hbailey01 Posted August 26, 2013 ID:721029 Share Posted August 26, 2013 Malwarebytes finds the threat and says it's deleted, but it comes right back. MBAR finds nothing:Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.08.26.05Windows 7 Service Pack 1 x64 NTFSInternet Explorer 8.0.7601.17514heatherbailey :: LT430HBAILEY [administrator]8/26/2013 3:49:42 PMmbam-log-2013-08-26 (15-49-42).txtScan type: Full scan (C:\|D:\|F:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 483520Time elapsed: 1 hour(s), 4 minute(s), 9 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 1HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Google Update (Trojan.Zaccess) -> Data: -> Quarantined and deleted successfully.Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
MrCharlie Posted August 26, 2013 ID:721043 Share Posted August 26, 2013 Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system)Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.MrC Link to post Share on other sites More sharing options...
hbailey01 Posted August 27, 2013 Author ID:721255 Share Posted August 27, 2013 Thank you for the response. Here are the results: Also, I ran this program yesterday in an attempt to fix the problem by following your guidance to other members, so the addition.txt file is from yesterday, but the pasted data is from this morning. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-08-2013 01Ran by heatherbailey (administrator) on 27-08-2013 08:51:40Running from C:\Users\heatherbailey\Desktop\FIXWindows 7 Professional Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 8Boot Mode: Normal==================== Processes (Whitelisted) =================(Lenovo.) C:\Windows\system32\ibmpmsvc.exe(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe(Microsoft Corporation) C:\Windows\system32\WLANExt.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe(Intel Corporation) C:\Windows\system32\igfxext.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPUIManager.exe(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Lenovo) C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe(Microsoft Corporation) C:\Windows\splwow64.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Microsoft Corporation) C:\Windows\sysWow64\SearchProtocolHost.exe(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE==================== Registry (Whitelisted) ==================HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTIONHKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTIONHKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [719672 2012-01-20] (Microsoft Corporation)HKCU\...\Run: [uploader] - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [122984 2013-05-30] (Seagate Technology LLC)HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)HKCU\...\RunOnce: [uninstall C:\Users\heatherbailey\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\heatherbailey\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64" [345088 2010-11-20] (Microsoft Corporation)HKCU\...\RunOnce: [uninstall C:\Users\heatherbailey\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\heatherbailey\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314" [345088 2010-11-20] (Microsoft Corporation)HKLM-x32\...\Run: [] - [x]HKU\davidsibley_da\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-17] (Lenovo)HKU\davidsibley_da\...\RunOnce: [] - [x]HKU\davidsibley_da\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [x]HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-17] (Lenovo)HKU\Default\...\RunOnce: [] - [x]HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [x]HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-17] (Lenovo)HKU\Default User\...\RunOnce: [] - [x]HKU\Default User\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [x]Startup: C:\Users\heatherbailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)==================== Internet (Whitelisted) ====================ProxyServer: 192.168.1.4:8080HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMBHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/webhp?hl=enHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpadStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileDPF: HKLM {615A1925-0E5B-4767-A65E-3165AEAC32A3} http://quickscan.bitdefender.com/qsax/qsax64.cabDPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cabDPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP7-15458/webex/ieatgpc1.cabDPF: HKLM-x32 {E87F6C8E-16C0-11D3-BEF7-009027438003} https://hdapps.homedepot.com/IKSWEB/XUpload.ocxTcpip\Parameters: [DhcpNameServer] 192.168.1.86 10.10.20.10Chrome:=======CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\pdf.dll ()CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)CHR Plugin: (Java Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\heatherbailey\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)CHR Extension: (Google Docs) - C:\Users\HEATHE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0CHR Extension: (Google Drive) - C:\Users\HEATHE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0CHR Extension: (YouTube) - C:\Users\HEATHE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0CHR Extension: (Google Search) - C:\Users\HEATHE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0CHR Extension: (Google Wallet Service) - C:\Users\HEATHE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0CHR Extension: (Gmail) - C:\Users\HEATHE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0==================== Services (Whitelisted) =================R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108456 2012-12-07] (Symantec Corporation)R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108456 2012-12-07] (Symantec Corporation)S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-15] (Lenovo.)R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited)R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)S3 LiveUpdate; C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE [3093944 2011-02-07] (Symantec Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-05-24] (Nitro PDF Software)R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2013-05-30] (Seagate Technology LLC)R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3250392 2012-12-07] (Symantec Corporation)S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [428976 2012-12-07] (Symantec Corporation)S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1846592 2012-12-07] (Symantec Corporation)R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)==================== Drivers (Whitelisted) ====================R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-08-21] (Symantec Corporation)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-08-21] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-08-21] (Symantec Corporation)R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows ® Win 7 DDK provider)R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-08-20] (GFI Software)R3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130826.001\ENG64.SYS [126040 2013-07-16] (Symantec Corporation)R3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130826.001\ENG64.SYS [126040 2013-07-16] (Symantec Corporation)R3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130826.001\EX64.SYS [2098776 2013-07-16] (Symantec Corporation)R3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130826.001\EX64.SYS [2098776 2013-07-16] (Symantec Corporation)R1 PHCORE; C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [33344 2012-03-26] (Lenovo Group Limited)R1 SASDIFSV; C:\Users\HEATHE~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Users\HEATHE~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [453240 2012-12-07] (Symantec Corporation)R1 SRTSP; C:\Windows\SysWow64\Drivers\SRTSP64.SYS [453240 2012-12-07] (Symantec Corporation)S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [482424 2012-12-07] (Symantec Corporation)S3 SRTSPL; C:\Windows\SysWow64\Drivers\SRTSPL64.SYS [482424 2012-12-07] (Symantec Corporation)R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32376 2012-12-07] (Symantec Corporation)R1 SRTSPX; C:\Windows\SysWow64\Drivers\SRTSPX64.SYS [32376 2012-12-07] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-12-07] (Symantec Corporation)R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-08-26 17:38 - 2013-08-27 08:51 - 00000000 ____D C:\Users\heatherbailey\Desktop\FIX2013-08-26 17:26 - 2013-08-26 17:26 - 00000000 ____D C:\FRST2013-08-26 17:24 - 2013-08-26 17:25 - 01578228 _____ (Farbar) C:\Users\heatherbailey\Desktop\FRST64.exe2013-08-26 17:20 - 2013-08-26 17:23 - 00000000 ____D C:\Users\heatherbailey\Desktop\RK_Quarantine2013-08-26 17:18 - 2013-08-26 17:18 - 03814400 _____ C:\Users\heatherbailey\Desktop\RogueKillerX64.exe2013-08-26 16:57 - 2013-08-26 16:57 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys2013-08-26 12:16 - 2013-08-26 17:50 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-08-26 12:15 - 2013-08-26 17:50 - 00000000 ____D C:\Users\heatherbailey\Desktop\mbar2013-08-26 12:14 - 2013-08-26 12:14 - 12907592 _____ (Malwarebytes Corp.) C:\Users\heatherbailey\Desktop\mbar-1.07.0.1005.exe2013-08-23 16:42 - 2013-08-25 19:08 - 00000000 ____D C:\Users\heatherbailey\Desktop\Floor & Decor2013-08-22 16:14 - 2013-08-23 14:04 - 00000000 ____D C:\Users\HEATHE~1\AppData\Local\CrashDumps2013-08-20 16:01 - 2013-08-27 08:46 - 00001388 _____ C:\Windows\setupact.log2013-08-20 16:01 - 2013-08-20 16:01 - 00000000 _____ C:\Windows\setuperr.log2013-08-20 16:00 - 2013-08-20 16:00 - 00000000 ____D C:\Users\rodneymykisen_da\AppData\Roaming\PwrMgr2013-08-20 15:59 - 2013-08-20 15:59 - 04421472 _____ (Symantec Corporation) C:\Users\rodneymykisen_da\Downloads\SymHelp (1).exe2013-08-20 15:57 - 2013-08-20 15:57 - 04421472 _____ (Symantec Corporation) C:\Users\rodneymykisen_da\Downloads\SymHelp.exe2013-08-20 15:51 - 2013-08-20 15:51 - 00000000 ____D C:\Users\rodneymykisen_da\AppData\Roaming\QuickScan2013-08-20 15:42 - 2013-08-20 15:42 - 00000000 ____D C:\Users\rodneymykisen_da\AppData\Local\Google2013-08-20 13:18 - 2013-08-20 13:18 - 00000000 ____D C:\Users\rodneymykisen_da\AppData\Roaming\LavasoftStatistics2013-08-20 13:09 - 2013-08-20 13:09 - 00000000 ____D C:\ProgramData\Downloaded Installations2013-08-20 13:09 - 2013-08-20 13:09 - 00000000 ____D C:\ProgramData\blekko toolbars2013-08-20 13:09 - 2013-08-20 13:09 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner2013-08-20 13:09 - 2013-08-20 13:09 - 00000000 ____D C:\Program Files (x86)\Lavasoft2013-08-20 13:08 - 2013-08-20 13:08 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys2013-08-20 13:01 - 2013-08-20 13:01 - 00002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC2013-08-20 13:01 - 2013-08-20 13:01 - 00000000 ____D C:\Program Files\CCleaner2013-08-20 12:56 - 2013-08-20 12:56 - 00000000 ____D C:\Windows\pss2013-08-20 12:54 - 2013-08-20 12:54 - 00000000 ____D C:\Users\rodneymykisen_da\AppData\Roaming\Nitro PDF2013-08-20 12:53 - 2013-08-20 12:53 - 00000000 ____D C:\Users\rodneymykisen_da\AppData\Local\VeriSign2013-08-20 12:52 - 2013-08-20 12:56 - 00000000 ____D C:\Users\rodneymykisen_da\AppData\Roaming\Adobe2013-08-20 12:52 - 2013-08-20 12:54 - 00000000 ____D C:\Users\rodneymykisen_da\AppData\Local\Adobe2013-08-20 12:52 - 2013-08-20 12:52 - 00123104 _____ C:\Users\rodneymykisen_da\AppData\Local\GDIPFONTCACHEV1.DAT2013-08-20 12:51 - 2013-08-20 12:52 - 00000000 ____D C:\Users\rodneymykisen_da\AppData\Local\VirtualStore2013-08-20 12:51 - 2013-08-20 12:51 - 00000020 ___SH C:\Users\rodneymykisen_da\ntuser.ini2013-08-20 12:51 - 2013-08-20 12:51 - 00000000 ____D C:\Users\rodneymykisen_da\AppData\Roaming\Lenovo2013-08-20 12:51 - 2013-08-20 12:51 - 00000000 ____D C:\Users\rodneymykisen_da\AppData\Roaming\Leadertech2013-08-20 12:51 - 2013-08-20 12:51 - 00000000 ____D C:\Users\rodneymykisen_da\AppData\Roaming\Intel2013-08-20 12:51 - 2013-08-20 12:51 - 00000000 ____D C:\Users\rodneymykisen_da\AppData\Roaming\Apple Computer2013-08-20 12:51 - 2013-08-20 12:51 - 00000000 ____D C:\Users\rodneymykisen_da\AppData\Local\Symantec2013-08-20 12:51 - 2013-08-20 12:51 - 00000000 ____D C:\Users\rodneymykisen_da\AppData\Local\Lenovo2013-08-20 12:51 - 2013-08-20 12:51 - 00000000 ____D C:\Users\rodneymykisen_da2013-08-20 12:51 - 2012-12-07 09:05 - 00000000 ____D C:\Users\rodneymykisen_da\AppData\Local\Microsoft Help2013-08-20 12:51 - 2012-08-02 16:54 - 00000000 ____D C:\Users\rodneymykisen_da\AppData\Roaming\Macromedia2013-08-16 15:53 - 2013-08-16 15:53 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-08-14 03:03 - 2013-08-14 03:05 - 00000000 ____D C:\Windows\system32\MRT2013-08-14 00:39 - 2013-07-25 05:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL2013-08-14 00:39 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL2013-08-14 00:39 - 2013-07-24 09:40 - 12295680 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2013-08-14 00:39 - 2013-07-24 09:40 - 09065472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2013-08-14 00:39 - 2013-07-24 09:40 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2013-08-14 00:39 - 2013-07-24 09:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2013-08-14 00:39 - 2013-07-24 09:14 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-08-14 00:39 - 2013-07-24 09:14 - 06036480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-08-14 00:39 - 2013-07-24 09:14 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-08-14 00:39 - 2013-07-18 21:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2013-08-14 00:39 - 2013-07-18 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2013-08-14 00:39 - 2013-07-09 02:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2013-08-14 00:39 - 2013-07-09 01:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2013-08-14 00:39 - 2013-07-09 01:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll2013-08-14 00:39 - 2013-07-09 01:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll2013-08-14 00:39 - 2013-07-09 01:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll2013-08-14 00:39 - 2013-07-09 01:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll2013-08-14 00:39 - 2013-07-09 01:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll2013-08-14 00:39 - 2013-07-09 01:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll2013-08-14 00:39 - 2013-07-09 01:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2013-08-14 00:39 - 2013-07-09 01:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2013-08-14 00:39 - 2013-07-09 00:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2013-08-14 00:39 - 2013-07-09 00:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll2013-08-14 00:39 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll2013-08-14 00:39 - 2013-07-09 00:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2013-08-14 00:39 - 2013-07-09 00:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll2013-08-14 00:39 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll2013-08-14 00:39 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll2013-08-14 00:39 - 2013-07-08 22:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2013-08-14 00:39 - 2013-07-08 22:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2013-08-14 00:39 - 2013-07-08 22:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2013-08-14 00:39 - 2013-07-08 22:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2013-08-14 00:39 - 2013-07-06 02:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys2013-08-14 00:39 - 2013-06-15 00:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys2013-08-14 00:38 - 2013-07-24 09:40 - 01493504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2013-08-14 00:38 - 2013-07-24 09:40 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2013-08-14 00:38 - 2013-07-24 09:40 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2013-08-14 00:38 - 2013-07-24 09:40 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2013-08-14 00:38 - 2013-07-24 09:40 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2013-08-14 00:38 - 2013-07-24 09:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2013-08-14 00:38 - 2013-07-24 09:14 - 01231872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-08-14 00:38 - 2013-07-24 09:14 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-08-14 00:38 - 2013-07-24 09:14 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-08-14 00:38 - 2013-07-24 09:14 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-08-14 00:38 - 2013-07-24 09:14 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2013-08-14 00:38 - 2013-07-24 09:14 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2013-08-14 00:38 - 2013-07-24 09:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-08-14 00:38 - 2013-07-24 07:43 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2013-08-14 00:38 - 2013-07-24 07:23 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-08-12 15:53 - 2013-08-16 10:37 - 00000000 ____D C:\Users\HEATHE~1\AppData\Local\NPE2013-08-09 09:40 - 2013-08-09 09:40 - 00000000 ____D C:\Users\heatherbailey\Documents\WhoLockMe200[1]2013-08-08 16:58 - 2013-08-08 16:58 - 00000000 ____D C:\Users\heatherbailey\AppData\Roaming\SUPERAntiSpyware.com2013-08-08 16:58 - 2013-08-08 16:58 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com2013-08-08 10:24 - 2013-08-16 15:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-08-08 10:24 - 2013-08-08 10:24 - 00000000 ____D C:\Users\heatherbailey\AppData\Roaming\Malwarebytes2013-08-08 10:24 - 2013-08-08 10:24 - 00000000 ____D C:\ProgramData\Malwarebytes2013-08-08 10:24 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2013-08-08 10:24 - 2010-04-29 15:39 - 00038224 _____ (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys2013-08-08 09:42 - 2007-03-23 17:55 - 00035928 _____ (Adobe Systems Incorporated.) C:\Windows\system32\AdobePDF64.dll2013-08-08 09:26 - 2013-08-08 09:26 - 00000000 ____D C:\Users\heatherbailey\AppData\Local\Apps\2.0==================== One Month Modified Files and Folders =======2013-08-27 08:51 - 2013-08-26 17:38 - 00000000 ____D C:\Users\heatherbailey\Desktop\FIX2013-08-27 08:50 - 2012-08-02 16:46 - 01906380 _____ C:\Windows\WindowsUpdate.log2013-08-27 08:48 - 2012-08-02 17:01 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-08-27 08:46 - 2013-08-20 16:01 - 00001388 _____ C:\Windows\setupact.log2013-08-27 08:46 - 2012-12-07 12:01 - 00000248 _____ C:\Windows\system32\config\netlogon.ftl2013-08-27 08:46 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-08-27 08:25 - 2012-12-05 10:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-08-27 08:16 - 2012-08-02 17:01 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-08-26 18:38 - 2009-07-14 00:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-08-26 18:38 - 2009-07-14 00:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-08-26 18:34 - 2009-07-14 01:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI2013-08-26 17:50 - 2013-08-26 12:16 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-08-26 17:50 - 2013-08-26 12:15 - 00000000 ____D C:\Users\heatherbailey\Desktop\mbar2013-08-26 17:26 - 2013-08-26 17:26 - 00000000 ____D C:\FRST2013-08-26 17:25 - 2013-08-26 17:24 - 01578228 _____ (Farbar) C:\Users\heatherbailey\Desktop\FRST64.exe2013-08-26 17:23 - 2013-08-26 17:20 - 00000000 ____D C:\Users\heatherbailey\Desktop\RK_Quarantine2013-08-26 17:18 - 2013-08-26 17:18 - 03814400 _____ C:\Users\heatherbailey\Desktop\RogueKillerX64.exe2013-08-26 16:57 - 2013-08-26 16:57 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys2013-08-26 16:42 - 2012-12-10 12:01 - 00000000 ____D C:\spaceman2013-08-26 12:14 - 2013-08-26 12:14 - 12907592 _____ (Malwarebytes Corp.) C:\Users\heatherbailey\Desktop\mbar-1.07.0.1005.exe2013-08-25 19:08 - 2013-08-23 16:42 - 00000000 ____D C:\Users\heatherbailey\Desktop\Floor & Decor2013-08-23 14:04 - 2013-08-22 16:14 - 00000000 ____D C:\Users\HEATHE~1\AppData\Local\CrashDumps2013-08-20 16:01 - 2013-08-20 16:01 - 00000000 _____ C:\Windows\setuperr.log2013-08-20 16:00 - 2013-08-20 16:00 - 00000000 ____D C:\Users\rodneymykisen_da\AppData\Roaming\PwrMgr2013-08-20 15:59 - 2013-08-20 15:59 - 04421472 _____ (Symantec Corporation) C:\Users\rodneymykisen_da\Downloads\SymHelp (1).exe2013-08-20 15:57 - 2013-08-20 15:57 - 04421472 _____ (Symantec Corporation) C:\Users\rodneymykisen_da\Downloads\SymHelp.exe2013-08-20 15:51 - 2013-08-20 15:51 - 00000000 ____D C:\Users\rodneymykisen_da\AppData\Roaming\QuickScan2013-08-20 15:42 - 2013-08-20 15:42 - 00000000 ____D C:\Users\rodneymykisen_da\AppData\Local\Google2013-08-20 13:25 - 2012-12-05 10:10 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-08-20 13:25 - 2012-12-05 10:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-08-20 13:25 - 2012-12-05 10:10 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2013-08-20 13:18 - 2013-08-20 13:18 - 00000000 ____D C:\Users\rodneymykisen_da\AppData\Roaming\LavasoftStatistics2013-08-20 13:09 - 2013-08-20 13:09 - 00000000 ____D C:\ProgramData\Downloaded Installations2013-08-20 13:09 - 2013-08-20 13:09 - 00000000 ____D C:\ProgramData\blekko toolbars2013-08-20 13:09 - 2013-08-20 13:09 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner2013-08-20 13:09 - 2013-08-20 13:09 - 00000000 ____D C:\Program Files (x86)\Lavasoft2013-08-20 13:08 - 2013-08-20 13:08 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys2013-08-20 13:02 - 2011-02-24 13:03 - 00000000 ____D C:\Windows\Panther2013-08-20 13:01 - 2013-08-20 13:01 - 00002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC2013-08-20 13:01 - 2013-08-20 13:01 - 00000000 ____D C:\Program Files\CCleaner2013-08-20 12:56 - 2013-08-20 12:56 - 00000000 ____D C:\Windows\pss2013-08-20 12:56 - 2013-08-20 12:52 - 00000000 ____D C:\Users\rodneymykisen_da\AppData\Roaming\Adobe2013-08-20 12:54 - 2013-08-20 12:54 - 00000000 ____D C:\Users\rodneymykisen_da\AppData\Roaming\Nitro PDF2013-08-20 12:54 - 2013-08-20 12:52 - 00000000 ____D C:\Users\rodneymykisen_da\AppData\Local\Adobe2013-08-20 12:53 - 2013-08-20 12:53 - 00000000 ____D C:\Users\rodneymykisen_da\AppData\Local\VeriSign2013-08-20 12:52 - 2013-08-20 12:52 - 00123104 _____ C:\Users\rodneymykisen_da\AppData\Local\GDIPFONTCACHEV1.DAT2013-08-20 12:52 - 2013-08-20 12:51 - 00000000 ____D C:\Users\rodneymykisen_da\AppData\Local\VirtualStore2013-08-20 12:51 - 2013-08-20 12:51 - 00000020 ___SH C:\Users\rodneymykisen_da\ntuser.ini2013-08-20 12:51 - 2013-08-20 12:51 - 00000000 ____D C:\Users\rodneymykisen_da\AppData\Roaming\Lenovo2013-08-20 12:51 - 2013-08-20 12:51 - 00000000 ____D C:\Users\rodneymykisen_da\AppData\Roaming\Leadertech2013-08-20 12:51 - 2013-08-20 12:51 - 00000000 ____D C:\Users\rodneymykisen_da\AppData\Roaming\Intel2013-08-20 12:51 - 2013-08-20 12:51 - 00000000 ____D C:\Users\rodneymykisen_da\AppData\Roaming\Apple Computer2013-08-20 12:51 - 2013-08-20 12:51 - 00000000 ____D C:\Users\rodneymykisen_da\AppData\Local\Symantec2013-08-20 12:51 - 2013-08-20 12:51 - 00000000 ____D C:\Users\rodneymykisen_da\AppData\Local\Lenovo2013-08-20 12:51 - 2013-08-20 12:51 - 00000000 ____D C:\Users\rodneymykisen_da2013-08-19 09:22 - 2012-12-06 14:06 - 00000000 ____D C:\Users\heatherbailey\AppData\Roaming\Nitro PDF2013-08-16 15:53 - 2013-08-16 15:53 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-08-16 15:53 - 2013-08-08 10:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-08-16 10:37 - 2013-08-12 15:53 - 00000000 ____D C:\Users\HEATHE~1\AppData\Local\NPE2013-08-14 03:09 - 2012-12-05 08:41 - 00000000 ____D C:\ProgramData\Microsoft Help2013-08-14 03:05 - 2013-08-14 03:03 - 00000000 ____D C:\Windows\system32\MRT2013-08-14 03:03 - 2012-12-04 16:21 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2013-08-12 15:53 - 2012-08-02 17:06 - 00000000 ____D C:\ProgramData\Norton2013-08-09 09:41 - 2013-07-15 15:49 - 00000000 ____D C:\Users\heatherbailey\AppData\System2013-08-09 09:40 - 2013-08-09 09:40 - 00000000 ____D C:\Users\heatherbailey\Documents\WhoLockMe200[1]2013-08-09 02:22 - 2012-08-02 17:08 - 00000000 ____D C:\Windows\System32\Tasks\TVT2013-08-09 02:22 - 2012-08-02 16:50 - 00000000 ____D C:\Program Files (x86)\Lenovo2013-08-08 16:58 - 2013-08-08 16:58 - 00000000 ____D C:\Users\heatherbailey\AppData\Roaming\SUPERAntiSpyware.com2013-08-08 16:58 - 2013-08-08 16:58 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com2013-08-08 10:24 - 2013-08-08 10:24 - 00000000 ____D C:\Users\heatherbailey\AppData\Roaming\Malwarebytes2013-08-08 10:24 - 2013-08-08 10:24 - 00000000 ____D C:\ProgramData\Malwarebytes2013-08-08 09:26 - 2013-08-08 09:26 - 00000000 ____D C:\Users\heatherbailey\AppData\Local\Apps\2.02013-08-08 09:24 - 2012-08-02 16:54 - 00000000 ____D C:\ProgramData\Adobe2013-08-08 09:16 - 2012-12-06 14:19 - 00000000 ____D C:\Users\heatherbailey\AppData\Roaming\Adobe2013-08-06 11:36 - 2012-12-06 17:50 - 00000000 ____D C:\Users\HEATHE~1\AppData\Local\Google2013-08-05 16:45 - 2012-12-06 14:03 - 00000000 ____D C:\Users\heatherbailey2013-08-05 13:54 - 2013-05-24 13:37 - 00000000 ____D C:\Users\HEATHE~1\AppData\Local\CitrixFiles to move or delete:====================C:\Users\admin\AppData\Local\Temp\ose00000.exeC:\Users\admin\AppData\Local\Temp\SimpleTap\assembly\dl3\fc39780e\005d7dce_21dacc01\AccuWeatherTile.resources.DLLC:\Users\admin\AppData\Local\Temp\SimpleTap\assembly\dl3\ed725a91\000f03da_18e1cc01\NewsTile.dllC:\Users\admin\AppData\Local\Temp\SimpleTap\assembly\dl3\eb6965fe\00df05b0_fa32cd01\Flickr.dllC:\Users\admin\AppData\Local\Temp\SimpleTap\assembly\dl3\df8219f9\00fe0faa_fa32cd01\EvernoteLauncher.dllC:\Users\admin\AppData\Local\Temp\SimpleTap\assembly\dl3\da5d3d2a\005b2e98_fa32cd01\CoreAudioApi.dllC:\Users\admin\AppData\Local\Temp\SimpleTap\assembly\dl3\cfeeaca7\00777ca6_fa32cd01\DefaultTheme.dllC:\Users\admin\AppData\Local\Temp\SimpleTap\assembly\dl3\cf374288\0093cab4_fa32cd01\LenovoMusic.dllC:\Users\admin\AppData\Local\Temp\SimpleTap\assembly\dl3\c0724330\00fb53be_fa32cd01\MSOffice.dllC:\Users\admin\AppData\Local\Temp\SimpleTap\assembly\dl3\abd22777\002b41ab_fa32cd01\AccuWeatherTile.dllC:\Users\admin\AppData\Local\Temp\SimpleTap\assembly\dl3\a3b33177\002885bf_fa32cd01\Skype.dllC:\Users\admin\AppData\Local\Temp\SimpleTap\assembly\dl3\a03b1257\002885bf_fa32cd01\Wikipedia.dllC:\Users\admin\AppData\Local\Temp\SimpleTap\assembly\dl3\9cd84dd0\002b41ab_fa32cd01\PriceGrabber.dllC:\Users\admin\AppData\Local\Temp\SimpleTap\assembly\dl3\99413959\006699b3_fa32cd01\Kayak.dllC:\Users\admin\AppData\Local\Temp\SimpleTap\assembly\dl3\90a78a4a\001a5eb8_fa32cd01\LenovoSolutionCenter.dllC:\Users\admin\AppData\Local\Temp\SimpleTap\assembly\dl3\784b4f35\00bf5e13_35dacc01\SugarSync.SimpleTapAddons.FileManager.dllC:\Users\admin\AppData\Local\Temp\SimpleTap\assembly\dl3\77253781\00d1dea8_fa32cd01\Chrome.dllC:\Users\admin\AppData\Local\Temp\SimpleTap\assembly\dl3\6ef661df\00fe0faa_fa32cd01\InternetExplorer.dllC:\Users\admin\AppData\Local\Temp\SimpleTap\assembly\dl3\5af491cf\00f0e8a2_fa32cd01\ScreenRotate.dllC:\Users\admin\AppData\Local\Temp\SimpleTap\assembly\dl3\5831e612\00e2c19b_fa32cd01\WirelessApi.dllC:\Users\admin\AppData\Local\Temp\SimpleTap\assembly\dl3\58001f05\0074c0ba_fa32cd01\LenovoTV.dllC:\Users\admin\AppData\Local\Temp\SimpleTap\assembly\dl3\55002b75\005872ac_fa32cd01\SimpleTapAppStoreAddon.dllC:\Users\admin\AppData\Local\Temp\SimpleTap\assembly\dl3\4ca8af8c\006699b3_fa32cd01\Groupon.dllC:\Users\admin\AppData\Local\Temp\SimpleTap\assembly\dl3\33401392\00885f99_fa32cd01\DisplayBrightnessApi.dllC:\Users\admin\AppData\Local\Temp\SimpleTap\assembly\dl3\2eb3ad89\00ce22bd_fa32cd01\MessageCenterPlus.dllC:\Users\admin\AppData\Local\Temp\SimpleTap\assembly\dl3\1e8b25e9\001d1aa4_fa32cd01\Biztree.dllC:\Users\HEATHE~1\AppData\Local\Temp\InstallFlashPlayer.exeC:\Users\HEATHE~1\AppData\Local\Temp\{1E0F5F5C-C0E9-4CDD-AA15-39F664856A70}\microsoftVcRedist2005Kb973544X86\PRQStarter-1.exeC:\Users\HEATHE~1\AppData\Local\Temp\Temp1_WhoLockMe200[1].zip\WhoLockMe.exeC:\Users\HEATHE~1\AppData\Local\Temp\SimpleTap\assembly\dl3\fe6c9e4c\005872ac_fa32cd01\SimpleTapAppStoreAddon.dllC:\Users\HEATHE~1\AppData\Local\Temp\SimpleTap\assembly\dl3\f4508849\00885f99_fa32cd01\DisplayBrightnessApi.dllC:\Users\HEATHE~1\AppData\Local\Temp\SimpleTap\assembly\dl3\ef2b6168\006699b3_fa32cd01\Kayak.dllC:\Users\HEATHE~1\AppData\Local\Temp\SimpleTap\assembly\dl3\e80206c8\002885bf_fa32cd01\Skype.dllC:\Users\HEATHE~1\AppData\Local\Temp\SimpleTap\assembly\dl3\e48813d4\00ce22bd_fa32cd01\MessageCenterPlus.dllC:\Users\HEATHE~1\AppData\Local\Temp\SimpleTap\assembly\dl3\e41aba4e\001d1aa4_fa32cd01\Biztree.dllC:\Users\HEATHE~1\AppData\Local\Temp\SimpleTap\assembly\dl3\ddfc731f\005b2e98_fa32cd01\CoreAudioApi.dllC:\Users\HEATHE~1\AppData\Local\Temp\SimpleTap\assembly\dl3\d9112c90\00d1dea8_fa32cd01\Chrome.dllC:\Users\HEATHE~1\AppData\Local\Temp\SimpleTap\assembly\dl3\d63881b8\002885bf_fa32cd01\Wikipedia.dllC:\Users\HEATHE~1\AppData\Local\Temp\SimpleTap\assembly\dl3\bdd8a02b\00df05b0_fa32cd01\Flickr.dllC:\Users\HEATHE~1\AppData\Local\Temp\SimpleTap\assembly\dl3\a9786da9\00fb53be_fa32cd01\MSOffice.dllC:\Users\HEATHE~1\AppData\Local\Temp\SimpleTap\assembly\dl3\a7340e81\002b41ab_fa32cd01\AccuWeatherTile.dllC:\Users\HEATHE~1\AppData\Local\Temp\SimpleTap\assembly\dl3\a312cdd9\005d7dce_21dacc01\AccuWeatherTile.resources.DLLC:\Users\HEATHE~1\AppData\Local\Temp\SimpleTap\assembly\dl3\8f24ec2a\002b41ab_fa32cd01\PriceGrabber.dllC:\Users\HEATHE~1\AppData\Local\Temp\SimpleTap\assembly\dl3\880902a4\0093cab4_fa32cd01\LenovoMusic.dllC:\Users\HEATHE~1\AppData\Local\Temp\SimpleTap\assembly\dl3\62c6e664\0074c0ba_fa32cd01\LenovoTV.dllC:\Users\HEATHE~1\AppData\Local\Temp\SimpleTap\assembly\dl3\619d4c9b\00fe0faa_fa32cd01\InternetExplorer.dllC:\Users\HEATHE~1\AppData\Local\Temp\SimpleTap\assembly\dl3\4efc8ed1\00fe0faa_fa32cd01\EvernoteLauncher.dllC:\Users\HEATHE~1\AppData\Local\Temp\SimpleTap\assembly\dl3\47880903\00bf5e13_35dacc01\SugarSync.SimpleTapAddons.FileManager.dllC:\Users\HEATHE~1\AppData\Local\Temp\SimpleTap\assembly\dl3\455a2f09\001a5eb8_fa32cd01\LenovoSolutionCenter.dllC:\Users\HEATHE~1\AppData\Local\Temp\SimpleTap\assembly\dl3\3e9d7897\00f0e8a2_fa32cd01\ScreenRotate.dllC:\Users\HEATHE~1\AppData\Local\Temp\SimpleTap\assembly\dl3\377d4969\000f03da_18e1cc01\NewsTile.dllC:\Users\HEATHE~1\AppData\Local\Temp\SimpleTap\assembly\dl3\32a104fa\00777ca6_fa32cd01\DefaultTheme.dllC:\Users\HEATHE~1\AppData\Local\Temp\SimpleTap\assembly\dl3\2f764b65\006699b3_fa32cd01\Groupon.dllC:\Users\HEATHE~1\AppData\Local\Temp\SimpleTap\assembly\dl3\0504428c\00e2c19b_fa32cd01\WirelessApi.dllC:\Users\HEATHE~1\AppData\Local\Temp\SAS_SelfExtract\deupx.dllC:\Users\HEATHE~1\AppData\Local\Temp\SAS_SelfExtract\deupx2964.dllC:\Users\HEATHE~1\AppData\Local\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\5d52ca18-4f4d-4d99-b96a-79771f867f3a.exeC:\Users\rodneymykisen_da\AppData\Local\Temp\9c9d6da9-7e83-4388-bf43-e4a613b4e1d3.exeC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\App.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\BackupExec.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\BESR_SSR.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\Db.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\DLP.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\EpClient.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\EpConsole.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\FileSystem.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\LibShared.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\LibWin.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\MonoLinq.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\MsftExchange.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\MsftIIS.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\MsftOs.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\MsftPowerShell.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\MsftSQL.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\NativeApiCmdWin.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\Os.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\Registry.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\ScriptEngine.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\SharedUi.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\SharedUi3.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\Smr.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\SMRDll.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\SMSMSE.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\SQLite.Interop.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\StLibC.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\SymcProd.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\SymDiag.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\SymDiag.exeC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\SymDiagTables.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\SymDiagUi3.exeC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\System.Data.SQLite.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\Verisign.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\STSFX2C02\VipAccess.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\b020c073-b726-4388-a177-0189bfb13a91\Statistics.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\1996cb29-23ef-47a6-ab13-54691edb08c9\CartSdk.dllC:\Users\rodneymykisen_da\AppData\Local\Temp\1996cb29-23ef-47a6-ab13-54691edb08c9\CartSdk64.exeC:\Users\rodneymykisen_da\AppData\Local\Temp\1996cb29-23ef-47a6-ab13-54691edb08c9\sbrc.exeC:\Users\rodneymykisen_da\AppData\Local\Temp\1996cb29-23ef-47a6-ab13-54691edb08c9\i386\sbbd.exeC:\Users\rodneymykisen_da\AppData\Local\Temp\1996cb29-23ef-47a6-ab13-54691edb08c9\amd64\sbbd.exe==================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legitLastRegBack: 2013-02-05 12:30==================== End Of Log ============================Addition.txt Link to post Share on other sites More sharing options...
MrCharlie Posted August 27, 2013 ID:721260 Share Posted August 27, 2013 Download the attached fixlist.txt to the same folder as FRST. Run FRST and click Fix only once and wait The tool will create a log (Fixlog.txt) in the folder, please post it to your reply. Then...... Download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txtTo attach a log if needed: Bottom right corner of this page. New window that comes up. ~~~~~~~~~~~~~~~~~~~~~~~ Note: If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional: Internet access Windows Update Windows Firewall If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder. Just run fixdamage.exe. Verify that they are now functioning normally. MrC Link to post Share on other sites More sharing options...
hbailey01 Posted August 27, 2013 Author ID:721266 Share Posted August 27, 2013 Thank you. Here is the fixlog.txt. Running mbar now.Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-08-2013 01Ran by heatherbailey at 2013-08-27 09:12:58 Run:1Running from C:\Users\heatherbailey\Desktop\FIXBoot Mode: Normal==============================================Content of fixlist:*****************HKCU\...\Run: [Google Update*] - [x]HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exeHKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exeHKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% *****************HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.==== End of Fixlog ==== Link to post Share on other sites More sharing options...
hbailey01 Posted August 27, 2013 Author ID:721272 Share Posted August 27, 2013 I have no idea why the last reply was so small. I'll try this again: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-08-2013 01Ran by heatherbailey at 2013-08-27 09:12:58 Run:1Running from C:\Users\heatherbailey\Desktop\FIXBoot Mode: Normal==============================================Content of fixlist:*****************HKCU\...\Run: [Google Update*] - [x]HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exeHKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exeHKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%*****************HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.HKLM => Group Policy Restriction on software restored successfully.==== End of Fixlog ==== Link to post Share on other sites More sharing options...
hbailey01 Posted August 27, 2013 Author ID:721294 Share Posted August 27, 2013 MBar didn't find anything...mbar-log-2013-08-27 (09-15-09).txtsystem-log.txt Link to post Share on other sites More sharing options...
MrCharlie Posted August 27, 2013 ID:721299 Share Posted August 27, 2013 Well Done, lets run ComboFix to clear up any leftovers. Please download and run ComboFix. The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop. Please visit this webpage for download links, and instructions for running ComboFix http://www.bleepingcomputer.com/combofix/how-to-use-combofix Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Information on disabling your malware programs can be found Here. Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed. Please include the C:\ComboFix.txt in your next reply for further review. ---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed. MrC Link to post Share on other sites More sharing options...
hbailey01 Posted August 27, 2013 Author ID:721335 Share Posted August 27, 2013 Here are the results. Pleas note that my symantec automatically enabled itself during the scan, and I disabled as soon as I noticed. Will this be a problem? ComboFix 13-08-25.01 - heatherbailey 08/27/2013 10:05:27.1.4 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3794.1771 [GMT -4:00]Running from: c:\users\heatherbailey\Desktop\ComboFix.exeAV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point.ADS - Windows: deleted 0 bytes in 1 streams. .((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files\Lenovo\Lenovo Solution Center\Microsoft Fix it\FixitUi\_desktop.inic:\programdata\Roamingc:\users\heatherbailey\AppData\Local\assembly\tmpD:\AUTORUN.INFF:\autorun.infF:\Setup.exe..((((((((((((((((((((((((( Files Created from 2013-07-27 to 2013-08-27 )))))))))))))))))))))))))))))))..2013-08-27 13:29 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{22BE899E-F6A6-41C8-92F9-A83164EDFAF8}\mpengine.dll2013-08-26 21:26 . 2013-08-26 21:26 -------- d-----w- C:\FRST2013-08-26 20:57 . 2013-08-26 20:57 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys2013-08-26 16:16 . 2013-08-27 14:02 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2013-08-22 20:14 . 2013-08-23 18:04 -------- d-----w- c:\users\heatherbailey\AppData\Local\CrashDumps2013-08-20 17:09 . 2013-08-20 17:09 -------- d-----w- c:\programdata\Downloaded Installations2013-08-20 17:09 . 2013-08-20 17:09 -------- d-----w- c:\programdata\blekko toolbars2013-08-20 17:09 . 2013-08-20 17:09 -------- d-----w- c:\program files (x86)\Lavasoft2013-08-20 17:09 . 2013-08-20 17:09 -------- d-----w- c:\program files (x86)\Toolbar Cleaner2013-08-20 17:08 . 2013-08-20 17:08 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys2013-08-20 17:01 . 2013-08-20 17:01 -------- d-----w- c:\program files\CCleaner2013-08-20 16:51 . 2013-08-20 16:51 -------- d-----w- c:\users\rodneymykisen_da2013-08-16 19:53 . 2013-08-16 19:53 -------- d-----w- c:\users\heatherbailey\AppData\Local\Programs2013-08-14 07:03 . 2013-08-14 07:05 -------- d-----w- c:\windows\system32\MRT2013-08-14 04:38 . 2013-07-24 13:40 1188864 ----a-w- c:\windows\system32\wininet.dll2013-08-12 19:53 . 2013-08-16 14:37 -------- d-----w- c:\users\heatherbailey\AppData\Local\NPE2013-08-08 20:58 . 2013-08-08 20:58 -------- d-----w- c:\users\heatherbailey\AppData\Roaming\SUPERAntiSpyware.com2013-08-08 20:58 . 2013-08-08 20:58 -------- d-----w- c:\programdata\SUPERAntiSpyware.com2013-08-08 14:24 . 2013-08-08 14:24 -------- d-----w- c:\users\heatherbailey\AppData\Roaming\Malwarebytes2013-08-08 14:24 . 2010-04-29 19:39 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys2013-08-08 14:24 . 2013-08-16 19:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-08-08 14:24 . 2013-08-08 14:24 -------- d-----w- c:\programdata\Malwarebytes2013-08-08 14:24 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-08-08 13:42 . 2007-03-23 21:55 35928 ----a-w- c:\windows\system32\AdobePDF64.dll2013-08-08 13:26 . 2013-08-08 13:26 -------- d-----w- c:\users\heatherbailey\AppData\Local\Apps...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-08-20 17:25 . 2012-12-05 14:10 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-08-20 17:25 . 2012-12-05 14:10 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-08-14 07:03 . 2012-12-04 20:21 78161360 ----a-w- c:\windows\system32\MRT.exe2013-07-09 04:45 . 2013-08-14 04:39 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-06-28 14:24 . 2013-06-28 14:17 40960 ----a-r- c:\users\heatherbailey\AppData\Roaming\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe2013-06-05 03:34 . 2013-07-11 14:36 3153920 ----a-w- c:\windows\system32\win32k.sys2013-06-04 06:00 . 2013-07-11 14:36 624128 ----a-w- c:\windows\system32\qedit.dll2013-06-04 04:53 . 2013-07-11 14:36 509440 ----a-w- c:\windows\SysWow64\qedit.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-04-05 59720]"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]"Uploader"="c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe" [2013-05-30 122984].c:\users\heatherbailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"EnableLinkedConnections"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-891294066-3545055535-1653584112-2537\Scripts\Logon\0\0]"Script"=corpprinters.bat.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]@="Service".[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]R3 5U877;5U877;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]S0 Fastboot;Fastboot;c:\windows\System32\DRIVERS\Fastboot.sys;c:\windows\SYSNATIVE\DRIVERS\Fastboot.sys [x]S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]S1 SASDIFSV;SASDIFSV;c:\users\HEATHE~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS;c:\users\HEATHE~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]S1 SASKUTIL;SASKUTIL;c:\users\HEATHE~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS;c:\users\HEATHE~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]S2 FastbootService;FastbootService;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [x]S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]S2 Seagate Dashboard Services;Seagate Dashboard Services;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [x]S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [x]S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]S3 tvtvcamd;ThinkVantage Virtual Camera;c:\windows\system32\DRIVERS\tvtvcamd.sys;c:\windows\SYSNATIVE\DRIVERS\tvtvcamd.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-08-22 05:16 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-08-27 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-05 17:25].2013-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-02 21:01].2013-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-02 21:01]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]@="{A759AFF6-5851-457D-A540-F4ECED148351}"[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyServer = 192.168.1.4:8080uInternet Settings,ProxyOverride = localhost;*eetime1.adp.com*;<local>;*.localIE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105Trusted Zone: acehardware-acenet.comTrusted Zone: acehardware-aceonline.comTrusted Zone: acehardware-eaglevision.comTrusted Zone: acehardware-vendors.comTrusted Zone: aceservices.comTrusted Zone: acehardware-acenet.comTrusted Zone: acehardware-aceonline.comTrusted Zone: acehardware-eaglevision.comTrusted Zone: acehardware-vendors.comTrusted Zone: aceservices.comTCP: DhcpNameServer = 192.168.1.86 10.10.20.10.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Wow6432Node-HKLM-Run-<NO NAME> - (no file)SafeBoot-Symantec AntvirusHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-08-27 10:14:49ComboFix-quarantined-files.txt 2013-08-27 14:14.Pre-Run: 396,412,141,568 bytes freePost-Run: 396,348,751,872 bytes free.- - End Of File - - C1F5A0C12669B8427233CB2AAD6A0006 ComboFix.txt Link to post Share on other sites More sharing options...
MrCharlie Posted August 27, 2013 ID:721338 Share Posted August 27, 2013 Looks Good..... Lets check for any adware while you're here: Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.Copy and paste the contents of that logfile in your next reply.A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.If you agree with everything listed to be removed in the folders section........... Double click on AdwCleaner.exe to run the tool again.Click on the Scan button.AdwCleaner will begin to scan your computer like it did before.After the scan has finished...This time click on the Clean button.Press OK when asked to close all programs and follow the onscreen prompts.Press OK again to allow AdwCleaner to restart the computer and complete the removal process.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Then.................. Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report. Make sure that everything is checked, and click Remove Selected. Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
hbailey01 Posted August 27, 2013 Author ID:721351 Share Posted August 27, 2013 I keep getting the following error when I attempt to download ADWCleaner. I tried from 2 different computers. Please advise. Error.bmp Link to post Share on other sites More sharing options...
MrCharlie Posted August 27, 2013 ID:721354 Share Posted August 27, 2013 Attached: Link to post Share on other sites More sharing options...
hbailey01 Posted August 27, 2013 Author ID:721375 Share Posted August 27, 2013 The sonicwall keeps blocking, so now my IT department has agreed to reimage my pc. Thank you so much for your help. Link to post Share on other sites More sharing options...
LDTate Posted August 28, 2013 ID:721844 Share Posted August 28, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts