Jump to content

Computer Bogs on single user with 20+ COM Surrogates


Thayran

Recommended Posts

Hello Forum,

 

  I could use some help - please.  This computer slows to a crawl when one of the users are logged-in.  The other user seems to be fine.  I have run Kaspersky from a Rescue Disk and have found and removed 43 of the same trojan (a ZBOT variant).  Computer still exhibits the same issue after reboot.  There are usually 15-20 processes running the same COM Surrogate, consuming most of the resources.  I have loaded MBAM and it has tried to remove a couple trojans as well, but the problem still comes back.     Thanks.

 

 

DDS

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by Corky at 19:26:51 on 2014-02-26
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2013.920 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Ogvowo] "C:\Users\Corky\AppData\Roaming\Agmaryur\tagiu.exe"
uRun: [Google+ Auto Backup] "C:\Users\home\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
uRun: [Nero Update] regsvr32.exe C:\Users\Corky\AppData\Local\Nero\ep0lvr1l.dll
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Conime] C:\Windows\System32\conime.exe
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FORGET~1.LNK - C:\Program Files (x86)\Broderbund\AG CreataCard\AGRemind.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MYSOFT~1.LNK - C:\Program Files (x86)\Common Files\MySoftware\NewsFlsh.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2664E605-79F8-40C5-A367-1CA27E4568AF} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe



x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Corky\AppData\Roaming\Mozilla\Firefox\Profiles\wdu44fp5.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-1-13 55856]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-1-13 13336]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2013-3-15 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2013-1-15 780152]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-1-13 1692480]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2014-2-22 5093216]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2012-1-13 138752]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-13 236544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-19 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-02-27 00:46:13    75888    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{83778EC4-F8BB-4051-A8BC-E31E2FB46091}\offreg.dll
2014-02-26 12:25:16    --------    d-----w-    C:\Malwarebytes_Log
2014-02-26 03:31:23    --------    d-----w-    C:\Users\Corky\AppData\Roaming\Malwarebytes
2014-02-26 03:02:12    10536864    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{83778EC4-F8BB-4051-A8BC-E31E2FB46091}\mpengine.dll
2014-02-26 02:21:02    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-02-26 02:20:59    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-02-26 02:20:57    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-23 09:23:24    10536864    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-22 16:56:09    --------    d-----w-    C:\ProgramData\Oracle
2014-02-22 16:55:15    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-22 00:30:58    1031560    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0A2D2D5C-D0C7-4F5A-9728-633720A1109A}\gapaengine.dll
2014-02-17 02:52:26    --------    d-sh--w-    C:\found.000
2014-02-15 21:17:53    --------    d-----w-    C:\Users\Corky\AppData\Roaming\Agmaryur
2014-02-12 21:32:03    1882112    ----a-w-    C:\Windows\System32\msxml3.dll
2014-02-12 21:32:02    2048    ----a-w-    C:\Windows\SysWow64\msxml3r.dll
2014-02-12 21:32:02    2048    ----a-w-    C:\Windows\System32\msxml3r.dll
2014-02-12 21:32:02    1237504    ----a-w-    C:\Windows\SysWow64\msxml3.dll
.
==================== Find3M  ====================
.
2014-02-22 21:22:27    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-22 21:22:26    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-06 11:30:46    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-02-06 09:09:30    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-01-19 07:33:29    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-01-06 19:23:36    4558848    ----a-w-    C:\Windows\SysWow64\GPhotos.scr
2013-12-24 23:09:41    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2013-12-21 09:53:45    548864    ----a-w-    C:\Windows\System32\vbscript.dll
2013-12-21 08:56:47    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-12-04 02:27:33    485888    ----a-w-    C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33    123392    ----a-w-    C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33    123392    ----a-w-    C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16    488448    ----a-w-    C:\Windows\System32\secproc.dll
2013-12-04 02:26:32    528384    ----a-w-    C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51    658432    ----a-w-    C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51    626176    ----a-w-    C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50    552960    ----a-w-    C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48    553984    ----a-w-    C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20    87040    ----a-w-    C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20    87040    ----a-w-    C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20    423936    ----a-w-    C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08    428032    ----a-w-    C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06    390144    ----a-w-    C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14    510976    ----a-w-    C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10    594944    ----a-w-    C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09    572416    ----a-w-    C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06    508928    ----a-w-    C:\Windows\SysWow64\RMActivate_ssp_isv.exe
.
============= FINISH: 19:27:56.51 ===============
 

 

 

 

 

Attach

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/17/2012 10:58:48 AM
System Uptime: 2/26/2014 5:45:50 PM (2 hours ago)
.
Motherboard: Dell Inc. |  | 018D1Y
Processor: Pentium® Dual-Core  CPU      E6700  @ 3.20GHz | CPU 1 | 3192/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 386.202 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: UMBus Root Bus Enumerator
Device ID: ROOT\UMBUS\0000
Manufacturer: Microsoft
Name: UMBus Root Bus Enumerator
PNP Device ID: ROOT\UMBUS\0000
Service: umbus
.
==== System Restore Points ===================
.
RP304: 2/19/2014 9:02:19 AM - Windows Update
RP305: 2/22/2014 9:53:02 AM - Removed Java 6 Update 27
RP306: 2/22/2014 9:54:45 AM - Installed Java 7 Update 51
RP307: 2/22/2014 6:16:10 PM - Windows Update
RP308: 2/23/2014 3:00:10 AM - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.9)
aioprnt
aioscnnr
American Greetings CreataCard Select 6
Ask Toolbar
Ask Toolbar Updater
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blio
Bounce Symphony
Build-a-lot 2
C4USelfUpdater
Cake Mania
center
Chuzzle Deluxe
Consumer In-Home Service Agreement
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Edoc Viewer
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell VideoStage
Diner Dash 2 Restaurant Rescue
DirectX 9 Runtime
Dora's World Adventure
eBay
Escape Whisper Valley
essentials
Farm Frenzy
FATE
Final Drive Fury
Final Drive Nitro
Google Toolbar for Internet Explorer
Google Update Helper
Google+ Auto Backup
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
Java 7 Update 51
Java Auto Updater
Java 6 Update 27 (64-bit)
Jewel Quest
Jewel Quest Solitaire 2
Junk Mail filter update
Kodak AIO Printer
KODAK AiO Software
Luxor
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Web Publishing Wizard 1.52
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 24.3.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyMailList & AddressBook
Namco All-Stars PAC-MAN
Nero 10 Movie ThemePack Basic
Nero Blu-ray Player
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
ocr
Penguins!
PhotoShowExpress
Picasa 3
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
PreReq
PrintProjects
RBVirtualFolder64Inst
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Samantha Swift
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
Skype™ 5.10
Sonic CinePlayer Decoder Pack
SyncUP
TeamViewer 8
TrustedID
TrustedID IDMonitor Identity Protection
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
Wedding Dash - Ready, Aim, Love!
WildTangent Games
WildTangent Games App (Dell Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zinio Reader 4
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
2/26/2014 7:17:26 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
2/25/2014 8:30:47 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect.
2/25/2014 8:30:47 PM, Error: Service Control Manager [7000]  - The Intel® Rapid Storage Technology service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/25/2014 7:19:48 PM, Error: Service Control Manager [7034]  - The SoftThinks Agent Service service terminated unexpectedly.  It has done this 1 time(s).
2/25/2014 7:19:41 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
2/25/2014 7:19:41 PM, Error: Service Control Manager [7000]  - The Windows Live ID Sign-in Assistant service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/22/2014 7:00:10 PM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
2/22/2014 6:58:07 PM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
2/22/2014 12:55:05 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TeamViewer8 service.
2/22/2014 11:07:52 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
2/22/2014 11:07:52 AM, Error: Service Control Manager [7000]  - The Windows Media Player Network Sharing Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/22/2014 11:05:10 AM, Error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/22/2014 11:05:09 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
2/22/2014 1:52:59 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
2/22/2014 1:19:45 PM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 107.
2/22/2014 1:19:45 PM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
2/22/2014 1:03:19 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
2/22/2014 1:03:10 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
2/22/2014 1:03:10 PM, Error: Service Control Manager [7000]  - The Windows Modules Installer service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/19/2014 8:47:12 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
2/19/2014 8:46:41 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
2/19/2014 8:45:44 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
2/19/2014 8:45:08 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
2/19/2014 8:32:03 AM, Error: Service Control Manager [7000]  - The Multimedia Class Scheduler service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/19/2014 8:18:03 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
2/19/2014 8:14:27 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
2/19/2014 8:13:56 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
2/19/2014 8:11:56 AM, Error: Service Control Manager [7022]  - The Security Center service hung on starting.
2/19/2014 5:12:50 PM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
2/19/2014 5:10:41 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
.
==== End Of File ===========================
 

Link to post
Share on other sites

Hello Thayran and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall these programs:

Ask Toolbar

Ask Toolbar Updater

Step 2

Please run a Quick Scan with Malwarebytes and post the log:

Open up Malwarebytes => Settings Tab => Scanner Settings => Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log
Link to post
Share on other sites

Hello Borislav,

 

  Sorry for the delay.  Long day at work...

  Well I was able to run the MBAM and the DDS, but I could not use the problematic computer to get to this website.  I am on a different computer typing this reply.  I think I made an error in the sequence of events when i posted the original DDS logs.  I had not yet allowed the malicious programs to load before I ran the DDS.  Also, since the PC is so slow after malware kick-off, I usually disconnect the network cable so I can get it to respond.  I will try to post the logs as soon as possible.

Link to post
Share on other sites

Hello Again Borislav,

 

  Another update:  I tried to run the MBAM, but it hung.   I rebooted the PC into Safe Mode with networking and the 20+ dllhost.exe *32 started again. When I tried to run MBAM it got stuck in what appeared to be an endless effort to scan thousands of .txt files in C:\USERS\CORKY\APPDATA\LOCAL\Temp\cache\(random number)\(random filename.txt).  When I try to view that directory using Windows Explorer, it never finishes building the file list, so it never displays.

  I used a command prompt to view the contents of a couple of the .txt files and found media.adforntiers.com as well as openx.net.

 

Do you have something to kill these processes while we go about eliminating the root cause?

Link to post
Share on other sites

Hello Borislav,

 

  I pulled the DDS from the infected computer onto a thumb drive and brought it to another computer (nervously) to post for your review.

 

  Thanks for your time.

 

 

DDS

 

 

 DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by Corky at 17:25:09 on 2014-02-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2013.329 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Ogvowo] "C:\Users\Corky\AppData\Roaming\Agmaryur\tagiu.exe"
uRun: [Google+ Auto Backup] "C:\Users\home\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
uRun: [Nero Update] regsvr32.exe C:\Users\Corky\AppData\Local\Nero\ep0lvr1l.dll
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Conime] C:\Windows\System32\conime.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FORGET~1.LNK - C:\Program Files (x86)\Broderbund\AG CreataCard\AGRemind.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MYSOFT~1.LNK - C:\Program Files (x86)\Common Files\MySoftware\NewsFlsh.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2664E605-79F8-40C5-A367-1CA27E4568AF} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe



x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Corky\AppData\Roaming\Mozilla\Firefox\Profiles\wdu44fp5.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-1-13 55856]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 134944]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2012-1-13 138752]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-13 236544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
.
=============== Created Last 30 ================
.
2014-02-28 00:18:26 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5517EC59-6561-4FF6-B591-659D503B8DDB}\offreg.dll
2014-02-27 02:32:37 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5517EC59-6561-4FF6-B591-659D503B8DDB}\mpengine.dll
2014-02-26 12:25:16 -------- d-----w- C:\Malwarebytes_Log
2014-02-26 03:31:23 -------- d-----w- C:\Users\Corky\AppData\Roaming\Malwarebytes
2014-02-26 02:21:02 -------- d-----w- C:\ProgramData\Malwarebytes
2014-02-26 02:20:59 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-02-26 02:20:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-23 09:23:24 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-22 16:56:09 -------- d-----w- C:\ProgramData\Oracle
2014-02-22 16:55:15 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-22 00:30:58 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0A2D2D5C-D0C7-4F5A-9728-633720A1109A}\gapaengine.dll
2014-02-17 02:52:26 -------- d-sh--w- C:\found.000
2014-02-15 21:17:53 -------- d-----w- C:\Users\Corky\AppData\Roaming\Agmaryur
2014-02-12 21:32:03 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-12 21:32:02 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-12 21:32:02 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-02-12 21:32:02 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
.
==================== Find3M  ====================
.
2014-02-22 21:22:27 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-22 21:22:26 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-01-06 19:23:36 4558848 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-21 09:53:45 548864 ----a-w- C:\Windows\System32\vbscript.dll
2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
.
============= FINISH: 17:28:22.93 ===============
 

 

 

Attach

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/17/2012 10:58:48 AM
System Uptime: 2/27/2014 5:18:01 PM (0 hours ago)
.
Motherboard: Dell Inc. |  | 018D1Y
Processor: Pentium® Dual-Core  CPU      E6700  @ 3.20GHz | CPU 1 | 3192/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 385.801 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: UMBus Root Bus Enumerator
Device ID: ROOT\UMBUS\0000
Manufacturer: Microsoft
Name: UMBus Root Bus Enumerator
PNP Device ID: ROOT\UMBUS\0000
Service: umbus
.
==== System Restore Points ===================
.
RP304: 2/19/2014 9:02:19 AM - Windows Update
RP305: 2/22/2014 9:53:02 AM - Removed Java 6 Update 27
RP306: 2/22/2014 9:54:45 AM - Installed Java 7 Update 51
RP307: 2/22/2014 6:16:10 PM - Windows Update
RP308: 2/23/2014 3:00:10 AM - Windows Update
RP309: 2/27/2014 5:16:52 PM - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.9)
aioprnt
aioscnnr
American Greetings CreataCard Select 6
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blio
Bounce Symphony
Build-a-lot 2
C4USelfUpdater
Cake Mania
center
Chuzzle Deluxe
Consumer In-Home Service Agreement
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Edoc Viewer
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell VideoStage
Diner Dash 2 Restaurant Rescue
DirectX 9 Runtime
Dora's World Adventure
eBay
Escape Whisper Valley
essentials
Farm Frenzy
FATE
Final Drive Fury
Final Drive Nitro
Google Toolbar for Internet Explorer
Google Update Helper
Google+ Auto Backup
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
Java 7 Update 51
Java Auto Updater
Java 6 Update 27 (64-bit)
Jewel Quest
Jewel Quest Solitaire 2
Junk Mail filter update
Kodak AIO Printer
KODAK AiO Software
Luxor
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Web Publishing Wizard 1.52
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 24.3.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyMailList & AddressBook
Namco All-Stars PAC-MAN
Nero 10 Movie ThemePack Basic
Nero Blu-ray Player
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
ocr
Penguins!
PhotoShowExpress
Picasa 3
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
PreReq
PrintProjects
RBVirtualFolder64Inst
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Samantha Swift
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
Skype™ 5.10
Sonic CinePlayer Decoder Pack
SyncUP
TeamViewer 8
TrustedID
TrustedID IDMonitor Identity Protection
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
Wedding Dash - Ready, Aim, Love!
WildTangent Games
WildTangent Games App (Dell Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zinio Reader 4
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
2/27/2014 6:17:04 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.167.650.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10302.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/27/2014 5:28:26 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.167.650.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10302.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/27/2014 5:22:55 PM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
2/27/2014 5:20:31 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
2/27/2014 5:17:25 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.167.650.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10302.0   Error code: 0x8024001e   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/26/2014 8:13:56 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk5\DR5.
2/25/2014 8:30:47 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect.
2/25/2014 8:30:47 PM, Error: Service Control Manager [7000]  - The Intel® Rapid Storage Technology service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/25/2014 7:19:48 PM, Error: Service Control Manager [7034]  - The SoftThinks Agent Service service terminated unexpectedly.  It has done this 1 time(s).
2/25/2014 7:19:41 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
2/25/2014 7:19:41 PM, Error: Service Control Manager [7000]  - The Windows Live ID Sign-in Assistant service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/22/2014 7:00:10 PM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
2/22/2014 6:58:07 PM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
2/22/2014 12:55:05 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TeamViewer8 service.
2/22/2014 11:07:52 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
2/22/2014 11:07:52 AM, Error: Service Control Manager [7000]  - The Windows Media Player Network Sharing Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/22/2014 11:05:10 AM, Error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/22/2014 11:05:09 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
2/22/2014 1:52:59 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
2/22/2014 1:19:45 PM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 107.
2/22/2014 1:19:45 PM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
2/22/2014 1:03:19 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
2/22/2014 1:03:10 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
2/22/2014 1:03:10 PM, Error: Service Control Manager [7000]  - The Windows Modules Installer service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 

Link to post
Share on other sites

Thanks!

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

Hello Borislav,

 

Started ComboFix and it hung-up. It completed Stage_50. I let it run for almost 2 hours and the PC power saver kicked-in and shut-down the system for no activity. I checked the Task Manager and the dllhost.exe *32 we all there having a party...

 

Shall I try ComboFix again? Should I reboot?

Link to post
Share on other sites

OK Maniac,  I was able to get ComboFix to run (as Administrator) on the 'Corky' User.  The log is below.   I will try to run it while logged into the 'Vince' user again to see if it will finish.

 

Corky User ComboFix Log:

 

ComboFix 14-02-24.02 - home 02/28/2014  15:47:46.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2013.915 [GMT -7:00]
Running from: c:\users\home\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
W:\Autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-28 to 2014-02-28  )))))))))))))))))))))))))))))))
.
.
2014-02-28 23:08 . 2014-02-28 23:08    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-02-28 02:11 . 2014-02-28 22:43    75888    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5517EC59-6561-4FF6-B591-659D503B8DDB}\offreg.dll
2014-02-27 02:32 . 2014-02-06 09:01    10536864    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5517EC59-6561-4FF6-B591-659D503B8DDB}\mpengine.dll
2014-02-26 12:25 . 2014-02-26 12:25    --------    d-----w-    C:\Malwarebytes_Log
2014-02-26 03:31 . 2014-02-26 03:31    --------    d-----w-    c:\users\Corky\AppData\Roaming\Malwarebytes
2014-02-26 02:21 . 2014-02-26 02:21    --------    d-----w-    c:\users\home\AppData\Roaming\Malwarebytes
2014-02-26 02:21 . 2014-02-26 02:21    --------    d-----w-    c:\programdata\Malwarebytes
2014-02-26 02:20 . 2013-04-04 21:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-02-26 02:20 . 2014-02-26 02:21    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-23 09:23 . 2014-02-06 09:01    10536864    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-22 16:56 . 2014-02-22 16:56    --------    d-----w-    c:\programdata\Oracle
2014-02-22 16:55 . 2014-02-22 16:55    --------    d-----w-    c:\program files (x86)\Common Files\Java
2014-02-22 16:55 . 2014-02-22 16:55    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-22 16:54 . 2014-02-22 16:54    --------    d-----w-    c:\program files (x86)\Java
2014-02-22 00:30 . 2014-02-22 00:30    1031560    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A2D2D5C-D0C7-4F5A-9728-633720A1109A}\gapaengine.dll
2014-02-17 02:52 . 2014-02-17 02:52    --------    d-----w-    C:\found.000
2014-02-15 21:17 . 2014-02-18 15:51    --------    d-----w-    c:\users\Corky\AppData\Roaming\Agmaryur
2014-02-13 10:00 . 2014-02-06 11:12    2765824    ----a-w-    c:\windows\system32\iertutil.dll
2014-02-12 21:32 . 2013-12-06 02:30    1882112    ----a-w-    c:\windows\system32\msxml3.dll
2014-02-12 21:32 . 2013-12-06 02:30    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2014-02-12 21:32 . 2013-12-06 02:02    2048    ----a-w-    c:\windows\SysWow64\msxml3r.dll
2014-02-12 21:32 . 2013-12-06 02:02    1237504    ----a-w-    c:\windows\SysWow64\msxml3.dll
2014-02-05 17:19 . 2014-02-05 20:58    --------    d-----w-    c:\program files (x86)\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-22 21:22 . 2013-04-11 15:57    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-22 21:22 . 2012-01-13 09:53    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-16 10:02 . 2012-10-08 15:50    88567024    ----a-w-    c:\windows\system32\MRT.exe
2014-01-19 07:33 . 2010-11-21 03:27    270496    ------w-    c:\windows\system32\MpSigStub.exe
2014-01-06 19:23 . 2014-01-06 19:23    4558848    ----a-w-    c:\windows\SysWow64\GPhotos.scr
2013-12-11 10:03 . 2013-12-11 10:03    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-11 10:03 . 2013-12-11 10:03    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-12-11 10:03 . 2013-12-11 10:03    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-11 10:03 . 2013-12-11 10:03    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2013-12-11 10:03 . 2013-12-11 10:03    235008    ----a-w-    c:\windows\system32\elshyph.dll
2013-12-11 10:03 . 2013-12-11 10:03    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-12-11 10:03 . 2013-12-11 10:03    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-12-11 10:03 . 2013-12-11 10:03    34816    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-11 10:03 . 2013-12-11 10:03    337408    ----a-w-    c:\windows\SysWow64\html.iec
2013-12-11 10:03 . 2013-12-11 10:03    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-12-11 10:03 . 2013-12-11 10:03    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-12-11 10:03 . 2013-12-11 10:03    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-12-11 10:03 . 2013-12-11 10:03    1051136    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-12-11 10:03 . 2013-12-11 10:03    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2013-12-11 10:03 . 2013-12-11 10:03    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-12-11 10:03 . 2013-12-11 10:03    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-12-11 10:03 . 2013-12-11 10:03    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2013-12-11 10:03 . 2013-12-11 10:03    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-11 10:03 . 2013-12-11 10:03    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-12-11 10:03 . 2013-12-11 10:03    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-12-11 10:03 . 2013-12-11 10:03    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2013-12-11 10:03 . 2013-12-11 10:03    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-12-11 10:03 . 2013-12-11 10:03    247808    ----a-w-    c:\windows\system32\msls31.dll
2013-12-11 10:03 . 2013-12-11 10:03    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-12-11 10:03 . 2013-12-11 10:03    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-12-11 10:03 . 2013-12-11 10:03    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-12-11 10:03 . 2013-12-11 10:03    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-12-11 10:03 . 2013-12-11 10:03    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-12-11 10:03 . 2013-12-11 10:03    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-12-11 10:03 . 2013-12-11 10:03    413696    ----a-w-    c:\windows\system32\html.iec
2013-12-11 10:03 . 2013-12-11 10:03    40448    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-11 10:03 . 2013-12-11 10:03    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2013-12-11 10:03 . 2013-12-11 10:03    296960    ----a-w-    c:\windows\system32\dxtrans.dll
2013-12-11 10:03 . 2013-12-11 10:03    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2013-12-11 10:03 . 2013-12-11 10:03    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-12-11 10:03 . 2013-12-11 10:03    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-12-11 10:03 . 2013-12-11 10:03    453120    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-12-11 10:03 . 2013-12-11 10:03    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2013-12-11 10:03 . 2013-12-11 10:03    263376    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-12-11 10:03 . 2013-12-11 10:03    243200    ----a-w-    c:\windows\system32\webcheck.dll
2013-12-11 10:03 . 2013-12-11 10:03    235520    ----a-w-    c:\windows\system32\url.dll
2013-12-11 10:03 . 2013-12-11 10:03    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-12-11 10:03 . 2013-12-11 10:03    143872    ----a-w-    c:\windows\system32\wextract.exe
2013-12-11 10:03 . 2013-12-11 10:03    1228800    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-12-11 10:03 . 2013-12-11 10:03    101376    ----a-w-    c:\windows\system32\inseng.dll
2013-12-11 10:03 . 2013-12-11 10:03    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2013-12-11 10:03 . 2013-12-11 10:03    147968    ----a-w-    c:\windows\system32\occache.dll
2013-12-11 10:03 . 2013-12-11 10:03    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-12-11 10:03 . 2013-12-11 10:03    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2013-12-11 10:03 . 2013-12-11 10:03    774144    ----a-w-    c:\windows\system32\jscript.dll
2013-12-11 10:03 . 2013-12-11 10:03    48128    ----a-w-    c:\windows\system32\imgutil.dll
2013-12-11 10:03 . 2013-12-11 10:03    135680    ----a-w-    c:\windows\system32\iepeers.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2013-03-15 2236792]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Forget Me Not.lnk - c:\program files (x86)\Broderbund\AG CreataCard\AGRemind.exe [2012-2-3 323584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [x]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-11 21:22]
.
2014-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 18:38]
.
2014-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 18:38]
.
2014-02-28 c:\windows\Tasks\PrintProjects Communicator.job
- c:\programdata\PrintProjects\Communicator.exe [2013-01-29 01:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-24 1266912]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2012-10-08 3182080]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm


IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\s6sp1a4d.default\
FF - prefs.js: browser.search.selectedEngine - Google


FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MySoftware NewsFlash.lnk - c:\program files (x86)\Common Files\MySoftware\NewsFlsh.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files (x86)\Ask.com\Updater\Updater.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-28  17:00:52
ComboFix-quarantined-files.txt  2014-03-01 00:00
.
Pre-Run: 414,553,890,816 bytes free
Post-Run: 419,605,626,880 bytes free
.
- - End Of File - - 50A1549DB1922726E2C284A1F2125D31
5C616939100B85E558DA92B899A0FC36
 

Link to post
Share on other sites

ComboFix from the 'Vince' User.                Task Manager shows dllhost.exe *32 still shows 20+  instances...

 

 

 

 

ComboFix 14-02-24.02 - Corky 02/28/2014  17:31:15.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2013.161 [GMT -7:00]
Running from: c:\users\Corky\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-01 to 2014-03-01  )))))))))))))))))))))))))))))))
.
.
2014-03-01 00:45 . 2014-03-01 00:45    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-02-28 02:11 . 2014-02-28 22:43    75888    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5517EC59-6561-4FF6-B591-659D503B8DDB}\offreg.dll
2014-02-27 02:32 . 2014-02-06 09:01    10536864    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5517EC59-6561-4FF6-B591-659D503B8DDB}\mpengine.dll
2014-02-26 12:25 . 2014-02-26 12:25    --------    d-----w-    C:\Malwarebytes_Log
2014-02-26 03:31 . 2014-02-26 03:31    --------    d-----w-    c:\users\Corky\AppData\Roaming\Malwarebytes
2014-02-26 02:21 . 2014-02-26 02:21    --------    d-----w-    c:\users\home\AppData\Roaming\Malwarebytes
2014-02-26 02:21 . 2014-02-26 02:21    --------    d-----w-    c:\programdata\Malwarebytes
2014-02-26 02:20 . 2013-04-04 21:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-02-26 02:20 . 2014-02-26 02:21    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-23 09:23 . 2014-02-06 09:01    10536864    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-22 16:56 . 2014-02-22 16:56    --------    d-----w-    c:\programdata\Oracle
2014-02-22 16:55 . 2014-02-22 16:55    --------    d-----w-    c:\program files (x86)\Common Files\Java
2014-02-22 16:55 . 2014-02-22 16:55    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-22 16:54 . 2014-02-22 16:54    --------    d-----w-    c:\program files (x86)\Java
2014-02-22 00:30 . 2014-02-22 00:30    1031560    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A2D2D5C-D0C7-4F5A-9728-633720A1109A}\gapaengine.dll
2014-02-17 02:52 . 2014-02-17 02:52    --------    d-----w-    C:\found.000
2014-02-15 21:17 . 2014-02-18 15:51    --------    d-----w-    c:\users\Corky\AppData\Roaming\Agmaryur
2014-02-13 10:00 . 2014-02-06 11:12    2765824    ----a-w-    c:\windows\system32\iertutil.dll
2014-02-12 21:32 . 2013-12-06 02:30    1882112    ----a-w-    c:\windows\system32\msxml3.dll
2014-02-12 21:32 . 2013-12-06 02:30    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2014-02-12 21:32 . 2013-12-06 02:02    2048    ----a-w-    c:\windows\SysWow64\msxml3r.dll
2014-02-12 21:32 . 2013-12-06 02:02    1237504    ----a-w-    c:\windows\SysWow64\msxml3.dll
2014-02-05 17:19 . 2014-02-05 20:58    --------    d-----w-    c:\program files (x86)\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-22 21:22 . 2013-04-11 15:57    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-22 21:22 . 2012-01-13 09:53    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-16 10:02 . 2012-10-08 15:50    88567024    ----a-w-    c:\windows\system32\MRT.exe
2014-01-19 07:33 . 2010-11-21 03:27    270496    ------w-    c:\windows\system32\MpSigStub.exe
2014-01-06 19:23 . 2014-01-06 19:23    4558848    ----a-w-    c:\windows\SysWow64\GPhotos.scr
2013-12-11 10:03 . 2013-12-11 10:03    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-11 10:03 . 2013-12-11 10:03    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-12-11 10:03 . 2013-12-11 10:03    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-11 10:03 . 2013-12-11 10:03    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2013-12-11 10:03 . 2013-12-11 10:03    235008    ----a-w-    c:\windows\system32\elshyph.dll
2013-12-11 10:03 . 2013-12-11 10:03    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-12-11 10:03 . 2013-12-11 10:03    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-12-11 10:03 . 2013-12-11 10:03    34816    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-11 10:03 . 2013-12-11 10:03    337408    ----a-w-    c:\windows\SysWow64\html.iec
2013-12-11 10:03 . 2013-12-11 10:03    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-12-11 10:03 . 2013-12-11 10:03    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-12-11 10:03 . 2013-12-11 10:03    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-12-11 10:03 . 2013-12-11 10:03    1051136    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-12-11 10:03 . 2013-12-11 10:03    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2013-12-11 10:03 . 2013-12-11 10:03    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-12-11 10:03 . 2013-12-11 10:03    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-12-11 10:03 . 2013-12-11 10:03    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2013-12-11 10:03 . 2013-12-11 10:03    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-11 10:03 . 2013-12-11 10:03    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-12-11 10:03 . 2013-12-11 10:03    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-12-11 10:03 . 2013-12-11 10:03    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2013-12-11 10:03 . 2013-12-11 10:03    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-12-11 10:03 . 2013-12-11 10:03    247808    ----a-w-    c:\windows\system32\msls31.dll
2013-12-11 10:03 . 2013-12-11 10:03    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-12-11 10:03 . 2013-12-11 10:03    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-12-11 10:03 . 2013-12-11 10:03    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-12-11 10:03 . 2013-12-11 10:03    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-12-11 10:03 . 2013-12-11 10:03    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-12-11 10:03 . 2013-12-11 10:03    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-12-11 10:03 . 2013-12-11 10:03    413696    ----a-w-    c:\windows\system32\html.iec
2013-12-11 10:03 . 2013-12-11 10:03    40448    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-11 10:03 . 2013-12-11 10:03    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2013-12-11 10:03 . 2013-12-11 10:03    296960    ----a-w-    c:\windows\system32\dxtrans.dll
2013-12-11 10:03 . 2013-12-11 10:03    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2013-12-11 10:03 . 2013-12-11 10:03    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-12-11 10:03 . 2013-12-11 10:03    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-12-11 10:03 . 2013-12-11 10:03    453120    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-12-11 10:03 . 2013-12-11 10:03    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2013-12-11 10:03 . 2013-12-11 10:03    263376    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-12-11 10:03 . 2013-12-11 10:03    243200    ----a-w-    c:\windows\system32\webcheck.dll
2013-12-11 10:03 . 2013-12-11 10:03    235520    ----a-w-    c:\windows\system32\url.dll
2013-12-11 10:03 . 2013-12-11 10:03    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-12-11 10:03 . 2013-12-11 10:03    143872    ----a-w-    c:\windows\system32\wextract.exe
2013-12-11 10:03 . 2013-12-11 10:03    1228800    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-12-11 10:03 . 2013-12-11 10:03    101376    ----a-w-    c:\windows\system32\inseng.dll
2013-12-11 10:03 . 2013-12-11 10:03    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2013-12-11 10:03 . 2013-12-11 10:03    147968    ----a-w-    c:\windows\system32\occache.dll
2013-12-11 10:03 . 2013-12-11 10:03    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-12-11 10:03 . 2013-12-11 10:03    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2013-12-11 10:03 . 2013-12-11 10:03    774144    ----a-w-    c:\windows\system32\jscript.dll
2013-12-11 10:03 . 2013-12-11 10:03    48128    ----a-w-    c:\windows\system32\imgutil.dll
2013-12-11 10:03 . 2013-12-11 10:03    135680    ----a-w-    c:\windows\system32\iepeers.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google+ Auto Backup"="c:\users\home\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" [2014-01-06 3619096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2013-03-15 2236792]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Forget Me Not.lnk - c:\program files (x86)\Broderbund\AG CreataCard\AGRemind.exe [2012-2-3 323584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [x]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-11 21:22]
.
2014-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 18:38]
.
2014-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 18:38]
.
2014-03-01 c:\windows\Tasks\PrintProjects Communicator.job
- c:\programdata\PrintProjects\Communicator.exe [2013-01-29 01:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-24 1266912]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2012-10-08 3182080]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\s6sp1a4d.default\
FF - prefs.js: browser.search.selectedEngine - Google


FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Ogvowo - c:\users\Corky\AppData\Roaming\Agmaryur\tagiu.exe
Wow6432Node-HKCU-Run-Nero Update - c:\users\Corky\AppData\Local\Nero\ep0lvr1l.dll
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-28  18:05:01
ComboFix-quarantined-files.txt  2014-03-01 01:04
ComboFix2.txt  2014-03-01 00:00
.
Pre-Run: 418,040,938,496 bytes free
Post-Run: 417,483,919,360 bytes free
.
- - End Of File - - 84567A744C9939917149646F31013616
5C616939100B85E558DA92B899A0FC36
 

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::

C:\found.000

C:\users\Corky\AppData\Roaming\Agmaryur

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Thanks Maniac,

 

  Here's the log (run with the 'Vince' user logged-in).

 

 

ComboFix 14-02-24.02 - Corky 03/02/2014   8:16.4.2 - x64
Running from: c:\users\Corky\Desktop\ComboFix.exe
Command switches used :: c:\users\Corky\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\found.000
c:\found.000\dir0000.chk\0Z1A2H16.txt
c:\found.000\dir0000.chk\58W81RY9.txt
c:\found.000\dir0000.chk\5TBJCOA4.txt
c:\found.000\dir0000.chk\6OTNKIGQ.txt
c:\found.000\dir0000.chk\B8ZPYL83.txt
c:\found.000\dir0000.chk\LL8EOZ7B.txt
c:\found.000\dir0000.chk\Q004CY3K.txt
c:\found.000\dir0000.chk\WNQCXA6V.txt
c:\found.000\dir0000.chk\YYAYBPVB.txt
c:\found.000\file0000.chk
c:\users\Corky\AppData\Roaming\Agmaryur
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-02 to 2014-03-02  )))))))))))))))))))))))))))))))
.
.
2014-03-02 15:33 . 2014-03-02 15:33    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-03-02 14:53 . 2014-03-02 14:53    75888    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA4658BC-034E-4612-81FA-98B6AC9BC28E}\offreg.dll
2014-03-01 21:36 . 2014-02-06 09:01    10536864    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA4658BC-034E-4612-81FA-98B6AC9BC28E}\mpengine.dll
2014-02-27 02:32 . 2014-02-06 09:01    10536864    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-26 12:25 . 2014-02-26 12:25    --------    d-----w-    C:\Malwarebytes_Log
2014-02-26 03:31 . 2014-02-26 03:31    --------    d-----w-    c:\users\Corky\AppData\Roaming\Malwarebytes
2014-02-26 02:21 . 2014-02-26 02:21    --------    d-----w-    c:\users\home\AppData\Roaming\Malwarebytes
2014-02-26 02:21 . 2014-02-26 02:21    --------    d-----w-    c:\programdata\Malwarebytes
2014-02-26 02:20 . 2013-04-04 21:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-02-26 02:20 . 2014-02-26 02:21    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-22 16:56 . 2014-02-22 16:56    --------    d-----w-    c:\programdata\Oracle
2014-02-22 16:55 . 2014-02-22 16:55    --------    d-----w-    c:\program files (x86)\Common Files\Java
2014-02-22 16:55 . 2014-02-22 16:55    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-22 16:54 . 2014-02-22 16:54    --------    d-----w-    c:\program files (x86)\Java
2014-02-22 00:30 . 2014-02-22 00:30    1031560    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A2D2D5C-D0C7-4F5A-9728-633720A1109A}\gapaengine.dll
2014-02-13 10:00 . 2014-02-06 11:12    2765824    ----a-w-    c:\windows\system32\iertutil.dll
2014-02-12 21:32 . 2013-12-06 02:30    1882112    ----a-w-    c:\windows\system32\msxml3.dll
2014-02-12 21:32 . 2013-12-06 02:30    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2014-02-12 21:32 . 2013-12-06 02:02    2048    ----a-w-    c:\windows\SysWow64\msxml3r.dll
2014-02-12 21:32 . 2013-12-06 02:02    1237504    ----a-w-    c:\windows\SysWow64\msxml3.dll
2014-02-05 17:19 . 2014-02-05 20:58    --------    d-----w-    c:\program files (x86)\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-22 21:22 . 2013-04-11 15:57    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-22 21:22 . 2012-01-13 09:53    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-16 10:02 . 2012-10-08 15:50    88567024    ----a-w-    c:\windows\system32\MRT.exe
2014-01-19 07:33 . 2010-11-21 03:27    270496    ------w-    c:\windows\system32\MpSigStub.exe
2014-01-06 19:23 . 2014-01-06 19:23    4558848    ----a-w-    c:\windows\SysWow64\GPhotos.scr
2013-12-11 10:03 . 2013-12-11 10:03    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-11 10:03 . 2013-12-11 10:03    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-12-11 10:03 . 2013-12-11 10:03    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-11 10:03 . 2013-12-11 10:03    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2013-12-11 10:03 . 2013-12-11 10:03    235008    ----a-w-    c:\windows\system32\elshyph.dll
2013-12-11 10:03 . 2013-12-11 10:03    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-12-11 10:03 . 2013-12-11 10:03    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-12-11 10:03 . 2013-12-11 10:03    34816    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-11 10:03 . 2013-12-11 10:03    337408    ----a-w-    c:\windows\SysWow64\html.iec
2013-12-11 10:03 . 2013-12-11 10:03    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-12-11 10:03 . 2013-12-11 10:03    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-12-11 10:03 . 2013-12-11 10:03    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-12-11 10:03 . 2013-12-11 10:03    1051136    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-12-11 10:03 . 2013-12-11 10:03    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2013-12-11 10:03 . 2013-12-11 10:03    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-12-11 10:03 . 2013-12-11 10:03    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-12-11 10:03 . 2013-12-11 10:03    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2013-12-11 10:03 . 2013-12-11 10:03    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-11 10:03 . 2013-12-11 10:03    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-12-11 10:03 . 2013-12-11 10:03    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-12-11 10:03 . 2013-12-11 10:03    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2013-12-11 10:03 . 2013-12-11 10:03    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-12-11 10:03 . 2013-12-11 10:03    247808    ----a-w-    c:\windows\system32\msls31.dll
2013-12-11 10:03 . 2013-12-11 10:03    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-12-11 10:03 . 2013-12-11 10:03    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-12-11 10:03 . 2013-12-11 10:03    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-12-11 10:03 . 2013-12-11 10:03    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-12-11 10:03 . 2013-12-11 10:03    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-12-11 10:03 . 2013-12-11 10:03    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-12-11 10:03 . 2013-12-11 10:03    413696    ----a-w-    c:\windows\system32\html.iec
2013-12-11 10:03 . 2013-12-11 10:03    40448    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-11 10:03 . 2013-12-11 10:03    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2013-12-11 10:03 . 2013-12-11 10:03    296960    ----a-w-    c:\windows\system32\dxtrans.dll
2013-12-11 10:03 . 2013-12-11 10:03    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2013-12-11 10:03 . 2013-12-11 10:03    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-12-11 10:03 . 2013-12-11 10:03    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-12-11 10:03 . 2013-12-11 10:03    453120    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-12-11 10:03 . 2013-12-11 10:03    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2013-12-11 10:03 . 2013-12-11 10:03    263376    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-12-11 10:03 . 2013-12-11 10:03    243200    ----a-w-    c:\windows\system32\webcheck.dll
2013-12-11 10:03 . 2013-12-11 10:03    235520    ----a-w-    c:\windows\system32\url.dll
2013-12-11 10:03 . 2013-12-11 10:03    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-12-11 10:03 . 2013-12-11 10:03    143872    ----a-w-    c:\windows\system32\wextract.exe
2013-12-11 10:03 . 2013-12-11 10:03    1228800    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-12-11 10:03 . 2013-12-11 10:03    101376    ----a-w-    c:\windows\system32\inseng.dll
2013-12-11 10:03 . 2013-12-11 10:03    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2013-12-11 10:03 . 2013-12-11 10:03    147968    ----a-w-    c:\windows\system32\occache.dll
2013-12-11 10:03 . 2013-12-11 10:03    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-12-11 10:03 . 2013-12-11 10:03    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2013-12-11 10:03 . 2013-12-11 10:03    774144    ----a-w-    c:\windows\system32\jscript.dll
2013-12-11 10:03 . 2013-12-11 10:03    48128    ----a-w-    c:\windows\system32\imgutil.dll
2013-12-11 10:03 . 2013-12-11 10:03    135680    ----a-w-    c:\windows\system32\iepeers.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google+ Auto Backup"="c:\users\home\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" [2014-01-06 3619096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2013-03-15 2236792]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Forget Me Not.lnk - c:\program files (x86)\Broderbund\AG CreataCard\AGRemind.exe [2012-2-3 323584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [x]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-11 21:22]
.
2014-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 18:38]
.
2014-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 18:38]
.
2014-03-02 c:\windows\Tasks\PrintProjects Communicator.job
- c:\programdata\PrintProjects\Communicator.exe [2013-01-29 01:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-24 1266912]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2012-10-08 3182080]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\s6sp1a4d.default\
FF - prefs.js: browser.search.selectedEngine - Google


FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-02  08:39:38
ComboFix-quarantined-files.txt  2014-03-02 15:39
ComboFix2.txt  2014-03-01 01:05
ComboFix3.txt  2014-03-01 00:00
.
Pre-Run: 420,568,588,288 bytes free
Post-Run: 422,222,471,168 bytes free
.
- - End Of File - - 5D37A5F39EDBA530D41E824426D49A9E
5C616939100B85E558DA92B899A0FC36
 

Link to post
Share on other sites

Run this one in your previous account:

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

Thanks Maniac,

 

  Here's the list from ESET.

 

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe    a variant of Win32/HiddenStart.A potentially unsafe application    deleted - quarantined
C:\Users\Corky\AppData\Roaming\Mozilla\Firefox\Profiles\wdu44fp5.default\extensions\xmbpszlvlv@xmbpszlvlv.org.xpi    Win32/TrojanDownloader.Tracur.V trojan    deleted - quarantined
C:\Users\home\Downloads\ArcadeCandyGames.exe    a variant of Win32/Adware.Gamevance.DD potentially unwanted application    deleted - quarantined
C:\Users\home\Downloads\Virtual_Families(1).exe    a variant of Win32/InstallCore.AZ potentially unwanted application    deleted - quarantined
C:\Users\home\Downloads\Virtual_Families(2).exe    a variant of Win32/InstallCore.AZ potentially unwanted application    deleted - quarantined
C:\Users\home\Downloads\Virtual_Families.exe    a variant of Win32/InstallCore.AZ potentially unwanted application    deleted - quarantined
 

Link to post
Share on other sites

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Link to post
Share on other sites

Hello Maniac,

 

  I ran the Kaspersky from a boot CD.  It updated the virus database and ran completely.  It found no viruses.  Here is the report, but it also includes the reports from the very first occurrance on 2/19/14.

 

  When I log into the Vince User, the COM Surrogates still load.

 

Objects Scan: completed 11 days ago   (events: 132, objects: 18065033, time: 1 day 10:33:52)    
2/19/14 6:53 PM    Task started            
2/19/14 6:56 PM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{5762F53F-8490-AF5A-FA76-44486DCF62B0}-tagiu.exe/PE-Crypt.XorPE        
2/19/14 6:56 PM    Untreated: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{5762F53F-8490-AF5A-FA76-44486DCF62B0}-tagiu.exe/PE-Crypt.XorPE    Postponed    
2/19/14 6:56 PM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{70BA0564-6172-3A47-F1E5-5A3D9BBB51C3}-tagiu.exe/PE-Crypt.XorPE        
2/19/14 6:56 PM    Untreated: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{70BA0564-6172-3A47-F1E5-5A3D9BBB51C3}-tagiu.exe/PE-Crypt.XorPE    Postponed    
2/19/14 6:56 PM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{8AAE4AA0-09E7-1055-E9BE-6BB068BDC715}-tagiu.exe/PE-Crypt.XorPE        
2/19/14 6:56 PM    Untreated: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{8AAE4AA0-09E7-1055-E9BE-6BB068BDC715}-tagiu.exe/PE-Crypt.XorPE    Postponed    
2/19/14 6:56 PM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{92E8B37D-CA2A-75C4-F8D6-A5788CAABC95}-tagiu.exe/PE-Crypt.XorPE        
2/19/14 6:56 PM    Untreated: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{92E8B37D-CA2A-75C4-F8D6-A5788CAABC95}-tagiu.exe/PE-Crypt.XorPE    Postponed    
2/19/14 6:56 PM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{C2A96D38-9E61-2394-933D-BD9068E6ABAA}-tagiu.exe/PE-Crypt.XorPE        
2/19/14 6:56 PM    Untreated: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{C2A96D38-9E61-2394-933D-BD9068E6ABAA}-tagiu.exe/PE-Crypt.XorPE    Postponed    
2/19/14 6:56 PM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{D19917F3-9E4D-4551-5CD7-9E55B198ACBF}-tagiu.exe/PE-Crypt.XorPE        
2/19/14 6:56 PM    Untreated: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{D19917F3-9E4D-4551-5CD7-9E55B198ACBF}-tagiu.exe/PE-Crypt.XorPE    Postponed    
2/19/14 6:56 PM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{DB9E0EA4-CAE8-9989-C839-DE941ED79498}-tagiu.exe/PE-Crypt.XorPE        
2/19/14 6:56 PM    Untreated: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{DB9E0EA4-CAE8-9989-C839-DE941ED79498}-tagiu.exe/PE-Crypt.XorPE    Postponed    
2/19/14 6:56 PM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{E4FAA231-1F2B-D093-3803-B0E23AC122B1}-tagiu.exe/PE-Crypt.XorPE        
2/19/14 6:56 PM    Untreated: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{E4FAA231-1F2B-D093-3803-B0E23AC122B1}-tagiu.exe/PE-Crypt.XorPE    Postponed    
2/19/14 6:56 PM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{F6CE98A5-44DC-FE01-A503-FE633ACA668C}-tagiu.exe/PE-Crypt.XorPE        
2/19/14 6:56 PM    Untreated: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{F6CE98A5-44DC-FE01-A503-FE633ACA668C}-tagiu.exe/PE-Crypt.XorPE    Postponed    
2/19/14 8:25 PM    Detected: HEUR:Exploit.Java.Generic    C:/Users/Corky/AppData/Local/Temp/jar_cache1857433323775726069.tmp        
2/19/14 8:25 PM    Untreated: HEUR:Exploit.Java.Generic    C:/Users/Corky/AppData/Local/Temp/jar_cache1857433323775726069.tmp    Postponed    
2/19/14 8:25 PM    Detected: Trojan-Spy.Win32.Zbot.rnmz    C:/Users/Corky/AppData/Local/Temp/UpdateFlashPlayer_522f081a.exe        
2/19/14 8:25 PM    Untreated: Trojan-Spy.Win32.Zbot.rnmz    C:/Users/Corky/AppData/Local/Temp/UpdateFlashPlayer_522f081a.exe    Postponed    
2/19/14 8:25 PM    Detected: Trojan-Spy.Win32.Zbot.rnnx    C:/Users/Corky/AppData/Local/Temp/vxfile.exe        
2/19/14 8:25 PM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/Users/Corky/AppData/Local/Temp/UpdateFlashPlayer_57a4d05a.exe        
2/19/14 8:25 PM    Untreated: Trojan-Spy.Win32.Zbot.rnnx    C:/Users/Corky/AppData/Local/Temp/vxfile.exe    Postponed    
2/19/14 8:25 PM    Untreated: Trojan-Spy.Win32.Zbot.rnna    C:/Users/Corky/AppData/Local/Temp/UpdateFlashPlayer_57a4d05a.exe    Postponed    
2/19/14 10:31 PM    Detected: not-a-virus:AdWare.Win32.iBryte.jcr    C:/Users/Corky/Downloads/MineCraft.exe        
2/19/14 10:31 PM    Untreated: not-a-virus:AdWare.Win32.iBryte.jcr    C:/Users/Corky/Downloads/MineCraft.exe    Postponed    
2/19/14 11:18 PM    Detected: HEUR:Exploit.Java.Generic    C:/Users/Corky/AppData/Local/Temp/jar_cache1857433323775726069.tmp        
2/19/14 11:18 PM    Untreated: HEUR:Exploit.Java.Generic    C:/Users/Corky/AppData/Local/Temp/jar_cache1857433323775726069.tmp    Postponed    
2/19/14 11:18 PM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/Users/Corky/AppData/Local/Temp/UpdateFlashPlayer_57a4d05a.exe        
2/19/14 11:18 PM    Untreated: Trojan-Spy.Win32.Zbot.rnna    C:/Users/Corky/AppData/Local/Temp/UpdateFlashPlayer_57a4d05a.exe    Postponed    
2/19/14 11:18 PM    Detected: Trojan-Spy.Win32.Zbot.rnmz    C:/Users/Corky/AppData/Local/Temp/UpdateFlashPlayer_522f081a.exe        
2/19/14 11:18 PM    Untreated: Trojan-Spy.Win32.Zbot.rnmz    C:/Users/Corky/AppData/Local/Temp/UpdateFlashPlayer_522f081a.exe    Postponed    
2/19/14 11:18 PM    Detected: Trojan-Spy.Win32.Zbot.rnnx    C:/Users/Corky/AppData/Local/Temp/vxfile.exe        
2/19/14 11:18 PM    Untreated: Trojan-Spy.Win32.Zbot.rnnx    C:/Users/Corky/AppData/Local/Temp/vxfile.exe    Postponed    
2/20/14 5:25 AM    Detected: not-a-virus:AdWare.Win32.iBryte.jda    C:/Users/home/Downloads/Setup(1).exe        
2/20/14 5:25 AM    Untreated: not-a-virus:AdWare.Win32.iBryte.jda    C:/Users/home/Downloads/Setup(1).exe    Postponed    
2/20/14 5:25 AM    Detected: not-a-virus:AdWare.Win32.iBryte.jda    C:/Users/home/Downloads/Setup.exe        
2/20/14 5:25 AM    Untreated: not-a-virus:AdWare.Win32.iBryte.jda    C:/Users/home/Downloads/Setup.exe    Postponed    
2/20/14 9:31 AM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{70BA0564-6172-3A47-F1E5-5A3D9BBB51C3}-tagiu.exe/PE-Crypt.XorPE        
2/20/14 9:31 AM    Untreated: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{70BA0564-6172-3A47-F1E5-5A3D9BBB51C3}-tagiu.exe/PE-Crypt.XorPE    Postponed    
2/20/14 9:31 AM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{5762F53F-8490-AF5A-FA76-44486DCF62B0}-tagiu.exe/PE-Crypt.XorPE        
2/20/14 9:31 AM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{8AAE4AA0-09E7-1055-E9BE-6BB068BDC715}-tagiu.exe/PE-Crypt.XorPE        
2/20/14 9:31 AM    Untreated: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{5762F53F-8490-AF5A-FA76-44486DCF62B0}-tagiu.exe/PE-Crypt.XorPE    Postponed    
2/20/14 9:31 AM    Untreated: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{8AAE4AA0-09E7-1055-E9BE-6BB068BDC715}-tagiu.exe/PE-Crypt.XorPE    Postponed    
2/20/14 9:31 AM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{D19917F3-9E4D-4551-5CD7-9E55B198ACBF}-tagiu.exe/PE-Crypt.XorPE        
2/20/14 9:31 AM    Untreated: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{D19917F3-9E4D-4551-5CD7-9E55B198ACBF}-tagiu.exe/PE-Crypt.XorPE    Postponed    
2/20/14 9:31 AM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{92E8B37D-CA2A-75C4-F8D6-A5788CAABC95}-tagiu.exe/PE-Crypt.XorPE        
2/20/14 9:31 AM    Untreated: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{92E8B37D-CA2A-75C4-F8D6-A5788CAABC95}-tagiu.exe/PE-Crypt.XorPE    Postponed    
2/20/14 9:31 AM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{C2A96D38-9E61-2394-933D-BD9068E6ABAA}-tagiu.exe/PE-Crypt.XorPE        
2/20/14 9:31 AM    Untreated: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{C2A96D38-9E61-2394-933D-BD9068E6ABAA}-tagiu.exe/PE-Crypt.XorPE    Postponed    
2/20/14 9:31 AM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{DB9E0EA4-CAE8-9989-C839-DE941ED79498}-tagiu.exe/PE-Crypt.XorPE        
2/20/14 9:31 AM    Untreated: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{DB9E0EA4-CAE8-9989-C839-DE941ED79498}-tagiu.exe/PE-Crypt.XorPE    Postponed    
2/20/14 9:31 AM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{E4FAA231-1F2B-D093-3803-B0E23AC122B1}-tagiu.exe/PE-Crypt.XorPE        
2/20/14 9:31 AM    Untreated: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{E4FAA231-1F2B-D093-3803-B0E23AC122B1}-tagiu.exe/PE-Crypt.XorPE    Postponed    
2/20/14 9:31 AM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{F6CE98A5-44DC-FE01-A503-FE633ACA668C}-tagiu.exe/PE-Crypt.XorPE        
2/20/14 9:31 AM    Untreated: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{F6CE98A5-44DC-FE01-A503-FE633ACA668C}-tagiu.exe/PE-Crypt.XorPE    Postponed    
2/20/14 10:26 AM    Detected: HEUR:Exploit.Java.Generic    C:/Users/Corky/AppData/Local/Temp/jar_cache1857433323775726069.tmp        
2/20/14 10:26 AM    Untreated: HEUR:Exploit.Java.Generic    C:/Users/Corky/AppData/Local/Temp/jar_cache1857433323775726069.tmp    Postponed    
2/20/14 10:26 AM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/Users/Corky/AppData/Local/Temp/UpdateFlashPlayer_57a4d05a.exe        
2/20/14 10:26 AM    Untreated: Trojan-Spy.Win32.Zbot.rnna    C:/Users/Corky/AppData/Local/Temp/UpdateFlashPlayer_57a4d05a.exe    Postponed    
2/20/14 10:26 AM    Detected: Trojan-Spy.Win32.Zbot.rnmz    C:/Users/Corky/AppData/Local/Temp/UpdateFlashPlayer_522f081a.exe        
2/20/14 10:26 AM    Untreated: Trojan-Spy.Win32.Zbot.rnmz    C:/Users/Corky/AppData/Local/Temp/UpdateFlashPlayer_522f081a.exe    Postponed    
2/20/14 10:26 AM    Detected: Trojan-Spy.Win32.Zbot.rnnx    C:/Users/Corky/AppData/Local/Temp/vxfile.exe        
2/20/14 10:26 AM    Untreated: Trojan-Spy.Win32.Zbot.rnnx    C:/Users/Corky/AppData/Local/Temp/vxfile.exe    Postponed    
2/20/14 12:23 PM    Detected: not-a-virus:AdWare.Win32.iBryte.jcr    C:/Users/Corky/Downloads/MineCraft.exe        
2/20/14 12:23 PM    Untreated: not-a-virus:AdWare.Win32.iBryte.jcr    C:/Users/Corky/Downloads/MineCraft.exe    Postponed    
2/20/14 1:10 PM    Detected: HEUR:Exploit.Java.Generic    C:/Users/Corky/AppData/Local/Temp/jar_cache1857433323775726069.tmp        
2/20/14 1:10 PM    Untreated: HEUR:Exploit.Java.Generic    C:/Users/Corky/AppData/Local/Temp/jar_cache1857433323775726069.tmp    Postponed    
2/20/14 1:10 PM    Detected: Trojan-Spy.Win32.Zbot.rnmz    C:/Users/Corky/AppData/Local/Temp/UpdateFlashPlayer_522f081a.exe        
2/20/14 1:10 PM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/Users/Corky/AppData/Local/Temp/UpdateFlashPlayer_57a4d05a.exe        
2/20/14 1:10 PM    Untreated: Trojan-Spy.Win32.Zbot.rnna    C:/Users/Corky/AppData/Local/Temp/UpdateFlashPlayer_57a4d05a.exe    Postponed    
2/20/14 1:10 PM    Untreated: Trojan-Spy.Win32.Zbot.rnmz    C:/Users/Corky/AppData/Local/Temp/UpdateFlashPlayer_522f081a.exe    Postponed    
2/20/14 1:10 PM    Detected: Trojan-Spy.Win32.Zbot.rnnx    C:/Users/Corky/AppData/Local/Temp/vxfile.exe        
2/20/14 1:10 PM    Untreated: Trojan-Spy.Win32.Zbot.rnnx    C:/Users/Corky/AppData/Local/Temp/vxfile.exe    Postponed    
2/20/14 7:19 PM    Detected: not-a-virus:AdWare.Win32.iBryte.jda    C:/Users/home/Downloads/Setup(1).exe        
2/20/14 7:19 PM    Untreated: not-a-virus:AdWare.Win32.iBryte.jda    C:/Users/home/Downloads/Setup(1).exe    Postponed    
2/20/14 7:19 PM    Detected: not-a-virus:AdWare.Win32.iBryte.jda    C:/Users/home/Downloads/Setup.exe        
2/20/14 7:19 PM    Untreated: not-a-virus:AdWare.Win32.iBryte.jda    C:/Users/home/Downloads/Setup.exe    Postponed    
2/20/14 11:36 PM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{70BA0564-6172-3A47-F1E5-5A3D9BBB51C3}-tagiu.exe/PE-Crypt.XorPE        
2/20/14 11:36 PM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{5762F53F-8490-AF5A-FA76-44486DCF62B0}-tagiu.exe/PE-Crypt.XorPE        
2/20/14 11:36 PM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{8AAE4AA0-09E7-1055-E9BE-6BB068BDC715}-tagiu.exe/PE-Crypt.XorPE        
2/20/14 11:36 PM    Untreated: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{70BA0564-6172-3A47-F1E5-5A3D9BBB51C3}-tagiu.exe/PE-Crypt.XorPE    Postponed    
2/20/14 11:36 PM    Untreated: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{5762F53F-8490-AF5A-FA76-44486DCF62B0}-tagiu.exe/PE-Crypt.XorPE    Postponed    
2/20/14 11:36 PM    Untreated: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{8AAE4AA0-09E7-1055-E9BE-6BB068BDC715}-tagiu.exe/PE-Crypt.XorPE    Postponed    
2/20/14 11:36 PM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{92E8B37D-CA2A-75C4-F8D6-A5788CAABC95}-tagiu.exe/PE-Crypt.XorPE        
2/20/14 11:36 PM    Untreated: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{92E8B37D-CA2A-75C4-F8D6-A5788CAABC95}-tagiu.exe/PE-Crypt.XorPE    Postponed    
2/20/14 11:36 PM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{D19917F3-9E4D-4551-5CD7-9E55B198ACBF}-tagiu.exe/PE-Crypt.XorPE        
2/20/14 11:36 PM    Untreated: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{D19917F3-9E4D-4551-5CD7-9E55B198ACBF}-tagiu.exe/PE-Crypt.XorPE    Postponed    
2/20/14 11:36 PM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{C2A96D38-9E61-2394-933D-BD9068E6ABAA}-tagiu.exe/PE-Crypt.XorPE        
2/20/14 11:36 PM    Untreated: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{C2A96D38-9E61-2394-933D-BD9068E6ABAA}-tagiu.exe/PE-Crypt.XorPE    Postponed    
2/20/14 11:36 PM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{DB9E0EA4-CAE8-9989-C839-DE941ED79498}-tagiu.exe/PE-Crypt.XorPE        
2/20/14 11:36 PM    Untreated: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{DB9E0EA4-CAE8-9989-C839-DE941ED79498}-tagiu.exe/PE-Crypt.XorPE    Postponed    
2/20/14 11:36 PM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{F6CE98A5-44DC-FE01-A503-FE633ACA668C}-tagiu.exe/PE-Crypt.XorPE        
2/20/14 11:36 PM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{E4FAA231-1F2B-D093-3803-B0E23AC122B1}-tagiu.exe/PE-Crypt.XorPE        
2/20/14 11:36 PM    Untreated: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{F6CE98A5-44DC-FE01-A503-FE633ACA668C}-tagiu.exe/PE-Crypt.XorPE    Postponed    
2/20/14 11:36 PM    Untreated: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{E4FAA231-1F2B-D093-3803-B0E23AC122B1}-tagiu.exe/PE-Crypt.XorPE    Postponed    
2/21/14 12:07 AM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{5762F53F-8490-AF5A-FA76-44486DCF62B0}-tagiu.exe/PE-Crypt.XorPE        
2/21/14 5:23 AM    Deleted: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{5762F53F-8490-AF5A-FA76-44486DCF62B0}-tagiu.exe        
2/21/14 5:23 AM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{70BA0564-6172-3A47-F1E5-5A3D9BBB51C3}-tagiu.exe/PE-Crypt.XorPE        
2/21/14 5:24 AM    Deleted: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{70BA0564-6172-3A47-F1E5-5A3D9BBB51C3}-tagiu.exe        
2/21/14 5:24 AM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{8AAE4AA0-09E7-1055-E9BE-6BB068BDC715}-tagiu.exe/PE-Crypt.XorPE        
2/21/14 5:26 AM    Deleted: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{8AAE4AA0-09E7-1055-E9BE-6BB068BDC715}-tagiu.exe        
2/21/14 5:27 AM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{92E8B37D-CA2A-75C4-F8D6-A5788CAABC95}-tagiu.exe/PE-Crypt.XorPE        
2/21/14 5:27 AM    Deleted: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{92E8B37D-CA2A-75C4-F8D6-A5788CAABC95}-tagiu.exe        
2/21/14 5:27 AM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{C2A96D38-9E61-2394-933D-BD9068E6ABAA}-tagiu.exe/PE-Crypt.XorPE        
2/21/14 5:27 AM    Deleted: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{C2A96D38-9E61-2394-933D-BD9068E6ABAA}-tagiu.exe        
2/21/14 5:27 AM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{D19917F3-9E4D-4551-5CD7-9E55B198ACBF}-tagiu.exe/PE-Crypt.XorPE        
2/21/14 5:27 AM    Deleted: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{D19917F3-9E4D-4551-5CD7-9E55B198ACBF}-tagiu.exe        
2/21/14 5:27 AM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{DB9E0EA4-CAE8-9989-C839-DE941ED79498}-tagiu.exe/PE-Crypt.XorPE        
2/21/14 5:27 AM    Deleted: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{DB9E0EA4-CAE8-9989-C839-DE941ED79498}-tagiu.exe        
2/21/14 5:27 AM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{E4FAA231-1F2B-D093-3803-B0E23AC122B1}-tagiu.exe/PE-Crypt.XorPE        
2/21/14 5:27 AM    Deleted: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{E4FAA231-1F2B-D093-3803-B0E23AC122B1}-tagiu.exe        
2/21/14 5:27 AM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{F6CE98A5-44DC-FE01-A503-FE633ACA668C}-tagiu.exe/PE-Crypt.XorPE        
2/21/14 5:27 AM    Deleted: Trojan-Spy.Win32.Zbot.rnna    C:/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{F6CE98A5-44DC-FE01-A503-FE633ACA668C}-tagiu.exe        
2/21/14 5:27 AM    Detected: Trojan-Spy.Win32.Zbot.rnmz    C:/Users/Corky/AppData/Local/Temp/UpdateFlashPlayer_522f081a.exe        
2/21/14 5:27 AM    Deleted: Trojan-Spy.Win32.Zbot.rnmz    C:/Users/Corky/AppData/Local/Temp/UpdateFlashPlayer_522f081a.exe        
2/21/14 5:27 AM    Detected: Trojan-Spy.Win32.Zbot.rnna    C:/Users/Corky/AppData/Local/Temp/UpdateFlashPlayer_57a4d05a.exe        
2/21/14 5:27 AM    Deleted: Trojan-Spy.Win32.Zbot.rnna    C:/Users/Corky/AppData/Local/Temp/UpdateFlashPlayer_57a4d05a.exe        
2/21/14 5:27 AM    Detected: HEUR:Exploit.Java.Generic    C:/Users/Corky/AppData/Local/Temp/jar_cache1857433323775726069.tmp        
2/21/14 5:27 AM    Deleted: HEUR:Exploit.Java.Generic    C:/Users/Corky/AppData/Local/Temp/jar_cache1857433323775726069.tmp        
2/21/14 5:27 AM    Detected: Trojan-Spy.Win32.Zbot.rnnx    C:/Users/Corky/AppData/Local/Temp/vxfile.exe        
2/21/14 5:27 AM    Deleted: Trojan-Spy.Win32.Zbot.rnnx    C:/Users/Corky/AppData/Local/Temp/vxfile.exe        
2/21/14 5:27 AM    Detected: not-a-virus:AdWare.Win32.iBryte.jcr    C:/Users/Corky/Downloads/MineCraft.exe        
2/21/14 5:27 AM    Deleted: not-a-virus:AdWare.Win32.iBryte.jcr    C:/Users/Corky/Downloads/MineCraft.exe        
2/21/14 5:27 AM    Detected: not-a-virus:AdWare.Win32.iBryte.jda    C:/Users/home/Downloads/Setup(1).exe        
2/21/14 5:27 AM    Deleted: not-a-virus:AdWare.Win32.iBryte.jda    C:/Users/home/Downloads/Setup(1).exe        
2/21/14 5:27 AM    Detected: not-a-virus:AdWare.Win32.iBryte.jda    C:/Users/home/Downloads/Setup.exe        
2/21/14 5:27 AM    Deleted: not-a-virus:AdWare.Win32.iBryte.jda    C:/Users/home/Downloads/Setup.exe        
2/21/14 5:27 AM    Task completed            
Objects Scan: completed 7 days ago   (events: 2, objects: 9446400, time: 1 day 04:57:49)    
2/23/14 6:20 PM    Task started            
2/24/14 11:18 PM    Task completed            
Objects Scan: completed 16133 days ago   (events: 2, objects: 5027156, time: 13:30:01)    
3/3/14 5:18 PM    Task started            
3/4/14 6:48 AM    Task completed            
 

Link to post
Share on other sites

I'm interested in your infected account, please stay there while working.

Step 1

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe, then click Remove JRE.
  • Run the built-in uninstallers for all copies of java listed
  • Click the Next button
  • Click the Next button again
  • Click the Java Manual Download link
  • A browser window will open with the Java download page
  • Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)
  • Run the installer
  • Close JavaRa
Step 2

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
Link to post
Share on other sites

Hello Maniac,

 

  Removed and re-installed updated Java.

 

  Ran TFC and it took an hour to clean the temp files.

 

  So far, the Vince user is not having any dllhost.exe *32 processes.

 

  I will reboot several times and make sure the virus protection is active.

 

  I will let you know the results.

 

Thank You

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.