infected

[slabadoo]

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 1.6.0_24
Run by Administrator at 21:07:24 on 2013-07-23
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2048.1484 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\taskhost.exe
C:\Windows\notepad.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
mRun: [soundMan] SOUNDMAN.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: mswsock.dll





TCP: NameServer = 192.168.1.1
TCP: Interfaces\{96012D1E-D283-4B2D-9673-98A5C39E8084} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E7B3229C-E3BF-43BA-B601-3CFD6DC6BC42} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.72\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-1-26 176128]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-12-29 383416]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 100328]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2011-4-7 23456]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-2-8 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-15 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-7 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-07-23 22:59:55    --------    d-----w-    c:\users\administrator\appdata\roaming\Malwarebytes
2013-07-23 22:59:36    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-07-23 22:59:36    --------    d-----w-    c:\programdata\Malwarebytes
2013-07-23 22:59:36    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-07-23 22:59:11    --------    d-----w-    c:\users\administrator\appdata\local\Programs
2013-07-23 22:47:31    --------    d-----w-    c:\users\administrator\appdata\local\ElevatedDiagnostics
2013-07-23 21:44:38    --------    d--h--w-    c:\windows\PIF
2013-07-23 21:05:09    --------    d-----w-    c:\users\administrator\appdata\local\Google
2013-07-22 21:51:04    --------    d-sh--w-    c:\windows\system32\%APPDATA%
2013-07-22 19:14:11    60872    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{b7225966-10b6-432a-9834-a4bdc0e93ccb}\offreg.dll
2013-07-22 19:12:52    7143960    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{b7225966-10b6-432a-9834-a4bdc0e93ccb}\mpengine.dll
2013-07-22 13:23:44    7143960    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-07-17 20:58:18    698504    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{485a1527-08c6-486a-a4e6-5347d409c848}\gapaengine.dll
.
==================== Find3M  ====================
.
2013-06-11 21:55:17    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-11 21:55:17    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-02 15:28:50    238872    ------w-    c:\windows\system32\MpSigStub.exe
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: WDC_WD3000HLFS-01G6U4 rev.04.04V06 -> Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86407698]<<
_asm { PUSH EBP; MOV EBP, ESP; MOV EAX, [EBP+0x8]; MOV EAX, [EAX+0x28]; PUSH EBX; MOV EBX, [EAX+0x4]; PUSH ESI; PUSH EDI; MOV EDI, [EBP+0xc]; MOV ESI, [EDI+0x60]; MOV AL, [ESI]; CMP AL, 0x16; JNZ 0x33; PUSH EDI;  }
1 ntkrnlpa!IofCallDriver[0x82E83BAA] -> \Device\Harddisk1\DR1[0x861CB508]
3 CLASSPNP[0x88FDE59E] -> ntkrnlpa!IofCallDriver[0x82E83BAA] -> [0x869505F0]
\Driver\00001575[0x86959428] -> IRP_MJ_CREATE -> 0x86407698
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a;  }
user != kernel MBR !!!
sectors 586072366 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 21:07:50.03 ===============

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 4/7/2011 6:44:28 AM
System Uptime: 7/23/2013 4:10:39 PM (5 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | GA-K8NXP-SLI
Processor: AMD Athlon 64 X2 Dual Core Processor 4200+ | Socket 939 | 2211/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 279 GiB total, 215.532 GiB free.
D: is FIXED (NTFS) - 118 GiB total, 79.478 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 161 GiB total, 55.142 GiB free.
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Officejet 4500 G510n-z
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: adfs
Device ID: ROOT\LEGACY_ADFS\0000
Manufacturer:
Name: adfs
PNP Device ID: ROOT\LEGACY_ADFS\0000
Service: adfs
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
4500_G510nz_Help_Web
4500G510nz_Software_Min
4500G510nz_web
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Web Premium
Adobe CSI CS4
Adobe Default Language CS4
Adobe Dreamweaver CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop 7.0
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader X (10.0.1)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Soundbooth CS4
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
BufferChm
Connect
D3DX10
Download Updater (AOL Inc.)
DriverAgent by eSupport.com
Fiery Remote Scan 5 5.0.2.7
FileZilla Client 3.7.1
Google Chrome
Google Earth Plug-in
Google Update Helper
HP Officejet 4500 G510n-z
Java Auto Updater
Java 6 Update 24
Junk Mail filter update
KeePass Password Safe 1.09
kuler
Macromedia Dreamweaver 8
Macromedia Extension Manager
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.0
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Project 2007 Service Pack 3 (SP3)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MySQL Connector C++ 1.1.2
MySQL Connector J
MySQL Connector Net 6.6.5
MySQL Connector/ODBC 5.2(w)
MySQL Installer
MySQL Workbench 5.2 CE
Network
NVIDIA 3D Vision Controller Driver 310.90
NVIDIA 3D Vision Driver 310.90
NVIDIA Control Panel 310.90
NVIDIA Graphics Driver 310.90
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
QuickTime
Realtek AC'97 Audio
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Suite Shared Configuration CS4
Toolbox
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 1.1.8
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Windows XP Mode
.
==== Event Viewer Messages From Past Week ========
.
7/23/2013 4:11:34 PM, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147024891
7/23/2013 4:11:34 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:  %%-2147024891
7/23/2013 4:11:14 PM, Error: Service Control Manager [7003]  - The Microsoft Network Inspection System service depends the following service: BFE. This service might not be installed.
7/23/2013 4:11:14 PM, Error: Service Control Manager [7003]  - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
7/23/2013 4:11:13 PM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
7/23/2013 4:11:13 PM, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
7/23/2013 4:11:13 PM, Error: Service Control Manager [7000]  - The adfs service failed to start due to the following error:  The system cannot find the file specified.
7/23/2013 4:11:11 PM, Error: Service Control Manager [7000]  - The Microsoft Antimalware Service service failed to start due to the following error:  Access is denied.
7/23/2013 4:11:02 PM, Error: Microsoft-Windows-Kernel-Processor-Power [6]  - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.
7/23/2013 11:27:23 AM, Error: Microsoft-Windows-WHEA-Logger [18]  - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Cache Hierarchy Error Processor ID: 1 The details view of this entry contains further information.
7/23/2013 11:27:19 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000000a (0x000000b0, 0x00000002, 0x00000000, 0x82e1cb04). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072313-59640-01.
7/23/2013 1:30:50 PM, Error: Microsoft-Windows-WHEA-Logger [18]  - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Unknown Error Processor ID: 1 The details view of this entry contains further information.
7/22/2013 5:13:17 PM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 107.
7/22/2013 5:13:17 PM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
.
==== End Of File ===========================


 

[gringo_pr]

Hello slabadoo

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

• Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[s1].txt as well.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

Gringo

[slabadoo]

Hi Gringo,

 

I ran the adwarecleaner and the the JRT and they are posted below. I then opened IE to see if I was still being redirected and I am. if i go to say google and search then click on a link it redirects me to toher site. I also am not able to run my microsoft security essentials as when I try it says I dont have the proper permissions. I am running the adware and JRT programs as administrator which is not the user I typically use. Not sure if that matters but that is where I stand.

 

# AdwCleaner v2.306 - Logfile created 07/24/2013 at 05:54:54
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Administrator - AMD64-3
# Boot Mode : Normal
# Running from : C:\Users\Administrator\Desktop\AdwCleaner.exe
# Option [Delete]


***** [services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Common Files\Software Update Utility

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\rmorse\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2168 octets] - [24/07/2013 05:49:35]
AdwCleaner[s1].txt - [2131 octets] - [24/07/2013 05:54:54]

########## EOF - C:\AdwCleaner[s1].txt - [2191 octets] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.2 (07.22.2013:2)
OS: Windows 7 Professional x86
Ran by Administrator on Wed 07/24/2013 at  5:59:03.99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/24/2013 at  6:00:44.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

[gringo_pr]

Hello slabadoo

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

• Link 1

  Link 2

  Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
• Log from Combofix
• let me know of any problems you may have had
• How is the computer doing now?

Gringo

[slabadoo]

Hi Gringo,

 

Ran the combofix and it says that I still have realtime scanner(s) still active. I checked to be sure the service was turned off and that it was not running. I am afraid to click ok so I am sending you a screenshot of so yuo can see what I am seeing. Please let me know if I should proceed as I am unable to even open microsoft security essentials as it give me "not enough permissions to do so".

 

[slabadoo]

looks like the screenshot didnt go through. Basically the combobox says warning antivirus: Microdoft Security Essentials, Antispyware: Microsoft security essentials. the above real time scannner(s) are still active but ComboFix shall continue to run. Kindly note that this is at your own risk.

 

and the screenshot i tried to send would have showed you that task manager and services show that it is stopped.

thanks,

rick

[gringo_pr]

Hello Rick

As long as you know you have shut down everything that can be shut down go ahead and run it

gringo

[slabadoo]

ok did that! and it seemed to do pretty good. As i mentioned in my original post, I ran all these tools as the admin user. Once I completed everything I and rebooted a couple time to be sure, I checked out going to google to see if I would get redirected. All seemed fine there. I was prompted to do many windows updates so i did that and then decided I should run (MSE) Microsoft security essentials. That failed with the permission issue as it I outlined in a previous post. I then uninstalled it, rebooted and then re-installed it. All seems fine so I ran the (MSE) scan and it didnt find anything wrong. Feeling good about this I decided to logoff and go to my user. All seemed fine there as well except MSE wont start and when I try to start it manually it gives me this error. An error has occured in the program during initialization If this problem continues please contact your system administrator. Error Code: 0x80073b01

 

Any idea how to get MSE working on my user? Also, here is the combofix:

 

ComboFix 13-07-24.02 - Administrator 07/24/2013  16:28:29.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2048.1178 [GMT -7:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\sbotchev\g2mdlhlpx.exe
c:\windows\$NtUninstallKB62806$
c:\windows\$NtUninstallKB62806$\1935832731
c:\windows\$NtUninstallKB62806$\3781104649\@
c:\windows\$NtUninstallKB62806$\3781104649\Desktop.ini
c:\windows\$NtUninstallKB62806$\3781104649\L\00000004.@
c:\windows\$NtUninstallKB62806$\3781104649\L\201d3dde
c:\windows\$NtUninstallKB62806$\3781104649\L\6715e287
c:\windows\$NtUninstallKB62806$\3781104649\L\76603ac3
c:\windows\$NtUninstallKB62806$\3781104649\L\xadqgnnk
c:\windows\$NtUninstallKB62806$\3781104649\U\00000004.@
c:\windows\$NtUninstallKB62806$\3781104649\U\00000008.@
c:\windows\$NtUninstallKB62806$\3781104649\U\000000cb.@
c:\windows\$NtUninstallKB62806$\3781104649\U\80000000.@
c:\windows\$NtUninstallKB62806$\3781104649\U\80000032.@
.
Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected
Restored copy from - The cat found it
.
(((((((((((((((((((((((((   Files Created from 2013-06-24 to 2013-07-24  )))))))))))))))))))))))))))))))
.
.
2013-07-24 23:35 . 2013-07-24 23:37    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2013-07-24 23:35 . 2013-07-24 23:35    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-07-24 23:35 . 2013-07-24 23:35    --------    d-----w-    c:\users\sbotchev\AppData\Local\temp
2013-07-24 23:35 . 2013-07-24 23:35    --------    d-----w-    c:\users\rmorse\AppData\Local\temp
2013-07-24 23:35 . 2013-07-24 23:35    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-07-24 23:26 . 2010-11-20 08:39    187904    ----a-w-    c:\windows\system32\drivers\netbt.sys
2013-07-24 16:01 . 2013-07-24 16:31    --------    d-----w-    c:\users\rmorse\AppData\Local\VirtualStore
2013-07-24 12:59 . 2013-07-24 12:59    --------    d-----w-    c:\windows\ERUNT
2013-07-23 22:59 . 2013-07-23 22:59    --------    d-----w-    c:\users\Administrator\AppData\Roaming\Malwarebytes
2013-07-23 22:59 . 2013-07-23 22:59    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-07-23 22:59 . 2013-07-23 22:59    --------    d-----w-    c:\programdata\Malwarebytes
2013-07-23 22:59 . 2013-04-04 21:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-07-23 22:59 . 2013-07-23 22:59    --------    d-----w-    c:\users\Administrator\AppData\Local\Programs
2013-07-23 22:47 . 2013-07-23 22:48    --------    d-----w-    c:\users\Administrator\AppData\Local\ElevatedDiagnostics
2013-07-23 21:44 . 2013-07-23 21:44    --------    d--h--w-    c:\windows\PIF
2013-07-23 21:05 . 2013-07-23 21:05    --------    d-----w-    c:\users\Administrator\AppData\Local\Google
2013-07-22 21:51 . 2013-07-22 21:51    --------    d-sh--w-    c:\windows\system32\%APPDATA%
2013-07-22 19:14 . 2013-07-22 19:14    60872    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B7225966-10B6-432A-9834-A4BDC0E93CCB}\offreg.dll
2013-07-22 19:12 . 2013-07-02 06:54    7143960    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B7225966-10B6-432A-9834-A4BDC0E93CCB}\mpengine.dll
2013-07-22 14:08 . 2013-07-23 20:37    --------    d-----r-    c:\users\rmorse\Dropbox
2013-07-22 14:06 . 2013-07-24 16:02    --------    d-----w-    c:\users\rmorse\AppData\Roaming\Dropbox
2013-07-22 13:23 . 2013-07-02 06:54    7143960    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-17 20:58 . 2013-07-17 20:57    698504    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{485A1527-08C6-486A-A4E6-5347D409C848}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-21 14:24 . 2011-04-07 16:56    724464    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-11 21:55 . 2012-05-11 12:30    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-11 21:55 . 2011-09-29 12:37    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-24 00:39 . 2011-03-28 23:36    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:28 . 2011-04-07 14:15    238872    ------w-    c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
.
c:\users\sbotchev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-4-7 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2011-04-07 23456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vNICdrv;Iomega Virtual Miniport;c:\windows\system32\DRIVERS\vNICdrv.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-07 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-27 176128]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
HPService    REG_MULTI_SZ       HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 02:20    1173456    ----a-w-    c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-11 21:55]
.
2013-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-20 19:58]
.
2013-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-20 19:58]
.
.
------- Supplementary Scan -------
.
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
c:\users\rmorse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
.
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: WDC_WD3000HLFS-01G6U4 rev.04.04V06 -> Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 586072366 (+255): user != kernel
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3721947400-3051713904-3596865697-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,82,ec,94,45,c1,97,74,43,a0,a7,14,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3f,5b,94,06,1c,9c,7b,48,a6,0f,6b,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\atieclxx.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\SOUNDMAN.EXE
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2013-07-24  16:40:47 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-24 23:40
.
Pre-Run: 230,772,867,072 bytes free
Post-Run: 231,426,244,608 bytes free
.
- - End Of File - - 456AB474657DCE0D5F91FCFD549A3D7D
A36C5E4F47E84449FF07ED3517B43A31
 

[gringo_pr]

Hello slabadoo

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

[slabadoo]

ok did the cf script then rebooted. First thing that came up was that an error that the recycle bin c:\ is corrupt. do you want to empty the recycle bin for this drive. I said yes. then turned back on real time protection for MSE as I had to turn it off to run the script. Then logged out as admin and logged in as my user and got the same MSE client error as before. Here is the cf combofix output file:

 

ComboFix 13-07-24.02 - Administrator 07/25/2013   3:12.2.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2048.929 [GMT -7:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\sbotchev\g2mdlhlpx.exe
c:\windows\$NtUninstallKB62806$\1935832731
c:\windows\$NtUninstallKB62806$\3781104649\@
c:\windows\$NtUninstallKB62806$\3781104649\Desktop.ini
c:\windows\$NtUninstallKB62806$\3781104649\L\00000004.@
c:\windows\$NtUninstallKB62806$\3781104649\L\201d3dde
c:\windows\$NtUninstallKB62806$\3781104649\L\6715e287
c:\windows\$NtUninstallKB62806$\3781104649\L\76603ac3
c:\windows\$NtUninstallKB62806$\3781104649\L\xadqgnnk
c:\windows\$NtUninstallKB62806$\3781104649\U\00000004.@
c:\windows\$NtUninstallKB62806$\3781104649\U\00000008.@
c:\windows\$NtUninstallKB62806$\3781104649\U\000000cb.@
c:\windows\$NtUninstallKB62806$\3781104649\U\80000000.@
c:\windows\$NtUninstallKB62806$\3781104649\U\80000032.@
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-25 to 2013-07-25  )))))))))))))))))))))))))))))))
.
.
2013-07-25 10:19 . 2013-07-25 10:19    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-07-25 10:19 . 2013-07-25 10:19    --------    d-----w-    c:\users\sbotchev\AppData\Local\temp
2013-07-25 10:19 . 2013-07-25 10:19    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-07-25 10:05 . 2013-07-25 10:05    29904    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6BC46FCA-A520-44DA-A3B6-8C95097F5625}\MpKsl785e7d90.sys
2013-07-25 01:45 . 2013-07-25 01:45    698504    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A4B14A0-7F8C-4935-A7A2-177649BA4E54}\gapaengine.dll
2013-07-25 01:45 . 2013-07-02 06:54    7143960    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6BC46FCA-A520-44DA-A3B6-8C95097F5625}\mpengine.dll
2013-07-25 01:43 . 2013-07-25 01:43    --------    d-----w-    C:\0fdba7ca6a3cc6c738428ee6b0b33aa3
2013-07-25 01:06 . 2013-07-25 01:08    --------    d-----w-    c:\windows\system32\MRT
2013-07-25 00:51 . 2013-07-25 00:51    --------    d-----w-    c:\windows\TempEC948A2C-E130-9604-96E1-F02385B3A965-Signatures
2013-07-25 00:41 . 2013-07-25 00:41    --------    d-----w-    c:\users\Administrator\AppData\Local\Microsoft Help
2013-07-25 00:40 . 2013-01-18 14:20    2557728    ----a-w-    c:\windows\system32\nvsvcr.dll
2013-07-25 00:33 . 2013-05-10 03:20    24576    ----a-w-    c:\windows\system32\cryptdlg.dll
2013-07-25 00:33 . 2013-05-08 05:38    1293672    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-07-25 00:33 . 2013-05-06 05:06    3968872    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-07-25 00:33 . 2013-05-06 05:06    3913576    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-07-25 00:33 . 2013-03-19 04:48    38912    ----a-w-    c:\windows\system32\csrsrv.dll
2013-07-25 00:33 . 2013-03-19 02:49    69632    ----a-w-    c:\windows\system32\smss.exe
2013-07-25 00:33 . 2013-06-05 03:05    2347520    ----a-w-    c:\windows\system32\win32k.sys
2013-07-25 00:33 . 2013-03-19 04:53    186368    ----a-w-    c:\windows\system32\wwansvc.dll
2013-07-25 00:33 . 2013-03-19 03:33    40960    ----a-w-    c:\windows\system32\wwanprotdim.dll
2013-07-25 00:33 . 2013-04-26 04:55    492544    ----a-w-    c:\windows\system32\win32spl.dll
2013-07-25 00:30 . 2013-02-27 05:05    101720    ----a-w-    c:\windows\system32\consent.exe
2013-07-25 00:30 . 2013-02-27 04:49    1796096    ----a-w-    c:\windows\system32\authui.dll
2013-07-25 00:30 . 2013-02-27 04:49    47104    ----a-w-    c:\windows\system32\appinfo.dll
2013-07-24 23:35 . 2013-07-25 10:19    --------    d-----w-    c:\users\rmorse\AppData\Local\temp
2013-07-24 23:35 . 2013-07-25 10:19    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2013-07-24 23:26 . 2010-11-20 08:39    187904    ----a-w-    c:\windows\system32\drivers\netbt.sys
2013-07-24 16:01 . 2013-07-24 16:31    --------    d-----w-    c:\users\rmorse\AppData\Local\VirtualStore
2013-07-24 12:59 . 2013-07-24 12:59    --------    d-----w-    c:\windows\ERUNT
2013-07-23 22:59 . 2013-07-23 22:59    --------    d-----w-    c:\users\Administrator\AppData\Roaming\Malwarebytes
2013-07-23 22:59 . 2013-07-23 22:59    --------    d-----w-    c:\programdata\Malwarebytes
2013-07-23 22:59 . 2013-07-23 22:59    --------    d-----w-    c:\users\Administrator\AppData\Local\Programs
2013-07-23 22:47 . 2013-07-23 22:48    --------    d-----w-    c:\users\Administrator\AppData\Local\ElevatedDiagnostics
2013-07-23 21:44 . 2013-07-23 21:44    --------    d--h--w-    c:\windows\PIF
2013-07-23 21:05 . 2013-07-23 21:05    --------    d-----w-    c:\users\Administrator\AppData\Local\Google
2013-07-22 21:51 . 2013-07-22 21:51    --------    d-sh--w-    c:\windows\system32\%APPDATA%
2013-07-22 14:08 . 2013-07-23 20:37    --------    d-----r-    c:\users\rmorse\Dropbox
2013-07-22 14:06 . 2013-07-24 16:02    --------    d-----w-    c:\users\rmorse\AppData\Roaming\Dropbox
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-19 04:50 . 2013-06-19 04:50    211560    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2013-06-19 04:50 . 2013-06-19 04:50    107392    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-11 21:55 . 2012-05-11 12:30    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-11 21:55 . 2011-09-29 12:37    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-24 00:39 . 2011-03-28 23:36    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:28 . 2011-04-07 14:15    238872    ------w-    c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-07-18 995184]
.
c:\users\sbotchev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-4-7 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2011-04-07 23456]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-19 107392]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-07-18 295376]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vNICdrv;Iomega Virtual Miniport;c:\windows\system32\DRIVERS\vNICdrv.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-07 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 MpKsl785e7d90;MpKsl785e7d90;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6BC46FCA-A520-44DA-A3B6-8C95097F5625}\MpKsl785e7d90.sys [2013-07-25 29904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-27 176128]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPFILTER
*NewlyCreated* - MPKSL785E7D90
*NewlyCreated* - NISDRV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
HPService    REG_MULTI_SZ       HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 02:20    1173456    ----a-w-    c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-11 21:55]
.
2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-20 19:58]
.
2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-20 19:58]
.
.
------- Supplementary Scan -------
.
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3721947400-3051713904-3596865697-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,82,ec,94,45,c1,97,74,43,a0,a7,14,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3f,5b,94,06,1c,9c,7b,48,a6,0f,6b,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-25  03:22:03
ComboFix-quarantined-files.txt  2013-07-25 10:22
ComboFix2.txt  2013-07-24 23:40
.
Pre-Run: 230,051,319,808 bytes free
Post-Run: 229,989,421,056 bytes free
.
- - End Of File - - FB6286D24ABA005041880380A934AF32
A36C5E4F47E84449FF07ED3517B43A31
 

[gringo_pr]

Hello slabadoo

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Gringo

[slabadoo]

Here is FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-07-2013
Ran by Administrator (administrator) on 25-07-2013 12:01:26
Running from C:\Users\Administrator\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(AMD) C:\Windows\system32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [soundMan] - SOUNDMAN.EXE [x]
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [intelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1797488 2011-01-07] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM\...\Run: [AdobeCS4ServiceManager] - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [995184 2013-07-18] (Microsoft Corporation)
HKU\rmorse\...\Run: [AIM for Windows] - "C:\Users\rmorse\AppData\Local\AOL\AIM\aim.exe" [ 2012-12-05] (AOL Inc.)
HKU\rmorse\...\Run: [GoToMeeting] - "C:\Program Files\Citrix\GoToMeeting\1082\g2mstart.exe" "/Trigger RunAtLogon" [ 2013-02-21] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\sbotchev\...\RunOnce: [Application Restart #0] - C:\Config.Msi\2b73ea9.rbf /restore [x]
HKU\sbotchev\...\RunOnce: [Application Restart #1] - C:\Program Files\Internet Explorer\iexplore.exe -restart /WERRESTART [ 2010-11-20] (Microsoft Corporation)
HKU\sbotchev\...\RunOnce: [Application Restart #2] - C:\Program Files\Microsoft Security Client\msseces.exe -Recover [ 2013-07-18] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\rmorse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\sbotchev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Docs) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

========================== Services (Whitelisted) =================

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2013-07-18] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-07-18] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2011-04-07] (Phoenix Technologies)
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2008-01-19] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R0 SI3114r; C:\Windows\System32\DRIVERS\SI3114r.sys [116776 2007-10-04] (Silicon Image, Inc)
R0 Si3114r5; C:\Windows\System32\DRIVERS\Si3114r5.sys [210472 2008-04-29] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [19240 2007-10-04] (Silicon Image, Inc)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12200 2008-04-29] (Silicon Image, Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S2 adfs; No ImagePath
S3 catchme; \??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys [x]
S3 vNICdrv; system32\DRIVERS\vNICdrv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-25 12:01 - 2013-07-25 12:01 - 00000000 ____D C:\FRST
2013-07-25 11:59 - 2013-07-25 11:59 - 00000562 _____ C:\Users\Administrator\Desktop\New Text Document.txt
2013-07-25 11:57 - 2013-07-25 11:58 - 01220306 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2013-07-25 11:57 - 2013-07-25 11:57 - 00000179 _____ C:\Users\rmorse\Desktop\hill.txt
2013-07-25 03:24 - 2013-07-25 03:22 - 00013279 _____ C:\Users\Administrator\Desktop\ComboFix.txt
2013-07-25 03:22 - 2013-07-25 03:22 - 00013279 _____ C:\ComboFix.txt
2013-07-25 03:10 - 2013-07-25 03:22 - 00000000 ____D C:\ComboFix
2013-07-25 03:03 - 2000-06-07 20:41 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Administrator\Desktop\JRT.exe
2013-07-25 03:03 - 2000-06-07 20:40 - 00666633 _____ C:\Users\Administrator\Desktop\AdwCleaner.exe
2013-07-24 18:43 - 2013-07-24 18:43 - 00000000 ____D C:\Windows\system32\config\x86
2013-07-24 18:43 - 2013-07-24 18:43 - 00000000 ____D C:\Windows\system32\config\NisDrv
2013-07-24 18:43 - 2013-07-24 18:43 - 00000000 ____D C:\Windows\system32\config\mpfilter
2013-07-24 18:43 - 2013-07-18 20:06 - 00185664 _____ (Microsoft Corporation) C:\Windows\system32\config\EppManifest.dll
2013-07-24 18:43 - 2013-07-18 16:49 - 00008864 _____ (Microsoft Corporation) C:\Windows\system32\config\setupres.dll
2013-07-24 18:06 - 2013-07-24 18:08 - 00000000 ____D C:\Windows\system32\MRT
2013-07-24 17:51 - 2013-07-24 17:51 - 00000000 ____D C:\Windows\TempEC948A2C-E130-9604-96E1-F02385B3A965-Signatures
2013-07-24 17:41 - 2013-07-24 17:41 - 00000000 ____D C:\Users\Administrator\Local Settings\Application Data\Microsoft Help
2013-07-24 17:41 - 2013-07-24 17:41 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\Microsoft Help
2013-07-24 17:40 - 2013-01-18 07:20 - 02557728 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-07-24 17:36 - 2013-07-24 17:36 - 00288046 _____ C:\Windows\msxml4-KB973688-enu.LOG
2013-07-24 17:34 - 2013-06-03 21:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-24 17:34 - 2013-05-26 22:02 - 00981504 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-24 17:34 - 2013-05-26 22:01 - 01231872 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-24 17:34 - 2013-05-26 22:01 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-24 17:34 - 2013-05-26 21:57 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-24 17:34 - 2013-05-26 21:57 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-24 17:34 - 2013-05-26 21:57 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-24 17:34 - 2013-05-26 21:56 - 11020800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-24 17:34 - 2013-05-26 21:56 - 02078208 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-24 17:34 - 2013-05-26 21:56 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-24 17:34 - 2013-05-26 21:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-24 17:34 - 2013-05-26 20:20 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-24 17:34 - 2013-05-12 21:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-07-24 17:34 - 2013-05-12 21:45 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-07-24 17:34 - 2013-05-12 21:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-07-24 17:34 - 2013-05-12 20:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-07-24 17:34 - 2013-05-12 20:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-07-24 17:34 - 2013-05-05 21:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-24 17:34 - 2013-04-25 16:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-07-24 17:34 - 2013-04-17 00:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-07-24 17:34 - 2013-04-12 06:45 - 01211752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-07-24 17:34 - 2013-04-09 22:18 - 00728424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-07-24 17:34 - 2013-04-09 22:18 - 00218984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-07-24 17:34 - 2013-04-09 16:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-24 17:34 - 2013-02-14 21:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-07-24 17:34 - 2013-02-14 21:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-07-24 17:34 - 2013-02-14 20:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-07-24 17:34 - 2013-02-11 20:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-07-24 17:34 - 2013-01-23 21:47 - 00196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-07-24 17:33 - 2013-06-04 20:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-24 17:33 - 2013-05-09 20:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-07-24 17:33 - 2013-05-07 22:38 - 01293672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-07-24 17:33 - 2013-05-05 22:06 - 03968872 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-07-24 17:33 - 2013-05-05 22:06 - 03913576 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-07-24 17:33 - 2013-04-25 21:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-07-24 17:33 - 2013-03-18 21:53 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-07-24 17:33 - 2013-03-18 21:48 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-07-24 17:33 - 2013-03-18 20:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-07-24 17:33 - 2013-03-18 19:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-07-24 17:30 - 2013-02-26 22:05 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-07-24 17:30 - 2013-02-26 21:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-07-24 17:30 - 2013-02-26 21:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-07-24 17:30 - 2013-02-26 21:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-07-24 17:30 - 2013-02-26 21:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-07-24 16:26 - 2010-11-20 01:39 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2013-07-24 16:22 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-24 16:22 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-24 16:22 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-24 16:22 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-24 16:22 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-24 16:22 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-24 16:22 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-24 16:22 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-24 14:17 - 2013-07-24 14:17 - 00159648 _____ C:\Windows\Minidump\072413-32187-01.dmp
2013-07-24 10:44 - 2013-07-25 03:11 - 00000000 ____D C:\Qoobox
2013-07-24 10:43 - 2013-07-24 16:39 - 00000000 ____D C:\Windows\erdnt
2013-07-24 10:42 - 2000-06-08 01:36 - 05092950 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2013-07-24 09:01 - 2013-07-24 09:31 - 00000000 ____D C:\Users\rmorse\AppData\Local\VirtualStore
2013-07-24 09:00 - 2013-07-24 09:01 - 00000000 ____D C:\Users\rmorse\Desktop\malware whatnot
2013-07-24 06:00 - 2013-07-24 06:00 - 00000641 _____ C:\JRT.txt
2013-07-24 05:59 - 2013-07-24 05:59 - 00000000 ____D C:\Windows\ERUNT
2013-07-24 05:54 - 2013-07-24 05:55 - 00002260 _____ C:\AdwCleaner[s1].txt
2013-07-23 21:07 - 2013-07-23 21:07 - 00013943 _____ C:\attach.txt
2013-07-23 21:07 - 2013-07-23 21:07 - 00013175 _____ C:\Users\Administrator\Desktop\dds.txt
2013-07-23 21:06 - 2000-06-07 11:50 - 00688992 ____R (Swearware) C:\Users\Administrator\Desktop\dds.com
2013-07-23 21:06 - 2000-06-07 11:50 - 00688992 _____ (Swearware) C:\Users\Administrator\Desktop\dds.scr
2013-07-23 15:59 - 2013-07-23 15:59 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-07-23 15:59 - 2013-07-23 15:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-23 14:44 - 2013-07-23 14:44 - 00000000 ___HD C:\Windows\PIF
2013-07-23 14:05 - 2013-07-23 14:05 - 00000000 ____D C:\Users\Administrator\Local Settings\Application Data\Google
2013-07-23 14:05 - 2013-07-23 14:05 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\Google
2013-07-23 11:27 - 2013-07-23 11:27 - 00159680 _____ C:\Windows\Minidump\072313-59640-01.dmp
2013-07-23 09:30 - 2013-07-25 08:15 - 00000000 ____D C:\Users\rmorse\Desktop\hillside
2013-07-22 14:51 - 2013-07-22 14:51 - 00000000 __SHD C:\Windows\system32\%APPDATA%
2013-07-22 11:25 - 2013-07-22 11:25 - 00001333 _____ C:\Users\rmorse\Desktop\hra.txt
2013-07-22 11:24 - 2013-07-22 11:24 - 00001299 _____ C:\Users\rmorse\Desktop\hra.csv
2013-07-22 07:08 - 2013-07-25 08:10 - 00000000 ___RD C:\Users\rmorse\Dropbox
2013-07-22 07:08 - 2013-07-22 07:08 - 00001002 _____ C:\Users\rmorse\Desktop\Dropbox.lnk
2013-07-22 07:06 - 2013-07-25 08:16 - 00000000 ____D C:\Users\rmorse\AppData\Roaming\Dropbox
2013-07-22 07:05 - 2013-07-22 07:06 - 32966136 _____ (Dropbox, Inc.) C:\Users\rmorse\Downloads\Dropbox 2.0.26.exe
2013-07-18 17:59 - 2013-07-18 17:59 - 00090784 _____ (Microsoft Corporation) C:\Windows\system32\config\MsMpRes.dll.mui
2013-07-18 17:51 - 2013-07-18 17:51 - 00043680 _____ (Microsoft Corporation) C:\Windows\system32\config\setupres.dll.mui
2013-07-18 17:51 - 2013-07-18 17:51 - 00038048 _____ (Microsoft Corporation) C:\Windows\system32\config\mpevmsg.dll.mui
2013-07-18 17:51 - 2013-07-18 17:51 - 00009376 _____ (Microsoft Corporation) C:\Windows\system32\config\shellext.dll.mui
2013-07-18 17:36 - 2013-07-18 17:36 - 00047776 _____ (Microsoft Corporation) C:\Windows\system32\config\MpAsDesc.dll.mui
2013-07-18 16:49 - 2013-07-18 16:49 - 00016544 _____ (Microsoft Corporation) C:\Windows\system32\config\msseooberes.dll.mui
2013-07-18 10:38 - 2013-07-23 13:26 - 00000774 _____ C:\Users\rmorse\Desktop\BEFORE PINETOP STUFF.txt
2013-07-18 06:59 - 2013-07-18 06:59 - 01889921 _____ C:\Users\rmorse\Downloads\timberla_timberla.sql
2013-07-09 07:23 - 2013-07-09 07:30 - 00000000 ____D C:\Users\rmorse\Desktop\egh
2013-07-08 08:49 - 2013-07-18 11:21 - 00002206 _____ C:\Users\rmorse\Desktop\platiunum.txt
2013-07-02 22:20 - 2013-07-12 06:44 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-02 13:39 - 2013-07-02 13:39 - 00000224 _____ C:\Users\rmorse\Desktop\mail smtp.txt
2013-07-02 02:46 - 2013-07-25 07:15 - 00002881 _____ C:\Users\rmorse\Desktop\12th Sign Hours.txt
2013-07-01 15:59 - 2013-07-01 16:00 - 00000000 ____D C:\Users\rmorse\Desktop\fancyapps-fancyBox-v2.1.5-0-ge2248f4
2013-07-01 15:58 - 2013-07-01 15:58 - 00541026 _____ C:\Users\rmorse\Desktop\fancyapps-fancyBox-v2.1.5-0-ge2248f4.zip
2013-07-01 06:06 - 2013-07-01 11:07 - 00000000 ____D C:\Users\rmorse\Desktop\TLD
2013-07-01 05:53 - 2013-07-01 05:53 - 33578320 _____ (Dropbox, Inc.) C:\Users\rmorse\Downloads\Dropbox 2.2.8.exe
2013-06-28 12:39 - 2013-06-28 12:39 - 00500580 _____ C:\Users\rmorse\Desktop\employee_lunch_63320.jpg.zip
2013-06-28 06:38 - 2013-06-28 06:38 - 01432031 _____ C:\Users\rmorse\Desktop\6-6-12-EGHWalkingCh#250FE68.jpg.zip
2013-06-25 06:20 - 2013-06-25 06:20 - 00008727 _____ C:\Users\rmorse\Desktop\godaddy.txt

==================== One Month Modified Files and Folders =======

2013-07-25 12:01 - 2013-07-25 12:01 - 00000000 ____D C:\FRST
2013-07-25 12:00 - 2013-03-20 12:58 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-25 12:00 - 2011-04-07 06:44 - 01863966 _____ C:\Windows\WindowsUpdate.log
2013-07-25 11:59 - 2013-07-25 11:59 - 00000562 _____ C:\Users\Administrator\Desktop\New Text Document.txt
2013-07-25 11:59 - 2013-02-17 18:08 - 00000000 ___RD C:\Users\rmorse\Desktop
2013-07-25 11:59 - 2011-04-07 10:12 - 00000000 ___RD C:\Users\Administrator\Desktop
2013-07-25 11:58 - 2013-07-25 11:57 - 01220306 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2013-07-25 11:57 - 2013-07-25 11:57 - 00000179 _____ C:\Users\rmorse\Desktop\hill.txt
2013-07-25 11:55 - 2012-05-11 05:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-25 11:19 - 2013-03-20 12:58 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-25 08:16 - 2013-07-22 07:06 - 00000000 ____D C:\Users\rmorse\AppData\Roaming\Dropbox
2013-07-25 08:15 - 2013-07-23 09:30 - 00000000 ____D C:\Users\rmorse\Desktop\hillside
2013-07-25 08:10 - 2013-07-22 07:08 - 00000000 ___RD C:\Users\rmorse\Dropbox
2013-07-25 07:15 - 2013-07-02 02:46 - 00002881 _____ C:\Users\rmorse\Desktop\12th Sign Hours.txt
2013-07-25 06:19 - 2013-02-20 13:20 - 00000000 ____D C:\Users\rmorse\AppData\Roaming\vlc
2013-07-25 03:36 - 2009-07-13 21:34 - 00013472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-25 03:36 - 2009-07-13 21:34 - 00013472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-25 03:28 - 2013-02-17 18:19 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-25 03:28 - 2011-04-07 12:18 - 00018952 _____ C:\Windows\PFRO.log
2013-07-25 03:28 - 2009-07-13 21:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-25 03:28 - 2009-07-13 21:39 - 00058368 _____ C:\Windows\setupact.log
2013-07-25 03:22 - 2013-07-25 03:24 - 00013279 _____ C:\Users\Administrator\Desktop\ComboFix.txt
2013-07-25 03:22 - 2013-07-25 03:22 - 00013279 _____ C:\ComboFix.txt
2013-07-25 03:22 - 2013-07-25 03:10 - 00000000 ____D C:\ComboFix
2013-07-25 03:20 - 2009-07-13 19:04 - 00000215 _____ C:\Windows\system.ini
2013-07-25 03:11 - 2013-07-24 10:44 - 00000000 ____D C:\Qoobox
2013-07-24 21:17 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\rescache
2013-07-24 19:04 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-24 18:43 - 2013-07-24 18:43 - 00000000 ____D C:\Windows\system32\config\x86
2013-07-24 18:43 - 2013-07-24 18:43 - 00000000 ____D C:\Windows\system32\config\NisDrv
2013-07-24 18:43 - 2013-07-24 18:43 - 00000000 ____D C:\Windows\system32\config\mpfilter
2013-07-24 18:43 - 2011-04-07 09:54 - 00001945 _____ C:\Windows\epplauncher.mif
2013-07-24 18:43 - 2011-04-07 09:53 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-24 18:33 - 2013-02-17 18:08 - 00000000 ___RD C:\Users\rmorse\Virtual Machines
2013-07-24 18:16 - 2009-07-13 19:37 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-24 18:08 - 2013-07-24 18:06 - 00000000 ____D C:\Windows\system32\MRT
2013-07-24 18:04 - 2011-04-07 06:47 - 00747294 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-24 17:59 - 2011-05-07 04:39 - 00000000 ___RD C:\Users\Administrator\Virtual Machines
2013-07-24 17:58 - 2009-07-13 21:33 - 02370720 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-24 17:57 - 2011-04-12 12:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-24 17:56 - 2009-07-14 00:50 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-24 17:56 - 2009-07-13 21:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-24 17:56 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\system32\DriverStore
2013-07-24 17:51 - 2013-07-24 17:51 - 00000000 ____D C:\Windows\TempEC948A2C-E130-9604-96E1-F02385B3A965-Signatures
2013-07-24 17:51 - 2011-04-07 12:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-24 17:41 - 2013-07-24 17:41 - 00000000 ____D C:\Users\Administrator\Local Settings\Application Data\Microsoft Help
2013-07-24 17:41 - 2013-07-24 17:41 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\Microsoft Help
2013-07-24 17:40 - 2013-02-17 18:21 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-07-24 17:36 - 2013-07-24 17:36 - 00288046 _____ C:\Windows\msxml4-KB973688-enu.LOG
2013-07-24 17:35 - 2011-04-07 12:34 - 00000039 _____ C:\Windows\vbaddin.ini
2013-07-24 16:39 - 2013-07-24 10:43 - 00000000 ____D C:\Windows\erdnt
2013-07-24 16:35 - 2011-04-07 06:44 - 00000000 ____D C:\Users\sbotchev
2013-07-24 14:17 - 2013-07-24 14:17 - 00159648 _____ C:\Windows\Minidump\072413-32187-01.dmp
2013-07-24 14:17 - 2011-10-01 06:10 - 274422846 _____ C:\Windows\MEMORY.DMP
2013-07-24 14:17 - 2011-04-18 07:17 - 00000000 ____D C:\Windows\Minidump
2013-07-24 09:31 - 2013-07-24 09:01 - 00000000 ____D C:\Users\rmorse\AppData\Local\VirtualStore
2013-07-24 09:01 - 2013-07-24 09:00 - 00000000 ____D C:\Users\rmorse\Desktop\malware whatnot
2013-07-24 06:00 - 2013-07-24 06:00 - 00000641 _____ C:\JRT.txt
2013-07-24 05:59 - 2013-07-24 05:59 - 00000000 ____D C:\Windows\ERUNT
2013-07-24 05:55 - 2013-07-24 05:54 - 00002260 _____ C:\AdwCleaner[s1].txt
2013-07-23 21:07 - 2013-07-23 21:07 - 00013943 _____ C:\attach.txt
2013-07-23 21:07 - 2013-07-23 21:07 - 00013175 _____ C:\Users\Administrator\Desktop\dds.txt
2013-07-23 16:10 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\Branding
2013-07-23 15:59 - 2013-07-23 15:59 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-07-23 15:59 - 2013-07-23 15:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-23 14:45 - 2011-04-07 10:12 - 00114720 _____ C:\Users\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-07-23 14:45 - 2011-04-07 10:12 - 00114720 _____ C:\Users\ADMINI~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-23 14:44 - 2013-07-23 14:44 - 00000000 ___HD C:\Windows\PIF
2013-07-23 14:05 - 2013-07-23 14:05 - 00000000 ____D C:\Users\Administrator\Local Settings\Application Data\Google
2013-07-23 14:05 - 2013-07-23 14:05 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\Google
2013-07-23 13:37 - 2013-02-18 09:21 - 295252706 _____ C:\Windows\system32\debug.log
2013-07-23 13:26 - 2013-07-18 10:38 - 00000774 _____ C:\Users\rmorse\Desktop\BEFORE PINETOP STUFF.txt
2013-07-23 11:27 - 2013-07-23 11:27 - 00159680 _____ C:\Windows\Minidump\072313-59640-01.dmp
2013-07-22 14:51 - 2013-07-22 14:51 - 00000000 __SHD C:\Windows\system32\%APPDATA%
2013-07-22 11:25 - 2013-07-22 11:25 - 00001333 _____ C:\Users\rmorse\Desktop\hra.txt
2013-07-22 11:24 - 2013-07-22 11:24 - 00001299 _____ C:\Users\rmorse\Desktop\hra.csv
2013-07-22 07:08 - 2013-07-22 07:08 - 00001002 _____ C:\Users\rmorse\Desktop\Dropbox.lnk
2013-07-22 07:08 - 2013-02-17 18:08 - 00000000 ____D C:\Users\rmorse
2013-07-22 07:06 - 2013-07-22 07:05 - 32966136 _____ (Dropbox, Inc.) C:\Users\rmorse\Downloads\Dropbox 2.0.26.exe
2013-07-22 06:12 - 2013-02-18 06:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-18 20:06 - 2013-07-24 18:43 - 00185664 _____ (Microsoft Corporation) C:\Windows\system32\config\EppManifest.dll
2013-07-18 17:59 - 2013-07-18 17:59 - 00090784 _____ (Microsoft Corporation) C:\Windows\system32\config\MsMpRes.dll.mui
2013-07-18 17:51 - 2013-07-18 17:51 - 00043680 _____ (Microsoft Corporation) C:\Windows\system32\config\setupres.dll.mui
2013-07-18 17:51 - 2013-07-18 17:51 - 00038048 _____ (Microsoft Corporation) C:\Windows\system32\config\mpevmsg.dll.mui
2013-07-18 17:51 - 2013-07-18 17:51 - 00009376 _____ (Microsoft Corporation) C:\Windows\system32\config\shellext.dll.mui
2013-07-18 17:36 - 2013-07-18 17:36 - 00047776 _____ (Microsoft Corporation) C:\Windows\system32\config\MpAsDesc.dll.mui
2013-07-18 16:49 - 2013-07-24 18:43 - 00008864 _____ (Microsoft Corporation) C:\Windows\system32\config\setupres.dll
2013-07-18 16:49 - 2013-07-18 16:49 - 00016544 _____ (Microsoft Corporation) C:\Windows\system32\config\msseooberes.dll.mui
2013-07-18 11:21 - 2013-07-08 08:49 - 00002206 _____ C:\Users\rmorse\Desktop\platiunum.txt
2013-07-18 06:59 - 2013-07-18 06:59 - 01889921 _____ C:\Users\rmorse\Downloads\timberla_timberla.sql
2013-07-12 19:26 - 2013-06-14 08:50 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-12 06:44 - 2013-07-02 22:20 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-09 07:30 - 2013-07-09 07:23 - 00000000 ____D C:\Users\rmorse\Desktop\egh
2013-07-02 13:39 - 2013-07-02 13:39 - 00000224 _____ C:\Users\rmorse\Desktop\mail smtp.txt
2013-07-02 13:36 - 2013-02-18 12:31 - 00002016 ____H C:\Users\rmorse\Documents\Default.rdp
2013-07-01 16:00 - 2013-07-01 15:59 - 00000000 ____D C:\Users\rmorse\Desktop\fancyapps-fancyBox-v2.1.5-0-ge2248f4
2013-07-01 15:58 - 2013-07-01 15:58 - 00541026 _____ C:\Users\rmorse\Desktop\fancyapps-fancyBox-v2.1.5-0-ge2248f4.zip
2013-07-01 11:07 - 2013-07-01 06:06 - 00000000 ____D C:\Users\rmorse\Desktop\TLD
2013-07-01 05:53 - 2013-07-01 05:53 - 33578320 _____ (Dropbox, Inc.) C:\Users\rmorse\Downloads\Dropbox 2.2.8.exe
2013-06-28 12:39 - 2013-06-28 12:39 - 00500580 _____ C:\Users\rmorse\Desktop\employee_lunch_63320.jpg.zip
2013-06-28 06:38 - 2013-06-28 06:38 - 01432031 _____ C:\Users\rmorse\Desktop\6-6-12-EGHWalkingCh#250FE68.jpg.zip
2013-06-26 12:53 - 2013-06-24 07:35 - 00000000 ____D C:\Users\rmorse\AppData\Roaming\FileZilla
2013-06-25 06:20 - 2013-06-25 06:20 - 00008727 _____ C:\Users\rmorse\Desktop\godaddy.txt

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Microsoft Security Client\Backup => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client


LastRegBack: 2013-07-23 00:59

==================== End Of Log ============================

 

And here is the Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-07-2013
Ran by Administrator at 2013-07-25 12:02:05
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer (Version: 6.1.1)
4500_G510nz_Help_Web (Version: 000.0.440.000)
4500G510nz_Software_Min (Version: 000.0.423.000)
4500G510nz_web (Version: 000.0.439.000)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.2.443)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.0.0)
Adobe AIR (Version: 2.6.0.19120)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (Version: 2.0)
Adobe Color EU Extra Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Recommended Settings CS4 (Version: 2.0)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
Adobe Contribute CS4 (Version: 5.0)
Adobe Creative Suite 4 Web Premium (Version: 4.0)
Adobe CSI CS4 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Dreamweaver CS4 (Version: 10.0)
Adobe Dynamiclink Support (Version: 1)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Flash CS4 (Version: 10.0)
Adobe Flash CS4 Extension - Flash Lite STI en (Version: 3.0)
Adobe Flash CS4 STI-en (Version: 10.0)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Fonts All (Version: 2.0)
Adobe Illustrator CS4 (Version: 14.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Media Encoder CS4 (Version: 1.0)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Photoshop 7.0 (Version: 7.0)
Adobe Photoshop CS4 (Version: 11.0)
Adobe Photoshop CS4 Support (Version: 11.0)
Adobe Reader X (10.0.1) (Version: 10.0.1)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe Soundbooth CS4 (Version: 2)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
Apple Application Support (Version: 1.5.1)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 2.0.5.0)
BufferChm (Version: 130.0.331.000)
Connect (Version: 1.0.0.1)
D3DX10 (Version: 15.4.2368.0902)
DriverAgent by eSupport.com
Fiery Remote Scan 5 5.0.2.7
FileZilla Client 3.7.1 (Version: 3.7.1)
Google Chrome (Version: 28.0.1500.72)
Google Earth Plug-in (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.153)
HP Officejet 4500 G510n-z (Version: 13.0)
Java Auto Updater (Version: 2.0.3.1)
Java 6 Update 24 (Version: 6.0.240)
Junk Mail filter update (Version: 15.4.3502.0922)
KeePass Password Safe 1.09 (Version: 1.09)
kuler (Version: 2.0)
Macromedia Dreamweaver 8 (Version: 8.0.2)
Macromedia Extension Manager (Version: 1.7.240)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft IntelliPoint 8.0 (Version: 8.01.249.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.202)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Project 2007 Service Pack 3 (SP3)
Microsoft Office Project MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Project Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.3.0216.0)
Microsoft Security Essentials (Version: 4.3.216.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MySQL Connector C++ 1.1.2 (Version: 1.1.2)
MySQL Connector J (Version: 5.1.23)
MySQL Connector Net 6.6.5 (Version: 6.6.5)
MySQL Connector/ODBC 5.2(w) (Version: 5.2.4)
MySQL Installer (Version: 1.1.7.0)
MySQL Workbench 5.2 CE (Version: 5.2.47)
Network (Version: 130.0.550.000)
NVIDIA 3D Vision Controller Driver 310.90 (Version: 310.90)
NVIDIA 3D Vision Driver 311.06 (Version: 311.06)
NVIDIA Control Panel 311.06 (Version: 311.06)
NVIDIA Graphics Driver 311.06 (Version: 311.06)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
PDF Settings CS4 (Version: 9.0)
Photoshop Camera Raw (Version: 5.0)
Pixel Bender Toolkit (Version: 1.0)
QuickTime (Version: 7.69.80.9)
Realtek AC'97 Audio
Scan (Version: 13.0.0.0)
Suite Shared Configuration CS4 (Version: 1.0)
Toolbox (Version: 130.0.648.000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 1.1.8 (Version: 1.1.8)
WebReg (Version: 130.0.132.017)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Mode (Version: 1.3.7600.16423)
 

==================== Restore Points  =========================

24-07-2013 18:41:08 Scheduled Checkpoint
25-07-2013 00:34:53 Windows Update
25-07-2013 01:02:46 Windows Update
25-07-2013 01:06:03 Windows Update

==================== Hosts content: ==========================

2009-07-13 19:04 - 2013-07-24 16:37 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {3958F303-4C5F-40D4-A873-AA4A01ACBC7A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {3B0CECCE-E57B-4DCC-BF93-A65889189C27} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-07-18] (Microsoft Corporation)
Task: {4C2F86BD-5CD4-4159-884E-012682ADC135} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {55613716-3BDE-4F40-8E85-A329DF25F628} - System32\Tasks\{D5543C9C-7563-44E4-AD7A-F52CDB11B8F7} => C:\Program Files\Skype\\Phone\Skype.exe No File
Task: {59A6B446-E4EE-4307-8298-CBA382AB95AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-20] (Google Inc.)
Task: {6FF1FFD1-8C2A-457E-8D79-476BF2CC791B} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-01-07] (Microsoft Corporation)
Task: {9FFB0FFA-6F40-400F-87E5-715CA3712901} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-20] (Google Inc.)
Task: {BBA15ABE-6ABC-4687-877D-46DFCA903DAB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BE730726-C982-47BD-8562-AC4934400846} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {DBA7A827-CAE1-4991-BB56-41B66D596450} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: adfs
Description: adfs
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: adfs
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/25/2013 11:11:01 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 8.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 120c

Start Time: 01ce89621a341c2d

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (07/24/2013 06:51:00 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 8.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 144c

Start Time: 01ce88d8e8ba7381

Termination Time: 13

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (07/24/2013 06:47:23 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 8.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3b8

Start Time: 01ce88d841a6e736

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (07/24/2013 06:12:17 PM) (Source: Microsoft Security Client Setup) (User: AMD64-3)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (07/24/2013 06:11:42 PM) (Source: MsiInstaller) (User: AMD64-3)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: c:\Program Files\Microsoft Security Client\MsMpEng.exe.

Error: (07/24/2013 05:52:10 PM) (Source: Microsoft Security Client Setup) (User: AMD64-3)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (07/24/2013 05:51:50 PM) (Source: MsiInstaller) (User: AMD64-3)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: c:\Program Files\Microsoft Security Client\MsMpEng.exe.

Error: (07/24/2013 06:29:23 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).


System errors:
=============
Error: (07/25/2013 11:10:12 AM) (Source: DCOM) (User: )
Description: {73C9DFA0-750D-11E1-B0C4-0800200C9A66}

Error: (07/25/2013 03:28:57 AM) (Source: Service Control Manager) (User: )
Description: The adfs service failed to start due to the following error:
%%2

Error: (07/25/2013 03:28:16 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)
Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

Error: (07/25/2013 03:20:02 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (07/25/2013 03:16:21 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (07/25/2013 03:11:51 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (07/24/2013 06:45:48 PM) (Source: DCOM) (User: )
Description: {73C9DFA0-750D-11E1-B0C4-0800200C9A66}

Error: (07/24/2013 06:42:14 PM) (Source: Service Control Manager) (User: )
Description: The adfs service failed to start due to the following error:
%%2

Error: (07/24/2013 06:41:58 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)
Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

Error: (07/24/2013 06:35:25 PM) (Source: Service Control Manager) (User: )
Description: The adfs service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (03/18/2013 06:24:07 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/22/2012 01:56:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 96496 seconds with 1560 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 30%
Total physical RAM: 2047.55 MB
Available physical RAM: 1420.52 MB
Total Pagefile: 4095.11 MB
Available Pagefile: 3283.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1886.2 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:279.06 GB) (Free:211.49 GB) NTFS
Drive d: () (Fixed) (Total:118.28 GB) (Free:79.48 GB) NTFS
Drive f: (Drive_D) (Fixed) (Total:161.18 GB) (Free:57.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 279 GB) (Disk ID: 7F1CA36C)
Partition 1: (Active) - (Size=408 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=279 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 279 GB) (Disk ID: 5E206F84)
Partition 1: (Active) - (Size=118 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=161 GB) - (Type=05)

==================== End Of Log ============================

[gringo_pr]

Hello slabadoo

I need you to download this script I have made for you --> fixlist.txt

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.

When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Gringo

[slabadoo]

Here ya go:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-07-2013
Ran by Administrator at 2013-07-25 19:23:42 Run:1
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal

==============================================

Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.
"C:\Program Files\Microsoft Security Client\Backup" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Drivers" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\en-us" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.
"C:\Windows\system64" => Not Found

=========  Dir /b /a:l "C:\Program Files" /s =========

File Not Found

========= End of CMD: =========



The system needs a manual reboot.

==== End of Fixlog ====

[slabadoo]

Also I forgot to add:

 

So i did a restart and logged back in as the administrator user just as I always have. The first thing that popped up what the MSE Client error I refer to in my post. This is different then before as it usually only gave me the error when I logged into my normal user. Then I logged into my usual user and the same erro came up.

Thanks,
Rick

[gringo_pr]

Hello Rick

At this time lets try uninstalling MSE and reinstalling it

Gringo

[slabadoo]

ok I uninstalled and reinstalled and now it works on both users. Aside from that the only thing I see as being odd is IE is not running as it typically would. Slow, not loading pages or stopping in the middle of a load. I have to use task manager to quit it. also, I have not yet since I re-installed MSE seen it but I have experienced permission issues in some case of deleting. Thoughts?

Thanks,

Rick

[gringo_pr]

Hello Rich

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737

Then I want you to do the following

• Start Internet Explorer.
• click on "safety"
• click on "Delete Browsing History"
• make sure all boxes are checked
• click on "Delete"
• click on "Tools",
• click "Internet Options".
• On the "Advanced" tab, click "Reset"
• put a check mark next to "Delete Personal Settings"
• click "Reset" to confirm
• when complete click the "Close" button
• restart IE

Gringo

[slabadoo]

All seems to do fine when I do it logged in as admin but when I go to my user i am able to do the fixit but I don't have access to safety or internet options. It seems to be my user that is still having some issues. Also, I still have to force close through task manager to close IE. and I can still see hour glass like it is trying to think during IE browser session. What next?

Thanks

Rick

[gringo_pr]

Hello slabadoo

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
• Put a checkmark beside loaded modules.
• A reboot will be needed to apply the changes. Do it.
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
• Then click on Change parameters in TDSSKiller.
• Check all boxes then click OK.
• Click the Start Scan button.
• The scan should take no longer than 2 minutes.
• If a suspicious object is detected, the default action will be Skip, click on Continue.
• If malicious objects are found, they will show in the Scan results
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

• more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

  Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

  If the forum still complains about it being to long send me everything that is at the end of the report after where it says

  ==================

  Scan finished

  ==================

and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit

• Quit all programs that you may have started.
• Please disconnect any external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select "Run as Administrator to start"
• For Windows XP, double-click to start.
• Wait until Prescan has finished ...
• Then Click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• click on "delete"
• Wait until the Status box shows "Deleting Finished"
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
• the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
• Exit/Close RogueKiller+

send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo

[slabadoo]

Hi Gringo,

 

Before I start these - should I do this from the administrator user like I have for everything or my normal user? I'm assuming I keep doing this as administrator user but need to be sure.

Thanks,

Rick

[gringo_pr]

AS the admin should be best

Gringo

[slabadoo]

ok, did that, logged back in to my normal user and IE still seems to be hanging up, ad to force close again. Here are the reports:There were 2 RK files that were made and neither one of them are RKreport[2] so so I am giving them both to you.

#1:

 

RogueKiller V8.6.3 [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Scan -- Date : 07/27/2013 15:11:45
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[EXT RUN][sUSP PATH] HKLM\ON_D:\[...]\Run : snp2uvc (C:\WINDOWS\vsnp2uvc.exe [x]) -> FOUND
[EXT RUN][sUSP PATH] HKLM\ON_D:\[...]\Run : tsnp2uvc (C:\WINDOWS\tsnp2uvc.exe [x]) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM
 C:\WINDOWS\system32
 C:\Documents and Settings\Art\Start Menu\Programs\Startup
-> D:\windows\system32\config\SOFTWARE
 C:\WINDOWS\system32
 C:\Documents and Settings\Art\Start Menu\Programs\Startup
-> D:\windows\system32\config\SECURITY
 C:\WINDOWS\system32
 C:\Documents and Settings\Art\Start Menu\Programs\Startup
-> D:\windows\system32\config\SAM
 C:\WINDOWS\system32
 C:\Documents and Settings\Art\Start Menu\Programs\Startup
-> D:\windows\system32\config\DEFAULT
 C:\WINDOWS\system32
 C:\Documents and Settings\Art\Start Menu\Programs\Startup
-> D:\Documents and Settings\All Users\NTUSER.DAT
 C:\WINDOWS\system32
 
-> D:\Documents and Settings\Art\NTUSER.DAT
 C:\WINDOWS\system32
 C:\Documents and Settings\Art\Start Menu\Programs\Startup
-> D:\Documents and Settings\Default User\NTUSER.DAT
 C:\WINDOWS\system32
 C:\Documents and Settings\Default User\Start Menu\Programs\Startup
-> D:\Documents and Settings\LocalService\NTUSER.DAT
 C:\WINDOWS\system32
 C:\Documents and Settings\LocalService\Start Menu\Programs\Startup
-> D:\Documents and Settings\NetworkService\NTUSER.DAT
 C:\WINDOWS\system32
 C:\Documents and Settings\NetworkService\Start Menu\Programs\Startup
-> D:\Documents and Settings\rmorse\NTUSER.DAT
 C:\WINDOWS\system32
 C:\Documents and Settings\rmorse\Start Menu\Programs\Startup

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3000HLFS-01G6U4 ATA Device +++++
--- User ---
[MBR] 42ed27dd02e82698b14b37f339e910a9
[bSP] fc150143eb786d619e4f97d31dbac097 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 407 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 835380 | Size: 285757 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1:  +++++
--- User ---
[MBR] 155d364f56856619c5b628cfed9e41b8
[bSP] 91fe29c04944f98d447c1036ef8e7846 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 121115 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 248043600 | Size: 165050 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_07272013_151145.txt >>


#2:

 

RogueKiller V8.6.3 [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Remove -- Date : 07/27/2013 15:12:26
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[EXT RUN][sUSP PATH] HKLM\ON_D:\[...]\Run : snp2uvc (C:\WINDOWS\vsnp2uvc.exe [x]) -> DELETED
[EXT RUN][sUSP PATH] HKLM\ON_D:\[...]\Run : tsnp2uvc (C:\WINDOWS\tsnp2uvc.exe [x]) -> DELETED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM
 C:\WINDOWS\system32
 C:\Documents and Settings\Art\Start Menu\Programs\Startup
-> D:\windows\system32\config\SOFTWARE
 C:\WINDOWS\system32
 C:\Documents and Settings\Art\Start Menu\Programs\Startup
-> D:\windows\system32\config\SECURITY
 C:\WINDOWS\system32
 C:\Documents and Settings\Art\Start Menu\Programs\Startup
-> D:\windows\system32\config\SAM
 C:\WINDOWS\system32
 C:\Documents and Settings\Art\Start Menu\Programs\Startup
-> D:\windows\system32\config\DEFAULT
 C:\WINDOWS\system32
 C:\Documents and Settings\Art\Start Menu\Programs\Startup
-> D:\Documents and Settings\All Users\NTUSER.DAT
 C:\WINDOWS\system32
 
-> D:\Documents and Settings\Art\NTUSER.DAT
 C:\WINDOWS\system32
 C:\Documents and Settings\Art\Start Menu\Programs\Startup
-> D:\Documents and Settings\Default User\NTUSER.DAT
 C:\WINDOWS\system32
 C:\Documents and Settings\Default User\Start Menu\Programs\Startup
-> D:\Documents and Settings\LocalService\NTUSER.DAT
 C:\WINDOWS\system32
 C:\Documents and Settings\LocalService\Start Menu\Programs\Startup
-> D:\Documents and Settings\NetworkService\NTUSER.DAT
 C:\WINDOWS\system32
 C:\Documents and Settings\NetworkService\Start Menu\Programs\Startup
-> D:\Documents and Settings\rmorse\NTUSER.DAT
 C:\WINDOWS\system32
 C:\Documents and Settings\rmorse\Start Menu\Programs\Startup

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3000HLFS-01G6U4 ATA Device +++++
--- User ---
[MBR] 42ed27dd02e82698b14b37f339e910a9
[bSP] fc150143eb786d619e4f97d31dbac097 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 407 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 835380 | Size: 285757 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1:  +++++
--- User ---
[MBR] 155d364f56856619c5b628cfed9e41b8
[bSP] 91fe29c04944f98d447c1036ef8e7846 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 121115 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 248043600 | Size: 165050 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_07272013_151226.txt >>
RKreport[0]_S_07272013_151145.txt

the TDSSKiller was to large to put here as I got an error during posting. I wil try to post it in the next one.

 

Thanks,

Rick

 

 

[slabadoo]

still wouldnt let me post it so I am providing what you asked in that case which is wwverything after scan finished:

 

15:02:36.0972 3460  ============================================================
15:02:36.0972 3460  Scan finished
15:02:36.0972 3460  ============================================================
15:02:36.0988 1776  Detected object count: 4
15:02:36.0988 1776  Actual detected object count: 4
15:03:36.0425 1776  DrvAgent32 ( UnsignedFile.Multi.Generic ) - skipped by user
15:03:36.0425 1776  DrvAgent32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:03:36.0425 1776  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
15:03:36.0425 1776  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:03:36.0441 1776  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:03:36.0441 1776  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:03:36.0441 1776  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:03:36.0441 1776  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:04:06.0863 3604  Deinitialize success

[gringo_pr]

Hello slabadoo

User account

I would like you to go to this page - Troubleshooting and Internet Explorer’s (No Add-ons) Mode

Step 1 is going to show you how to run IE without any add/ons, If by running IE this way the problem goes away Then we can go to step 2

Step 2 will show you how to find the add/on that is causing the problem and then how to remove it

Gringo