-8148-19E5CE7A8429}" => Key deleted successfully.C:\Windows\System32\Tasks\suyggdf not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\suyggdf" => Key deleted successfully."C:\Users\Bruce\AppData\Local\Temp\xdweyzdjiepwhd.exe" => File/Directory not found. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh winsock reset all ========= Sucessfully reset the Winsock Catalog.You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= netsh int ipv4 reset ========= Reseting Global, OK!Reseting Interface, OK!Restart the computer to complete this action. ========= End of CMD: ========= ========= netsh int ipv6 reset ========= Reseting Interface, OK!Restart the computer to complete this action. ========= End of CMD: ========= EmptyTemp: => Removed 17.2 GB temporary data. The system needed a reboot. ==== End of Fixlog ==== 3. MBAM log: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 12/16/2014Scan Time: 10:12:48 AMLogfile: Administrator: Yes Version: 2.00.4.1028Malware Database: v2014.12.16.03Rootkit Database: v2014.12.14.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Bruce Scan Type: Threat ScanResult: CompletedObjects Scanned: 319691Time Elapsed: 8 min, 2 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end)
  7. Well, it still says "fixing is in progress," but this is the content of the fixlog. Should I move ahead with step 2, or wait for FRST to finish up?: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01Ran by Bruce at 2014-12-16 09:10:43 Run:1Running from C:\Users\Bruce\DesktopLoaded Profiles: Bruce & (Available profiles: Bruce)Boot Mode: Normal============================================== Content of fixlist:*****************startCloseProcesses:HKLM-x32\...\Run: [] => [X]HKU\S-1-5-21-2824077954-1205789865-475378249-1000\...\Run: [1613486462] => C:\Users\Bruce\AppData\Roaming\mskyls.exeC:\Users\Bruce\AppData\Roaming\mskyls.exeHKU\S-1-5-21-2824077954-1205789865-475378249-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2824077954-1205789865-475378249-1000 -> DefaultScope {E26E4C2D-80B9-49B9-9E08-AAC702DE94CC} URL = SearchScopes: HKU\S-1-5-21-2824077954-1205789865-475378249-1000 -> {E26E4C2D-80B9-49B9-9E08-AAC702DE94CC} URL = CHR HKU\S-1-5-21-2824077954-1205789865-475378249-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path2014-12-15 16:14 - 2014-12-15 16:34 - 00000584 _____ () C:\ProgramData\@system.temp2014-12-15 16:14 - 2014-12-15 16:34 - 00000320 ____H () C:\ProgramData\@system3.att2014-12-15 16:13 - 2014-12-15 20:06 - 00000000 ____D () C:\Users\Bruce\AppData\Roaming\FrameworkUpdate2014-12-15 16:13 - 2014-12-15 16:13 - 00000480 ____H () C:\Users\Bruce\AppData\Roaming\麽鎒駓覜2014-12-15 16:12 - 2014-12-15 16:13 - 00003026 _____ () C:\Windows\System32\Tasks\suyggdf2014-12-15 16:11 - 2014-12-15 16:12 - 00000000 ____D () C:\ProgramData\Windows Genuine AdvantageC:\Users\Bruce\AppData\Local\Temp\01aw1xj0.dllC:\Users\Bruce\AppData\Local\Temp\0cjvn3wc.dllC:\Users\Bruce\AppData\Local\Temp\0olceg2b.dllC:\Users\Bruce\AppData\Local\Temp\0pap3ig4.dllC:\Users\Bruce\AppData\Local\Temp\1larqct3.dllC:\Users\Bruce\AppData\Local\Temp\2ds0ghrp.dllC:\Users\Bruce\AppData\Local\Temp\2ys14syx.dllC:\Users\Bruce\AppData\Local\Temp\3sjrqdx0.dllC:\Users\Bruce\AppData\Local\Temp\3u2rqndq.dllC:\Users\Bruce\AppData\Local\Temp\4cak12ju.dllC:\Users\Bruce\AppData\Local\Temp\4cnh50bs.dllC:\Users\Bruce\AppData\Local\Temp\4mom2j1s.dllC:\Users\Bruce\AppData\Local\Temp\52uknnct.dllC:\Users\Bruce\AppData\Local\Temp\5ilsxins.dllC:\Users\Bruce\AppData\Local\Temp\aoleluz0.dllC:\Users\Bruce\AppData\Local\Temp\b2rsz3ip.dllC:\Users\Bruce\AppData\Local\Temp\bbi1nzqk.dllC:\Users\Bruce\AppData\Local\Temp\cbquw4o0.dllC:\Users\Bruce\AppData\Local\Temp\cdo1198667821.dllC:\Users\Bruce\AppData\Local\Temp\cdo1347323570.dllC:\Users\Bruce\AppData\Local\Temp\co0io4ft.dllC:\Users\Bruce\AppData\Local\Temp\cpkwqt1k.dllC:\Users\Bruce\AppData\Local\Temp\ctbifd0l.dllC:\Users\Bruce\AppData\Local\Temp\ctxut101.dllC:\Users\Bruce\AppData\Local\Temp\cvd1din5.dllC:\Users\Bruce\AppData\Local\Temp\d2af04gj.dllC:\Users\Bruce\AppData\Local\Temp\dcfq51um.dllC:\Users\Bruce\AppData\Local\Temp\dddzqp51.dllC:\Users\Bruce\AppData\Local\Temp\dfjk3sb5.dllC:\Users\Bruce\AppData\Local\Temp\dhp41ljl.dllC:\Users\Bruce\AppData\Local\Temp\ebrudvgc.dllC:\Users\Bruce\AppData\Local\Temp\edofwmea.dllC:\Users\Bruce\AppData\Local\Temp\ewdqgupi.dllC:\Users\Bruce\AppData\Local\Temp\fav2r4xd.dllC:\Users\Bruce\AppData\Local\Temp\fbyxigfo.dllC:\Users\Bruce\AppData\Local\Temp\fp4o3b3w.dllC:\Users\Bruce\AppData\Local\Temp\fzeg2l3m.dllC:\Users\Bruce\AppData\Local\Temp\g2qd3qpy.dllC:\Users\Bruce\AppData\Local\Temp\g3gm3xvd.dllC:\Users\Bruce\AppData\Local\Temp\gmodbaqo.dllC:\Users\Bruce\AppData\Local\Temp\gpe0h4s2.dllC:\Users\Bruce\AppData\Local\Temp\gwqf2f1y.dllC:\Users\Bruce\AppData\Local\Temp\h1yvmful.dllC:\Users\Bruce\AppData\Local\Temp\h4vsa352.dllC:\Users\Bruce\AppData\Local\Temp\hfh5rcmy.dllC:\Users\Bruce\AppData\Local\Temp\hppyca5s.dllC:\Users\Bruce\AppData\Local\Temp\iagwmfpy.dllC:\Users\Bruce\AppData\Local\Temp\in3nxdja.dllC:\Users\Bruce\AppData\Local\Temp\j02nuhwo.dllC:\Users\Bruce\AppData\Local\Temp\jfndicbx.dllC:\Users\Bruce\AppData\Local\Temp\jlour33l.dllC:\Users\Bruce\AppData\Local\Temp\KB18004496.exeC:\Users\Bruce\AppData\Local\Temp\kgnu0vrp.dllC:\Users\Bruce\AppData\Local\Temp\ldyz5ayo.dllC:\Users\Bruce\AppData\Local\Temp\ljmeesn3.dllC:\Users\Bruce\AppData\Local\Temp\lxdzq0av.dllC:\Users\Bruce\AppData\Local\Temp\m3ajvjnj.dllC:\Users\Bruce\AppData\Local\Temp\m5edmxow.dllC:\Users\Bruce\AppData\Local\Temp\mkpmzby2.dllC:\Users\Bruce\AppData\Local\Temp\mzedqmxx.dllC:\Users\Bruce\AppData\Local\Temp\nzxr0hxj.dllC:\Users\Bruce\AppData\Local\Temp\o00ibrcj.dllC:\Users\Bruce\AppData\Local\Temp\o151dvgy.dllC:\Users\Bruce\AppData\Local\Temp\oaluym0d.dllC:\Users\Bruce\AppData\Local\Temp\okcg2wgk.dllC:\Users\Bruce\AppData\Local\Temp\oqrrn4oe.dllC:\Users\Bruce\AppData\Local\Temp\ozgm25j4.dllC:\Users\Bruce\AppData\Local\Temp\pd5q1drr.dllC:\Users\Bruce\AppData\Local\Temp\q3jxhqvx.dllC:\Users\Bruce\AppData\Local\Temp\qfx2p24p.dllC:\Users\Bruce\AppData\Local\Temp\qqxstapm.dllC:\Users\Bruce\AppData\Local\Temp\qsujacgb.dllC:\Users\Bruce\AppData\Local\Temp\rfzddm45.dllC:\Users\Bruce\AppData\Local\Temp\rjl4rvbn.dllC:\Users\Bruce\AppData\Local\Temp\savlsnyd.dllC:\Users\Bruce\AppData\Local\Temp\snzvfgui.dllC:\Users\Bruce\AppData\Local\Temp\solplgqx.dllC:\Users\Bruce\AppData\Local\Temp\spuebldn.dllC:\Users\Bruce\AppData\Local\Temp\syr01jnz.dllC:\Users\Bruce\AppData\Local\Temp\tfdhr5cn.dllC:\Users\Bruce\AppData\Local\Temp\toz5rx4a.dllC:\Users\Bruce\AppData\Local\Temp\tvpdeupd.dllC:\Users\Bruce\AppData\Local\Temp\u3jwbgh4.dllC:\Users\Bruce\AppData\Local\Temp\u45lvdj0.dllC:\Users\Bruce\AppData\Local\Temp\ujifse10.dllC:\Users\Bruce\AppData\Local\Temp\update.exeC:\Users\Bruce\AppData\Local\Temp\vbxetvl2.dllC:\Users\Bruce\AppData\Local\Temp\wbm0skxz.dllC:\Users\Bruce\AppData\Local\Temp\wfuzly1e.dllC:\Users\Bruce\AppData\Local\Temp\wszywdj5.dllC:\Users\Bruce\AppData\Local\Temp\wvscf0fz.dllC:\Users\Bruce\AppData\Local\Temp\xdilb0tw.dllC:\Users\Bruce\AppData\Local\Temp\xdweyzd.exeC:\Users\Bruce\AppData\Local\Temp\xedcb3lb.dllC:\Users\Bruce\AppData\Local\Temp\xmxn22rm.dllC:\Users\Bruce\AppData\Local\Temp\xpywhhqf.dllC:\Users\Bruce\AppData\Local\Temp\xt3knbff.dllC:\Users\Bruce\AppData\Local\Temp\y2a44dwz.dllC:\Users\Bruce\AppData\Local\Temp\yqr4uj1x.dllC:\Users\Bruce\AppData\Local\Temp\z5l13xwn.dllC:\Users\Bruce\AppData\Local\Temp\za22k5ln.dllC:\Users\Bruce\AppData\Local\Temp\zfwfkwdq.dllC:\Users\Bruce\AppData\Local\Temp\zwbo2kli.dllCustomCLSID: HKU\S-1-5-21-2824077954-1205789865-475378249-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?Task: {B3DCF021-A547-4B4F-8148-19E5CE7A8429} - System32\Tasks\suyggdf => C:\Users\Bruce\AppData\Local\Temp\xdweyzdjiepwhd.exe <==== ATTENTIONC:\Users\Bruce\AppData\Local\Temp\xdweyzdjiepwhd.exeCMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:end***************** Processes closed successfully.HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.HKU\S-1-5-21-2824077954-1205789865-475378249-1000\Software\Microsoft\Windows\CurrentVersion\Run\\1613486462 => value deleted successfully."C:\Users\Bruce\AppData\Roaming\mskyls.exe" => File/Directory not found."HKU\S-1-5-21-2824077954-1205789865-475378249-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key not found."HKU\S-1-5-21-2824077954-1205789865-475378249-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully."HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found."HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully."HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.HKU\S-1-5-21-2824077954-1205789865-475378249-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully."HKU\S-1-5-21-2824077954-1205789865-475378249-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E26E4C2D-80B9-49B9-9E08-AAC702DE94CC}" => Key deleted successfully."HKCR\CLSID\{E26E4C2D-80B9-49B9-9E08-AAC702DE94CC}" => Key not found."HKU\S-1-5-21-2824077954-1205789865-475378249-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully.C:\ProgramData\@system.temp => Moved successfully.C:\ProgramData\@system3.att => Moved successfully.C:\Users\Bruce\AppData\Roaming\FrameworkUpdate => Moved successfully.C:\Users\Bruce\AppData\Roaming\麽鎒駓覜 => Moved successfully.C:\Windows\System32\Tasks\suyggdf => Moved successfully.C:\ProgramData\Windows Genuine Advantage => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\01aw1xj0.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\0cjvn3wc.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\0olceg2b.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\0pap3ig4.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\1larqct3.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\2ds0ghrp.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\2ys14syx.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\3sjrqdx0.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\3u2rqndq.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\4cak12ju.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\4cnh50bs.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\4mom2j1s.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\52uknnct.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\5ilsxins.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\aoleluz0.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\b2rsz3ip.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\bbi1nzqk.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\cbquw4o0.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\cdo1198667821.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\cdo1347323570.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\co0io4ft.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\cpkwqt1k.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\ctbifd0l.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\ctxut101.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\cvd1din5.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\d2af04gj.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\dcfq51um.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\dddzqp51.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\dfjk3sb5.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\dhp41ljl.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\ebrudvgc.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\edofwmea.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\ewdqgupi.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\fav2r4xd.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\fbyxigfo.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\fp4o3b3w.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\fzeg2l3m.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\g2qd3qpy.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\g3gm3xvd.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\gmodbaqo.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\gpe0h4s2.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\gwqf2f1y.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\h1yvmful.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\h4vsa352.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\hfh5rcmy.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\hppyca5s.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\iagwmfpy.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\in3nxdja.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\j02nuhwo.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\jfndicbx.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\jlour33l.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\KB18004496.exe => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\kgnu0vrp.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\ldyz5ayo.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\ljmeesn3.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\lxdzq0av.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\m3ajvjnj.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\m5edmxow.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\mkpmzby2.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\mzedqmxx.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\nzxr0hxj.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\o00ibrcj.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\o151dvgy.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\oaluym0d.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\okcg2wgk.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\oqrrn4oe.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\ozgm25j4.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\pd5q1drr.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\q3jxhqvx.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\qfx2p24p.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\qqxstapm.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\qsujacgb.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\rfzddm45.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\rjl4rvbn.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\savlsnyd.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\snzvfgui.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\solplgqx.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\spuebldn.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\syr01jnz.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\tfdhr5cn.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\toz5rx4a.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\tvpdeupd.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\u3jwbgh4.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\u45lvdj0.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\ujifse10.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\update.exe => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\vbxetvl2.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\wbm0skxz.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\wfuzly1e.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\wszywdj5.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\wvscf0fz.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\xdilb0tw.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\xdweyzd.exe => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\xedcb3lb.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\xmxn22rm.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\xpywhhqf.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\xt3knbff.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\y2a44dwz.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\yqr4uj1x.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\z5l13xwn.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\za22k5ln.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\zfwfkwdq.dll => Moved successfully.C:\Users\Bruce\AppData\Local\Temp\zwbo2kli.dll => Moved successfully."HKU\S-1-5-21-2824077954-1205789865-475378249-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B3DCF021-A547-4B4F-8148-19E5CE7A8429}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3DCF021-A547-4B4F-8148-19E5CE7A8429}" => Key deleted successfully.C:\Windows\System32\Tasks\suyggdf not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\suyggdf" => Key deleted successfully."C:\Users\Bruce\AppData\Local\Temp\xdweyzdjiepwhd.exe" => File/Directory not found. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh winsock reset all ========= Sucessfully reset the Winsock Catalog.You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= netsh int ipv4 reset ========= Reseting Global, OK!Reseting Interface, OK!Restart the computer to complete this action. ========= End of CMD: ========= ========= netsh int ipv6 reset ========= Reseting Interface, OK!Restart the computer to complete this action. ========= End of CMD: =========
  8. Hello, Adam! I'm Caity. Thanks for your assistance. First off, nope - I do not recognize the files listed at the top of your reply. I initiated step 1 (Farbar Fix) about an hour ago and it is still fixing. Does this process normally take this long?
  9. Hello! I noticed the first signs of malware infection around 4:00 today (12/15/14). Advertisement audio repeatedly played on my PC (at work) without any programs being open. I opened task manager and saw multiple internet explorer applications running (from videosearch.org, if I remember correctly), though I never run Explorer. I downloaded malwarebytes and ran a threat scan that never seemed to finish up. It detected 14 threats and checked each step of the process as "done," but, after 1.5 hours, the progress bar never finished up. I restarted the PC in safe mode, then restarted again. I ran a hyper scan with Malwarebytes, which quarantined one item, then restarted again to remove. The explorer applications have ceased, but I am getting continuous alerts stating, "Malicious Website Blocked: C\Windows\SysWOW64\dllhost.exe. I have just downloaded Farbar Recovery Scan Tool and performed a scan (FRST and Addition logs attached here). Potentially related - I get an occasional flickering (duration 5-10 seconds) of open files/programs that started on Saturday night (12/13/14). Addition.txt FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.