Jump to content

Been Removing ZeroAccess for Weeks - Think its time to reformat?


Recommended Posts

While, at some point, we all want to beat automation and all things non-human - am thinking this variant has gotten the best of me.  Thought I might post on this forum as a last ditch effort to get some wise advice before I ditch my machine.  Additionally, after spending gobs on extra software; might be cheaper to buy a new PC anyway.

 

Well, that isn't going to happen anytime soon - so is there someone willing to take this task on and help a woman in distress? (rofl)  Although I want to smack the person that created this one particular rootkit. ... I think its principle that I figure out how to remove this thing.

 

Where shall I begin?

 

Also I am writing this on my protected and clean pc ... so am not sure the safe way get data off the infected machine and up here...

 

 

Thank you !

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Have a read through the following, see if you can follow the instructions:

 

Please download Farbar Recovery Scan Tool from here:                                                                  

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

Plug the flash drive into the infected PC.

 

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt Here: http://www.bleepingcomputer.com/tutorials/windows-8-recovery-environment-command-prompt/ to enter System Recovery Command prompt.

 

If you are using Vista or Windows 7 enter System Recovery Options.

 

Plug the flashdrive into the infected PC.

 

Enter System Recovery Options I give two methods, use whichever is convenient for you.

 

To enter System Recovery Options from the Advanced Boot Options:


Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select Your Country as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

 

To enter System Recovery Options by using Windows installation disc:


Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select Your Country as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

 

On the System Recovery Options menu you may get the following options:

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

 


Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type  e:\frst64 or e:\frst depending on your version. Press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

Kevin

Link to post
Share on other sites

First - Thank you and then some....

 

The suspicious directory is /program Files (x86) google.  This directory can not be deleted no matter what I have tried. if it does get removed it comes back 

Additionally i can not install/reinstall chrome ... as its hijacked the path .. 

Another suspicious folder is QBC * ... I removed quickbooks not sure if that's just left over uninstall files

 

~~~~~~~~~~~~

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-04-2014 03

Ran by SYSTEM on MININT-CNROBHO on 25-04-2014 15:33:30

Running from E:\

Windows 7 Home Premium (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Recovery

 

The current controlset is ControlSet001

ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

 

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1822504 2009-08-23] (Synaptics Incorporated)

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-20] (IDT, Inc.)

HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3217056 2010-04-01] (Dell Inc.)

HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] ()

HKLM\...\Run: [intelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1926928 2009-09-21] (Intel® Corporation)

HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\AmbRunE.dll [17920 2009-02-26] (Creative Technology Ltd.)

HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()

HKLM-x32\...\Run: [FATrayAlert] => c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95560 2010-02-22] (Sensible Vision )

HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)

HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)

HKLM-x32\...\Run: [FAStartup] => [X]

HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd)

HKLM-x32\...\Run: [updReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)

HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-18] ()

HKLM-x32\...\Run: [DellSupportCenter] => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [AutoTask] => C:\Program Files (x86)\AutoTask\AutoTask.exe [335872 2009-06-22] (Dura Micro, Inc)

HKLM-x32\...\Run: [backupSoft] => "\RunRedem.exe" /STARTUP

HKLM-x32\...\Run: [Corel File Shell Monitor] => C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe

HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [1294136 2014-02-21] (Malwarebytes Corporation)

HKLM-x32\...\runonceex: [ContentMerger] - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\FastAccess-x32: c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKU\dreamrecords\...\Run: [Facebook Update] => C:\Users\dreamrecords\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-13] (Facebook Inc.)

HKU\dreamrecords\...\Run: [Corel Photo Downloader] => C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [523408 2009-12-30] (Corel, Inc.)

Lsa: [Notification Packages] scecli FAPassSync

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\dreamrecords\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

 

==================== Services (Whitelisted) =================

 

S2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-01-28] ()

S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S2 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-06-23] ()

S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [319288 2014-02-21] (Malwarebytes Corporation)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [140424 2014-03-24] (McAfee, Inc.)

S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)

S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)

S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)

S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)

S2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)

S2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)

S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [315664 2009-09-21] ()

S3 PACSPTISVR-Sound_Organizer; C:\Program Files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [157024 2010-11-19] (Sony Corporation)

S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-20] (IDT, Inc.)

 

==================== Drivers (Whitelisted) ====================

 

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)

S1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62168 2014-02-21] ()

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)

S2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)

S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)

S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)

S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)

S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)

S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)

S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)

S1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)

S3 OV550I; C:\Windows\System32\Drivers\ov550ivx.sys [196992 2008-02-22] (Omnivision Technologies, Inc.)

S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)

S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()

S3 NPF; system32\drivers\NPF.sys [X]

S1 qknfd; system32\drivers\qknfd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-04-25 15:25 - 2014-04-25 15:25 - 00030554 _____ () C:\Windows\PFRO.log

2014-04-25 15:20 - 2014-04-25 15:26 - 00000850 _____ () C:\Windows\setupact.log

2014-04-25 15:20 - 2014-04-25 15:20 - 00000000 _____ () C:\Windows\setuperr.log

2014-04-25 15:18 - 2014-04-25 15:33 - 00000000 ____D () C:\FRST

2014-04-25 15:13 - 2014-04-25 15:13 - 00884720 _____ (Google Inc.) C:\Users\dreamrecords\Downloads\ChromeSetup.exe

2014-04-25 14:45 - 2014-04-25 14:45 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup

2014-04-25 14:45 - 2014-04-25 14:45 - 00001155 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk

2014-04-25 14:45 - 2014-04-25 14:45 - 00001155 _____ () C:\ProgramData\Desktop\WinZip Malware Protector.lnk

2014-04-25 14:45 - 2014-04-25 14:45 - 00000000 ____D () C:\Users\dreamrecords\AppData\Roaming\Nico Mak Computing

2014-04-25 14:45 - 2014-04-25 14:45 - 00000000 ____D () C:\ProgramData\Nico Mak Computing

2014-04-25 14:45 - 2014-04-25 14:45 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector

2014-04-25 14:45 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\System32\wsusnative64.exe

2014-04-25 14:44 - 2014-04-25 14:45 - 04892480 _____ (WinZip International LLC ) C:\Users\dreamrecords\Downloads\wzmp_8.exe

2014-04-25 14:42 - 2014-04-25 14:42 - 02454688 _____ (Malwarebytes ) C:\Users\dreamrecords\Downloads\mbae-setup-0.10.0.1000 (1).exe

2014-04-25 14:41 - 2014-04-25 15:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-04-25 14:40 - 2014-04-25 15:09 - 00000000 ____D () C:\Users\dreamrecords\Desktop\mbar

2014-04-25 13:42 - 2014-04-25 13:49 - 00000000 ____D () C:\Program Files\CCleaner

2014-04-25 13:42 - 2014-04-25 13:42 - 00002786 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-04-25 13:42 - 2014-04-25 13:42 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-04-25 13:42 - 2014-04-25 13:42 - 00000824 _____ () C:\ProgramData\Desktop\CCleaner.lnk

2014-04-25 13:39 - 2014-04-25 13:39 - 04745984 _____ (Piriform Ltd) C:\Users\dreamrecords\Downloads\ccsetup413.exe

2014-04-25 13:32 - 2014-04-25 13:33 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\dreamrecords\Desktop\tdsskiller.exe

2014-04-25 12:08 - 2014-04-25 12:08 - 00167034 _____ () C:\Users\dreamrecords\Downloads\fileassassin-setup-1.06.exe

2014-04-25 12:08 - 2014-04-25 12:08 - 00001021 _____ () C:\Users\Public\Desktop\FileASSASSIN.lnk

2014-04-25 12:08 - 2014-04-25 12:08 - 00001021 _____ () C:\ProgramData\Desktop\FileASSASSIN.lnk

2014-04-25 12:08 - 2014-04-25 12:08 - 00000000 ____D () C:\Program Files (x86)\FileASSASSIN

2014-04-25 12:07 - 2014-04-25 12:07 - 00065232 _____ (Malwarebytes) C:\Users\dreamrecords\Downloads\regassassin-setup-1.03.exe

2014-04-25 12:06 - 2014-04-25 12:06 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk

2014-04-25 12:06 - 2014-04-25 12:06 - 00001068 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Exploit.lnk

2014-04-25 12:06 - 2014-04-25 12:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit

2014-04-25 12:04 - 2014-04-25 14:25 - 00000000 ____D () C:\Users\dreamrecords\Desktop\Virus 4-2014

2014-04-25 11:43 - 2014-04-25 14:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys

2014-04-25 11:43 - 2014-04-25 11:43 - 02454688 _____ (Malwarebytes ) C:\Users\dreamrecords\Downloads\mbae-setup-0.10.0.1000.exe

2014-04-25 11:42 - 2014-04-25 14:40 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys

2014-04-25 11:42 - 2014-04-25 12:06 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-25 11:42 - 2014-04-25 11:42 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-25 11:42 - 2014-04-25 11:42 - 00001068 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-25 11:42 - 2014-04-25 11:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-25 11:42 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys

2014-04-25 11:42 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2014-04-25 11:41 - 2014-04-25 11:41 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\dreamrecords\Downloads\mbam-setup-2.0.1.1004.exe

2014-04-25 08:30 - 2014-04-25 08:30 - 00000000 __SHD () C:\Users\dreamrecords\AppData\Local\EmieUserList

2014-04-25 08:30 - 2014-04-25 08:30 - 00000000 __SHD () C:\Users\dreamrecords\AppData\Local\EmieSiteList

2014-04-24 08:29 - 2014-04-24 08:29 - 00011118 _____ () C:\Users\dreamrecords\Desktop\TJ Member List 4-24.xlsx

2014-04-15 23:06 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys

2014-04-14 21:01 - 2014-04-14 21:41 - 00010233 _____ () C:\Users\dreamrecords\Desktop\HitList 4-14.xlsx

2014-04-14 19:20 - 2014-04-14 21:00 - 00010853 _____ () C:\Users\dreamrecords\Desktop\HitList.xlsx

2014-04-11 13:06 - 2014-03-06 05:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2014-04-11 13:06 - 2014-03-06 04:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2014-04-11 13:06 - 2014-03-06 04:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll

2014-04-11 13:06 - 2014-03-06 03:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2014-04-11 13:06 - 2014-03-06 03:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2014-04-11 13:06 - 2014-03-06 03:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll

2014-04-11 13:06 - 2014-03-06 03:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2014-04-11 13:06 - 2014-03-06 03:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2014-04-11 13:06 - 2014-03-06 03:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-04-11 13:06 - 2014-03-06 03:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll

2014-04-11 13:06 - 2014-03-06 03:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2014-04-11 13:06 - 2014-03-06 03:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe

2014-04-11 13:06 - 2014-03-06 03:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll

2014-04-11 13:06 - 2014-03-06 03:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

2014-04-11 13:06 - 2014-03-06 03:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2014-04-11 13:06 - 2014-03-06 03:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2014-04-11 13:06 - 2014-03-06 03:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-04-11 13:06 - 2014-03-06 03:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-04-11 13:06 - 2014-03-06 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-04-11 13:06 - 2014-03-06 02:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll

2014-04-11 13:06 - 2014-03-06 02:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll

2014-04-11 13:06 - 2014-03-06 02:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-04-11 13:06 - 2014-03-06 02:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-04-11 13:06 - 2014-03-06 02:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2014-04-11 13:06 - 2014-03-06 02:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-04-11 13:06 - 2014-03-06 02:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-04-11 13:06 - 2014-03-06 02:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-04-11 13:06 - 2014-03-06 02:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-04-11 13:06 - 2014-03-06 02:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2014-04-11 13:06 - 2014-03-06 02:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-04-11 13:06 - 2014-03-06 02:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-04-11 13:06 - 2014-03-06 02:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-04-11 13:06 - 2014-03-06 01:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-04-11 13:06 - 2014-03-06 00:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

2014-04-11 13:06 - 2014-03-06 00:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-04-11 13:05 - 2014-03-06 04:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-04-11 13:05 - 2014-03-06 03:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2014-04-11 13:05 - 2014-03-06 03:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2014-04-11 13:05 - 2014-03-06 02:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-04-11 13:05 - 2014-03-06 02:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-04-11 13:05 - 2014-03-06 02:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2014-04-11 13:05 - 2014-03-06 01:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2014-04-11 13:05 - 2014-03-06 01:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-04-11 13:05 - 2014-03-06 01:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-04-11 13:05 - 2014-03-06 01:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll

2014-04-11 13:05 - 2014-03-06 00:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2014-04-11 13:05 - 2014-03-06 00:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-04-11 13:05 - 2014-03-06 00:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-04-09 04:31 - 2014-03-04 04:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2014-04-09 04:31 - 2014-03-04 04:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll

2014-04-09 04:31 - 2014-03-04 04:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll

2014-04-09 04:31 - 2014-03-04 04:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll

2014-04-09 04:31 - 2014-03-04 04:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll

2014-04-09 04:31 - 2014-03-04 04:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2014-04-09 04:31 - 2014-03-04 04:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2014-04-09 04:31 - 2014-03-04 04:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2014-04-09 04:31 - 2014-03-04 04:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2014-04-09 04:31 - 2014-03-04 03:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2014-04-09 04:31 - 2014-03-04 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2014-04-09 04:31 - 2014-02-03 21:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys

2014-04-09 04:31 - 2014-02-03 21:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys

2014-04-09 04:31 - 2014-02-03 21:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys

2014-04-09 04:31 - 2014-02-03 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\iologmsg.dll

2014-04-09 04:31 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll

2014-04-09 04:31 - 2014-01-23 21:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

 

==================== One Month Modified Files and Folders =======

 

2014-04-25 15:33 - 2014-04-25 15:18 - 00000000 ____D () C:\FRST

2014-04-25 15:33 - 2009-07-13 22:20 - 00000000 __RHD () C:\users\Default

2014-04-25 15:26 - 2014-04-25 15:20 - 00000850 _____ () C:\Windows\setupact.log

2014-04-25 15:26 - 2010-06-19 18:29 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup

2014-04-25 15:26 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-25 15:26 - 2009-07-13 23:45 - 00472120 _____ () C:\Windows\System32\FNTCACHE.DAT

2014-04-25 15:25 - 2014-04-25 15:25 - 00030554 _____ () C:\Windows\PFRO.log

2014-04-25 15:23 - 2009-07-14 00:10 - 01991540 _____ () C:\Windows\WindowsUpdate.log

2014-04-25 15:21 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\System32\PerfStringBackup.INI

2014-04-25 15:20 - 2014-04-25 15:20 - 00000000 _____ () C:\Windows\setuperr.log

2014-04-25 15:19 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-25 15:19 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-25 15:16 - 2014-04-25 15:16 - 02061824 _____ (Farbar) C:\Users\dreamrecords\Downloads\FRST64.exe

2014-04-25 15:15 - 2013-04-22 18:14 - 00000000 ____D () C:\Program Files (x86)\Google

2014-04-25 15:13 - 2014-04-25 15:13 - 00884720 _____ (Google Inc.) C:\Users\dreamrecords\Downloads\ChromeSetup.exe

2014-04-25 15:09 - 2014-04-25 14:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-04-25 15:09 - 2014-04-25 14:40 - 00000000 ____D () C:\Users\dreamrecords\Desktop\mbar

2014-04-25 15:03 - 2013-07-31 19:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-04-25 14:45 - 2014-04-25 14:45 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup

2014-04-25 14:45 - 2014-04-25 14:45 - 00001155 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk

2014-04-25 14:45 - 2014-04-25 14:45 - 00001155 _____ () C:\ProgramData\Desktop\WinZip Malware Protector.lnk

2014-04-25 14:45 - 2014-04-25 14:45 - 00000000 ____D () C:\Users\dreamrecords\AppData\Roaming\Nico Mak Computing

2014-04-25 14:45 - 2014-04-25 14:45 - 00000000 ____D () C:\ProgramData\Nico Mak Computing

2014-04-25 14:45 - 2014-04-25 14:45 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector

2014-04-25 14:45 - 2014-04-25 14:44 - 04892480 _____ (WinZip International LLC ) C:\Users\dreamrecords\Downloads\wzmp_8.exe

2014-04-25 14:45 - 2010-06-24 18:30 - 00130752 _____ () C:\Users\dreamrecords\AppData\Local\GDIPFONTCACHEV1.DAT

2014-04-25 14:42 - 2014-04-25 14:42 - 02454688 _____ (Malwarebytes ) C:\Users\dreamrecords\Downloads\mbae-setup-0.10.0.1000 (1).exe

2014-04-25 14:40 - 2014-04-25 11:42 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys

2014-04-25 14:25 - 2014-04-25 12:04 - 00000000 ____D () C:\Users\dreamrecords\Desktop\Virus 4-2014

2014-04-25 14:23 - 2010-06-19 18:31 - 00000000 ____D () C:\ProgramData\Cozi

2014-04-25 14:21 - 2010-06-19 18:41 - 00000000 ____D () C:\Program Files (x86)\Creative

2014-04-25 14:21 - 2010-06-19 18:17 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-04-25 14:20 - 2011-03-03 16:41 - 00000000 ____D () C:\Xcelential

2014-04-25 14:19 - 2010-06-19 18:25 - 00000000 ____D () C:\ProgramData\WildTangent

2014-04-25 14:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared

2014-04-25 14:14 - 2014-04-25 11:43 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys

2014-04-25 13:55 - 2010-07-21 17:31 - 00000090 _____ () C:\Windows\QBChanUtil_Trigger.ini

2014-04-25 13:49 - 2014-04-25 13:42 - 00000000 ____D () C:\Program Files\CCleaner

2014-04-25 13:45 - 2010-06-19 20:41 - 00000000 ____D () C:\Windows\Panther

2014-04-25 13:42 - 2014-04-25 13:42 - 00002786 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-04-25 13:42 - 2014-04-25 13:42 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-04-25 13:42 - 2014-04-25 13:42 - 00000824 _____ () C:\ProgramData\Desktop\CCleaner.lnk

2014-04-25 13:39 - 2014-04-25 13:39 - 04745984 _____ (Piriform Ltd) C:\Users\dreamrecords\Downloads\ccsetup413.exe

2014-04-25 13:38 - 2012-03-10 22:28 - 00000956 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4087391027-3474875736-3329529687-1000UA.job

2014-04-25 13:33 - 2014-04-25 13:32 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\dreamrecords\Desktop\tdsskiller.exe

2014-04-25 12:08 - 2014-04-25 12:08 - 00167034 _____ () C:\Users\dreamrecords\Downloads\fileassassin-setup-1.06.exe

2014-04-25 12:08 - 2014-04-25 12:08 - 00001021 _____ () C:\Users\Public\Desktop\FileASSASSIN.lnk

2014-04-25 12:08 - 2014-04-25 12:08 - 00001021 _____ () C:\ProgramData\Desktop\FileASSASSIN.lnk

2014-04-25 12:08 - 2014-04-25 12:08 - 00000000 ____D () C:\Program Files (x86)\FileASSASSIN

2014-04-25 12:07 - 2014-04-25 12:07 - 00065232 _____ (Malwarebytes) C:\Users\dreamrecords\Downloads\regassassin-setup-1.03.exe

2014-04-25 12:06 - 2014-04-25 12:06 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk

2014-04-25 12:06 - 2014-04-25 12:06 - 00001068 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Exploit.lnk

2014-04-25 12:06 - 2014-04-25 12:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit

2014-04-25 12:06 - 2014-04-25 11:42 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-25 12:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-04-25 12:04 - 2013-11-30 20:20 - 00000000 ____D () C:\ProgramData\eSafe

2014-04-25 12:04 - 2013-11-24 20:38 - 00000000 ____D () C:\Users\dreamrecords\AppData\Local\NativeMessaging

2014-04-25 12:04 - 2013-11-24 20:38 - 00000000 ____D () C:\Users\dreamrecords\AppData\Local\CRE

2014-04-25 11:43 - 2014-04-25 11:43 - 02454688 _____ (Malwarebytes ) C:\Users\dreamrecords\Downloads\mbae-setup-0.10.0.1000.exe

2014-04-25 11:42 - 2014-04-25 11:42 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-25 11:42 - 2014-04-25 11:42 - 00001068 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-25 11:42 - 2014-04-25 11:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-25 11:41 - 2014-04-25 11:41 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\dreamrecords\Downloads\mbam-setup-2.0.1.1004.exe

2014-04-25 09:01 - 2013-05-22 18:08 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask

2014-04-25 08:32 - 2013-05-04 20:31 - 00000000 ____D () C:\Users\dreamrecords\Desktop\WC

2014-04-25 08:30 - 2014-04-25 08:30 - 00000000 __SHD () C:\Users\dreamrecords\AppData\Local\EmieUserList

2014-04-25 08:30 - 2014-04-25 08:30 - 00000000 __SHD () C:\Users\dreamrecords\AppData\Local\EmieSiteList

2014-04-25 08:30 - 2013-04-22 18:14 - 00000000 ____D () C:\Users\dreamrecords\AppData\Local\Google

2014-04-25 08:19 - 2014-03-12 17:01 - 00076193 _____ () C:\Users\dreamrecords\Desktop\t2 bookmarks.html

2014-04-25 07:25 - 2013-07-31 19:47 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-04-25 07:25 - 2013-07-27 02:40 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-04-25 07:25 - 2013-07-27 02:40 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-04-25 07:25 - 2010-07-19 11:34 - 00000000 ____D () C:\Users\dreamrecords\AppData\Local\Adobe

2014-04-24 16:38 - 2012-03-10 22:28 - 00000934 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4087391027-3474875736-3329529687-1000Core.job

2014-04-24 08:29 - 2014-04-24 08:29 - 00011118 _____ () C:\Users\dreamrecords\Desktop\TJ Member List 4-24.xlsx

2014-04-19 14:28 - 2013-04-17 09:28 - 00000000 __RSD () C:\Users\dreamrecords\Documents\McAfee Vaults

2014-04-19 14:26 - 2010-06-24 18:33 - 00000000 ____D () C:\Users\dreamrecords\AppData\Local\SoftThinks

2014-04-19 14:26 - 2010-06-24 18:33 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks

2014-04-19 14:26 - 2010-06-24 18:33 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks

2014-04-18 18:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache

2014-04-18 11:00 - 2012-09-04 15:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-04-18 10:56 - 2013-07-12 09:26 - 00001113 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-04-18 10:56 - 2013-07-12 09:26 - 00001113 _____ () C:\ProgramData\Desktop\Mozilla Firefox.lnk

2014-04-18 10:55 - 2013-11-09 23:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-04-14 21:41 - 2014-04-14 21:01 - 00010233 _____ () C:\Users\dreamrecords\Desktop\HitList 4-14.xlsx

2014-04-14 21:00 - 2014-04-14 19:20 - 00010853 _____ () C:\Users\dreamrecords\Desktop\HitList.xlsx

2014-04-13 06:48 - 2011-04-09 16:42 - 00007624 _____ () C:\Users\dreamrecords\AppData\Local\resmon.resmoncfg

2014-04-13 00:01 - 2010-04-13 22:11 - 00002090 _____ () C:\Windows\MOBK.blk

2014-04-13 00:01 - 2010-04-13 22:11 - 00000318 _____ () C:\Windows\MOBK.flt

2014-04-12 08:06 - 2013-04-17 09:19 - 00000000 ____D () C:\Program Files\Common Files\McAfee

2014-04-11 13:04 - 2013-05-10 10:37 - 00000000 ____D () C:\Program Files (x86)\Opera

2014-04-10 03:11 - 2010-06-24 18:41 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-04-10 03:09 - 2013-07-12 09:27 - 00000000 ____D () C:\Windows\System32\MRT

2014-04-10 03:04 - 2011-07-08 05:19 - 90655440 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

2014-04-09 14:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\System32\NDF

2014-04-05 22:41 - 2013-11-04 09:03 - 00000000 ____D () C:\Users\dreamrecords\Desktop\Christine - Court

2014-04-03 09:51 - 2014-04-25 11:42 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys

2014-04-03 09:50 - 2014-04-25 11:42 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2014-03-31 09:35 - 2013-04-17 09:30 - 00270496 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2014-03-29 09:27 - 2013-11-24 20:40 - 00000000 ____D () C:\Users\dreamrecords\AppData\Roaming\ActivePresenter

2014-03-29 09:27 - 2013-11-24 20:36 - 00000000 ____D () C:\Users\dreamrecords\Desktop\VidCapture

 

Files to move or delete:

====================

C:\ProgramData\TempMOBK-update-4ec82966293498cc5bd9350557ef54e8.exe

 

 

==================== Known DLLs (Whitelisted) ================

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

==================== EXE ASSOCIATION =====================

 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

 

==================== Restore Points  =========================

 

Restore point made on: 2014-04-18 10:53:58

Restore point made on: 2014-04-18 10:56:56

Restore point made on: 2014-04-22 12:09:01

Restore point made on: 2014-04-25 06:22:54

Restore point made on: 2014-04-25 13:51:14

Restore point made on: 2014-04-25 13:52:18

Restore point made on: 2014-04-25 14:04:23

Restore point made on: 2014-04-25 14:05:04

Restore point made on: 2014-04-25 14:07:31

Restore point made on: 2014-04-25 14:08:01

Restore point made on: 2014-04-25 14:08:57

Restore point made on: 2014-04-25 14:10:11

Restore point made on: 2014-04-25 14:10:43

Restore point made on: 2014-04-25 14:12:14

Restore point made on: 2014-04-25 14:12:49

Restore point made on: 2014-04-25 14:13:45

Restore point made on: 2014-04-25 14:14:56

Restore point made on: 2014-04-25 14:15:37

Restore point made on: 2014-04-25 14:16:22

Restore point made on: 2014-04-25 14:16:58

Restore point made on: 2014-04-25 14:19:52

Restore point made on: 2014-04-25 14:21:23

Restore point made on: 2014-04-25 14:22:53

 

==================== Memory info ===========================

 

Percentage of memory in use: 15%

Total physical RAM: 3892.52 MB

Available physical RAM: 3271.73 MB

Total Pagefile: 3890.67 MB

Available Pagefile: 3255.69 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:380.31 GB) NTFS

Drive e: () (Removable) (Total:3.8 GB) (Free:3.8 GB) FAT32

Drive f: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.26 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 06D985AF)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (Size: 4 GB) (Disk ID: 4F1EEAFE)

Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

 

 

LastRegBack: 2014-04-09 06:07

 

==================== End Of Log ============================

Link to post
Share on other sites

mmm I see no evidence to suggest ZeroAccess is on your system. Regarding C:\Program Files (x86)\Google that is the usual navigational address for Google on a 64bit system, what makes you believe that folder is infected, can you expand that folder and post its contents: Usually may have other folders. Chrome, Crash reports and Update folders....

 

What happens if you boot into Normal mode, can you tell me exactly what issues or concerns you may have....

Link to post
Share on other sites

 


 

 

There is a variant of Sirefef/ZeroAccess that masquerades as a Google application-.  One of the malicious files resides in a folder c:\program files (x86)\google\desktop\install\....  

 

*** this is the folder i can not view / nor remove ...  for last few days the adware sites were showing sending / receiving data 

 

 

 


 

 

These newer variants then make the following changes to the registry to ensure that Sirefef runs each time you start your computer:

 

In subkey: HKLM\Software\Classes\clsid\{5839fca9-774d-42a1-acda-d6a79037f57f}\InprocServer32

 Modifies value: “(Default)”

From data: “\wbem\wbemess.dll”

With data: “” (for example, “c:\recycler\s\\n”)

 

 

**** this is in my registery ..  i remove it pops back up

 

 

i have already manually removed the following malicious entries from the registry for the following:

 

1. conduit

2. quickknowlege

3. decaprio

4. artemis

 

quicknowledge continues to pop back in the system as well, malewarebytes premium quarantines and it comes returns (like indigestion) 

 

 

*****  i figured out how to delete the folder mentioned above ...wonder if it will pop back in my system ....

 

I have been rerunning cc cleaner, tds killer and malwarebytes unitl just about clean ..i guess i will give it a few hours and check again.  Am running a new threat scan to see what's left

 

what concerns me is what am i missing ?
Link to post
Share on other sites

I am well aware of ZeroAccess, what it does and how it operates. FRST is one of the best tools to show its exploits, the log you post shows no evidence of ZA infection...

 

If you run your system in Normal mode run the following:

 

Please download RogueKiller from here:

 

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe  <- 32 bit version

http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe  <- 64 bit version

                                   

  • Make sure to get the correct version for your system.
  • Quit all running programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • The following EULA will appear, please select accept
     
    RKLicence.png
     
  • Ensure MBR scan, Check faked and AntiRootkit are checked
  • Select Scan
     
    RK1A.png
     
  • When the scan completes select Report, copy and paste that to your reply.
     
    RK2A.png
     
  • The log should be found in RKreport[?].txt on your Desktop
  • Exit/Close RogueKiller

Link to post
Share on other sites

I bet you ARE !!   I see many other posts i am not the only one infected or having had been infected. I can't tell you how Much i appreciate your help.  Even if we get the green light that will help me rest using this machine ....Sorry if you were looking for something more 'complicated' to me it is .. i've done the manual remove procedure  3 times  over the last 4 months ... i don't even open email on this little pc any longer... not sure how its getting reinfected unless, the novis i am, - i keep missing something. Thus my reaching out to the expert !

 

Here is the log:

 

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : dreamrecords [Admin rights]
Mode : Scan -- Date : 04/25/2014 17:36:18
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 13 ¤¤¤
[DNS][PUM] HKLM\[...]\CCSet\[...]\{2BC92A1B-5BD1-48FB-A215-E3BCC1897FC3} : NameServer (0.0.0.0 [(Private Address) (XX)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{2BC92A1B-5BD1-48FB-A215-E3BCC1897FC3} : NameServer (0.0.0.0 [(Private Address) (XX)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{2BC92A1B-5BD1-48FB-A215-E3BCC1897FC3} : NameServer (0.0.0.0 [(Private Address) (XX)]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @explorer.exe (AsyncGetClassBits) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD5470B0)
[Address] EAT @explorer.exe (AsyncInstallDistributionUnit) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD547210)
[Address] EAT @explorer.exe (BindAsyncMoniker) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD531F90)
[Address] EAT @explorer.exe (CDLGetLongPathNameA) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD5478D0)
[Address] EAT @explorer.exe (CDLGetLongPathNameW) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD5478E8)
[Address] EAT @explorer.exe (CORPolicyProvider) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD531674)
[Address] EAT @explorer.exe (CoGetClassObjectFromURL) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD5473FC)
[Address] EAT @explorer.exe (CoInstall) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD547460)
[Address] EAT @explorer.exe (CoInternetCanonicalizeIUri) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4F5660)
[Address] EAT @explorer.exe (CoInternetCombineIUri) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4F80A0)
[Address] EAT @explorer.exe (CoInternetCombineUrl) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4E46A4)
[Address] EAT @explorer.exe (CoInternetCombineUrlEx) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4E43C0)
[Address] EAT @explorer.exe (CoInternetCompareUrl) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD535280)
[Address] EAT @explorer.exe (CoInternetCreateSecurityManager) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4B1EE0)
[Address] EAT @explorer.exe (CoInternetCreateZoneManager) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4C0810)
[Address] EAT @explorer.exe (CoInternetFeatureSettingsChanged) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD570284)
[Address] EAT @explorer.exe (CoInternetGetProtocolFlags) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD53537C)
[Address] EAT @explorer.exe (CoInternetGetSecurityUrl) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD5353D0)
[Address] EAT @explorer.exe (CoInternetGetSecurityUrlEx) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4F9CD0)
[Address] EAT @explorer.exe (CoInternetGetSession) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4B2460)
[Address] EAT @explorer.exe (CoInternetIsFeatureEnabled) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4F8DC0)
[Address] EAT @explorer.exe (CoInternetIsFeatureEnabledForIUri) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4F51B8)
[Address] EAT @explorer.exe (CoInternetIsFeatureEnabledForUrl) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4F1820)
[Address] EAT @explorer.exe (CoInternetIsFeatureZoneElevationEnabled) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD53586C)
[Address] EAT @explorer.exe (CoInternetParseIUri) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4E56A8)
[Address] EAT @explorer.exe (CoInternetParseUrl) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4C1490)
[Address] EAT @explorer.exe (CoInternetQueryInfo) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4F7C50)
[Address] EAT @explorer.exe (CoInternetSetFeatureEnabled) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD535AF4)
[Address] EAT @explorer.exe (CompareSecurityIds) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4CD1A4)
[Address] EAT @explorer.exe (CompatFlagsFromClsid) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4F4044)
[Address] EAT @explorer.exe (CopyBindInfo) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD543020)
[Address] EAT @explorer.exe (CopyStgMedium) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4BBA0C)
[Address] EAT @explorer.exe (CreateAsyncBindCtx) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD5086C0)
[Address] EAT @explorer.exe (CreateAsyncBindCtxEx) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4F3D14)
[Address] EAT @explorer.exe (CreateFormatEnumerator) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4D68E0)
[Address] EAT @explorer.exe (CreateIUriBuilder) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4B3660)
[Address] EAT @explorer.exe (CreateURLMoniker) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD50CCF4)
[Address] EAT @explorer.exe (CreateURLMonikerEx) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4B78D0)
[Address] EAT @explorer.exe (CreateURLMonikerEx2) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4F40F0)
[Address] EAT @explorer.exe (CreateUri) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4B16F0)
[Address] EAT @explorer.exe (CreateUriFromMultiByteString) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD531EE4)
[Address] EAT @explorer.exe (CreateUriPriv) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD531EF8)
[Address] EAT @explorer.exe (CreateUriWithFragment) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD531F40)
[Address] EAT @explorer.exe (DllCanUnloadNow) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4B1600)
[Address] EAT @explorer.exe (DllGetClassObject) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4FAB3C)
[Address] EAT @explorer.exe (DllInstall) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD532458)
[Address] EAT @explorer.exe (DllRegisterServer) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD532464)
[Address] EAT @explorer.exe (DllRegisterServerEx) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD50E070)
[Address] EAT @explorer.exe (DllUnregisterServer) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD532470)
[Address] EAT @explorer.exe (Extract) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD547F74)
[Address] EAT @explorer.exe (FaultInIEFeature) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD548FE8)
[Address] EAT @explorer.exe (FileBearsMarkOfTheWeb) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4E6B60)
[Address] EAT @explorer.exe (FindMediaType) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD532E9C)
[Address] EAT @explorer.exe (FindMediaTypeClass) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4D6080)
[Address] EAT @explorer.exe (FindMimeFromData) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4F50BC)
[Address] EAT @explorer.exe (GetAddSitesFileUrl) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD5702B0)
[Address] EAT @explorer.exe (GetClassFileOrMime) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD50B8EC)
[Address] EAT @explorer.exe (GetClassURL) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD532074)
[Address] EAT @explorer.exe (GetComponentIDFromCLSSPEC) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD5492E8)
[Address] EAT @explorer.exe (GetIDNFlagsForUri) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4CC7F0)
[Address] EAT @explorer.exe (GetIUriPriv) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD531F60)
[Address] EAT @explorer.exe (GetIUriPriv2) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD531F50)
[Address] EAT @explorer.exe (GetLabelsFromNamedHost) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD578B54)
[Address] EAT @explorer.exe (GetMarkOfTheWeb) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD569390)
[Address] EAT @explorer.exe (GetPortFromUrlScheme) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD531E94)
[Address] EAT @explorer.exe (GetPropertyFromName) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD531EA4)
[Address] EAT @explorer.exe (GetPropertyName) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD531EB4)
[Address] EAT @explorer.exe (GetSoftwareUpdateInfo) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD50E070)
[Address] EAT @explorer.exe (GetUrlmonThreadNotificationHwnd) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD50DEB4)
[Address] EAT @explorer.exe (GetZoneFromAlternateDataStreamEx) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4B6D90)
[Address] EAT @explorer.exe (HlinkGoBack) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD566E78)
[Address] EAT @explorer.exe (HlinkGoForward) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD566F24)
[Address] EAT @explorer.exe (HlinkNavigateMoniker) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD566FD0)
[Address] EAT @explorer.exe (HlinkNavigateString) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD567004)
[Address] EAT @explorer.exe (HlinkSimpleNavigateToMoniker) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD567038)
[Address] EAT @explorer.exe (HlinkSimpleNavigateToString) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD5675E8)
[Address] EAT @explorer.exe (IECompatLogCSSFix) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD5412FC)
[Address] EAT @explorer.exe (IEDllLoader) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD5326F0)
[Address] EAT @explorer.exe (IEGetUserPrivateNamespaceName) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD543244)
[Address] EAT @explorer.exe (IEInstallScope) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD547554)
[Address] EAT @explorer.exe (IntlPercentEncodeNormalize) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD531F70)
[Address] EAT @explorer.exe (IsAsyncMoniker) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4F21FC)
[Address] EAT @explorer.exe (IsDWORDProperty) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD531EC4)
[Address] EAT @explorer.exe (IsIntranetAvailable) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD570668)
[Address] EAT @explorer.exe (IsJITInProgress) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4CB328)
[Address] EAT @explorer.exe (IsLoggingEnabledA) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD56855C)
[Address] EAT @explorer.exe (IsLoggingEnabledW) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD568688)
[Address] EAT @explorer.exe (IsStringProperty) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD531ED4)
[Address] EAT @explorer.exe (IsValidURL) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4E7610)
[Address] EAT @explorer.exe (MkParseDisplayNameEx) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD5092F0)
[Address] EAT @explorer.exe (ObtainUserAgentString) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD53DCE0)
[Address] EAT @explorer.exe (PrivateCoInstall) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD547560)
[Address] EAT @explorer.exe (QueryAssociations) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4CE9C0)
[Address] EAT @explorer.exe (QueryClsidAssociation) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD540A8C)
[Address] EAT @explorer.exe (RegisterBindStatusCallback) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4EF600)
[Address] EAT @explorer.exe (RegisterFormatEnumerator) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4F1C6C)
[Address] EAT @explorer.exe (RegisterMediaTypeClass) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD5320C0)
[Address] EAT @explorer.exe (RegisterMediaTypes) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD532210)
[Address] EAT @explorer.exe (RegisterWebPlatformPermanentSecurityManager) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4E8C54)
[Address] EAT @explorer.exe (ReleaseBindInfo) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4B7D40)
[Address] EAT @explorer.exe (RevokeBindStatusCallback) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4EFBF0)
[Address] EAT @explorer.exe (RevokeFormatEnumerator) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD5322CC)
[Address] EAT @explorer.exe (SetAccessForIEAppContainer) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD543258)
[Address] EAT @explorer.exe (SetSoftwareUpdateAdvertisementState) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD50E070)
[Address] EAT @explorer.exe (ShouldDisplayPunycodeForUri) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD53DE50)
[Address] EAT @explorer.exe (ShouldShowIntranetWarningSecband) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4F3A3C)
[Address] EAT @explorer.exe (ShowTrustAlertDialog) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD570820)
[Address] EAT @explorer.exe (URLDownloadA) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD535CC4)
[Address] EAT @explorer.exe (URLDownloadToCacheFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD567D9C)
[Address] EAT @explorer.exe (URLDownloadToCacheFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4DA0C4)
[Address] EAT @explorer.exe (URLDownloadToFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD567F10)
[Address] EAT @explorer.exe (URLDownloadToFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4DEFD0)
[Address] EAT @explorer.exe (URLDownloadW) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD535D78)
[Address] EAT @explorer.exe (URLOpenBlockingStreamA) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD568058)
[Address] EAT @explorer.exe (URLOpenBlockingStreamW) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD568138)
[Address] EAT @explorer.exe (URLOpenPullStreamA) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD56821C)
[Address] EAT @explorer.exe (URLOpenPullStreamW) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD5682E0)
[Address] EAT @explorer.exe (URLOpenStreamA) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD568408)
[Address] EAT @explorer.exe (URLOpenStreamW) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD5684D0)
[Address] EAT @explorer.exe (UnregisterWebPlatformPermanentSecurityManager) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD50C9B4)
[Address] EAT @explorer.exe (UrlMkBuildVersion) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD532804)
[Address] EAT @explorer.exe (UrlMkGetSessionOption) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4C3E60)
[Address] EAT @explorer.exe (UrlMkSetSessionOption) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4ED0E4)
[Address] EAT @explorer.exe (UrlmonCleanupCurrentThread) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD4DA27C)
[Address] EAT @explorer.exe (WriteHitLogging) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD5685D0)
[Address] EAT @explorer.exe (ZonesReInit) : iertutil.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFD569C30)
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9500420AS ATA Device +++++
--- User ---
[MBR] c3e0f6a58198ea86e0d80b56bfcd6562
[bSP] 7a6d4b4590eb08a01847e8012418ba29 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 15000 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30800325 | Size: 461899 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_04252014_173618.txt >>
Link to post
Share on other sites

Still nothing to worry you in that log, Lets run FRST with your PC in Normal mode, As follows please:

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

  •  

     

  • Double-click to run it. When the tool opens click Yes to disclaimer.

     

     

  • Press Scan button.

     

     

  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

     

     

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

     

     

 

 

Kevin...

Link to post
Share on other sites

Here we go:  

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-04-2014 03
Ran by dreamrecords (administrator) on DREAMRECORDS-PC on 25-04-2014 18:33:49
Running from C:\Users\dreamrecords\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Sensible Vision ) c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKstat.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Dura Micro, Inc) C:\Program Files (x86)\AutoTask\AutoTask.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1822504 2009-08-23] (Synaptics Incorporated)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-20] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3217056 2010-04-01] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] ()
HKLM\...\Run: [intelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1926928 2009-09-21] (Intel® Corporation)
HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\AmbRunE.dll [17920 2009-02-26] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\Run: [FATrayAlert] => c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95560 2010-02-22] (Sensible Vision )
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd)
HKLM-x32\...\Run: [updReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-18] ()
HKLM-x32\...\Run: [DellSupportCenter] => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AutoTask] => C:\Program Files (x86)\AutoTask\AutoTask.exe [335872 2009-06-22] (Dura Micro, Inc)
HKLM-x32\...\Run: [backupSoft] => "\RunRedem.exe" /STARTUP
HKLM-x32\...\Run: [Corel File Shell Monitor] => C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [1294136 2014-02-21] (Malwarebytes Corporation)
HKLM-x32\...\runonceex: [ContentMerger] - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\FastAccess-x32: c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [{91120000-0030-0000-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-21-4087391027-3474875736-3329529687-1000\...\Run: [Facebook Update] => C:\Users\dreamrecords\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-13] (Facebook Inc.)
HKU\S-1-5-21-4087391027-3474875736-3329529687-1000\...\Run: [Corel Photo Downloader] => C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [523408 2009-12-30] (Corel, Inc.)
HKU\S-1-5-21-4087391027-3474875736-3329529687-1000\...\MountPoints2: {7245ebc1-cf2f-11e0-a3a3-c44619eec7ff} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-4087391027-3474875736-3329529687-1000\...\MountPoints2: {7d638ed1-5fb7-11e1-bafb-b8ac6f73e49f} - E:\Launcher.exe
HKU\S-1-5-21-4087391027-3474875736-3329529687-1000\...\MountPoints2: {fca874fe-b14e-11df-84cb-b8ac6f73e49f} - E:\LaunchU3.exe -a
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Online Backup Status.lnk
ShortcutTarget: McAfee Online Backup Status.lnk -> C:\Program Files (x86)\McAfee Online Backup\MOBKstat.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\dreamrecords\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {F0F017B0-488A-4100-BE16-04297A129ACD} URL = 
SearchScopes: HKCU - {048F0477-7758-469A-8622-932DC94808CB} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US0&p={SearchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&affID=119351&tt=gc_&babsrc=SP_ss&mntrId=4E46002314998219
SearchScopes: HKCU - {2C7E0D1A-0E36-48F9-A15E-F48521F15313} URL = 
SearchScopes: HKCU - {F0F017B0-488A-4100-BE16-04297A129ACD} URL = 
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2BC92A1B-5BD1-48FB-A215-E3BCC1897FC3}: [NameServer]0.0.0.0
 
FireFox:
========
FF ProfilePath: C:\Users\dreamrecords\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default
FF user.js: detected! => C:\Users\dreamrecords\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default\user.js
FF DefaultSearchEngine: Conduit Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Conduit Search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\dreamrecords\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\dreamrecords\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: LWAPlugin15.8 - C:\Users\dreamrecords\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\dreamrecords\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\dreamrecords\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default\searchplugins\connect-dlc-5-customized-web-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-04-17]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-04-17]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Virtual Technician) - C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\dreamrecords\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Microsoft Lync Web App Plug-in) - C:\Users\dreamrecords\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
CHR Plugin: (Raidcall plugin) - C:\Users\dreamrecords\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\dreamrecords\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-25]
CHR Extension: (Google Drive) - C:\Users\dreamrecords\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-25]
CHR Extension: (YouTube) - C:\Users\dreamrecords\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-25]
CHR Extension: (Google Search) - C:\Users\dreamrecords\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-25]
CHR Extension: (SiteAdvisor) - C:\Users\dreamrecords\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-04-25]
CHR Extension: (Gamers Unite! Snag Bar) - C:\Users\dreamrecords\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncmdmcjifbkefpaijakdbgfjbpaonjhg [2014-04-25]
CHR Extension: (Google Wallet) - C:\Users\dreamrecords\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-25]
CHR Extension: (Gmail) - C:\Users\dreamrecords\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-25]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-03-27]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-01-28] ()
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-06-23] ()
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [319288 2014-02-21] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [140424 2014-03-24] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [315664 2009-09-21] ()
S3 PACSPTISVR-Sound_Organizer; C:\Program Files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [157024 2010-11-19] (Sony Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-20] (IDT, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62168 2014-02-21] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
S3 OV550I; C:\Windows\System32\Drivers\ov550ivx.sys [196992 2008-02-22] (Omnivision Technologies, Inc.)
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 NPF; system32\drivers\NPF.sys [X]
S1 qknfd; system32\drivers\qknfd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-25 18:33 - 2014-04-25 18:34 - 00027619 _____ () C:\Users\dreamrecords\Desktop\FRST.txt
2014-04-25 17:36 - 2014-04-25 17:36 - 00018237 _____ () C:\Users\dreamrecords\Desktop\RKreport[0]_S_04252014_173618.txt
2014-04-25 17:32 - 2014-04-25 17:50 - 00000000 ____D () C:\Users\dreamrecords\Desktop\RK_Quarantine
2014-04-25 17:31 - 2014-04-25 17:32 - 04527616 _____ () C:\Users\dreamrecords\Downloads\RogueKillerX64.exe
2014-04-25 17:18 - 2014-04-25 17:19 - 00636088 _____ () C:\Users\dreamrecords\Downloads\Gamers_Unite.crxbho.exe
2014-04-25 16:49 - 2014-04-25 16:49 - 00002221 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-25 16:49 - 2014-04-25 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-04-25 16:48 - 2014-04-25 17:53 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-25 16:48 - 2014-04-25 16:53 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-25 16:48 - 2014-04-25 16:49 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-25 16:48 - 2014-04-25 16:48 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-25 16:48 - 2014-04-25 16:48 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-25 15:25 - 2014-04-25 15:25 - 00030554 _____ () C:\Windows\PFRO.log
2014-04-25 15:20 - 2014-04-25 16:20 - 00000906 _____ () C:\Windows\setupact.log
2014-04-25 15:20 - 2014-04-25 15:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-25 15:18 - 2014-04-25 18:33 - 00000000 ____D () C:\FRST
2014-04-25 15:16 - 2014-04-25 15:16 - 02061824 _____ (Farbar) C:\Users\dreamrecords\Desktop\FRST64.exe
2014-04-25 15:13 - 2014-04-25 15:13 - 00884720 _____ (Google Inc.) C:\Users\dreamrecords\Downloads\ChromeSetup.exe
2014-04-25 14:45 - 2014-04-25 16:23 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-04-25 14:45 - 2014-04-25 14:45 - 00001155 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-04-25 14:45 - 2014-04-25 14:45 - 00000000 ____D () C:\Users\dreamrecords\AppData\Roaming\Nico Mak Computing
2014-04-25 14:45 - 2014-04-25 14:45 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-04-25 14:45 - 2014-04-25 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2014-04-25 14:45 - 2014-04-25 14:45 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-04-25 14:45 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe
2014-04-25 14:44 - 2014-04-25 14:45 - 04892480 _____ (WinZip International LLC ) C:\Users\dreamrecords\Downloads\wzmp_8.exe
2014-04-25 14:42 - 2014-04-25 14:42 - 02454688 _____ (Malwarebytes ) C:\Users\dreamrecords\Downloads\mbae-setup-0.10.0.1000 (1).exe
2014-04-25 14:41 - 2014-04-25 15:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-25 14:40 - 2014-04-25 15:09 - 00000000 ____D () C:\Users\dreamrecords\Desktop\mbar
2014-04-25 14:09 - 2014-04-25 14:09 - 00000452 _____ () C:\Users\dreamrecords\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2014-04-25 13:42 - 2014-04-25 13:49 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-25 13:42 - 2014-04-25 13:42 - 00002786 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-25 13:42 - 2014-04-25 13:42 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-25 13:42 - 2014-04-25 13:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-04-25 13:39 - 2014-04-25 13:39 - 04745984 _____ (Piriform Ltd) C:\Users\dreamrecords\Downloads\ccsetup413.exe
2014-04-25 13:32 - 2014-04-25 13:33 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\dreamrecords\Desktop\tdsskiller.exe
2014-04-25 12:08 - 2014-04-25 12:08 - 00167034 _____ () C:\Users\dreamrecords\Downloads\fileassassin-setup-1.06.exe
2014-04-25 12:08 - 2014-04-25 12:08 - 00001021 _____ () C:\Users\Public\Desktop\FileASSASSIN.lnk
2014-04-25 12:08 - 2014-04-25 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2014-04-25 12:08 - 2014-04-25 12:08 - 00000000 ____D () C:\Program Files (x86)\FileASSASSIN
2014-04-25 12:07 - 2014-04-25 12:07 - 00065232 _____ (Malwarebytes) C:\Users\dreamrecords\Downloads\regassassin-setup-1.03.exe
2014-04-25 12:06 - 2014-04-25 12:06 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
2014-04-25 12:06 - 2014-04-25 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-04-25 12:06 - 2014-04-25 12:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-04-25 12:04 - 2014-04-25 17:37 - 00000000 ____D () C:\Users\dreamrecords\Desktop\Virus 4-2014
2014-04-25 11:43 - 2014-04-25 16:28 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-25 11:43 - 2014-04-25 11:43 - 02454688 _____ (Malwarebytes ) C:\Users\dreamrecords\Downloads\mbae-setup-0.10.0.1000.exe
2014-04-25 11:42 - 2014-04-25 14:40 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-25 11:42 - 2014-04-25 12:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-25 11:42 - 2014-04-25 11:42 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-25 11:42 - 2014-04-25 11:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-25 11:42 - 2014-04-25 11:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-25 11:42 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-25 11:42 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-25 11:41 - 2014-04-25 11:41 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\dreamrecords\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-25 08:30 - 2014-04-25 08:30 - 00000000 __SHD () C:\Users\dreamrecords\AppData\Local\EmieUserList
2014-04-25 08:30 - 2014-04-25 08:30 - 00000000 __SHD () C:\Users\dreamrecords\AppData\Local\EmieSiteList
2014-04-24 08:29 - 2014-04-24 08:29 - 00011118 _____ () C:\Users\dreamrecords\Desktop\TJ Member List 4-24.xlsx
2014-04-15 23:06 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-04-14 21:01 - 2014-04-14 21:41 - 00010233 _____ () C:\Users\dreamrecords\Desktop\HitList 4-14.xlsx
2014-04-14 19:20 - 2014-04-14 21:00 - 00010853 _____ () C:\Users\dreamrecords\Desktop\HitList.xlsx
2014-04-11 13:06 - 2014-03-06 05:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-11 13:06 - 2014-03-06 04:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-11 13:06 - 2014-03-06 04:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-11 13:06 - 2014-03-06 03:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-11 13:06 - 2014-03-06 03:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-11 13:06 - 2014-03-06 03:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-11 13:06 - 2014-03-06 03:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-11 13:06 - 2014-03-06 03:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-11 13:06 - 2014-03-06 03:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-11 13:06 - 2014-03-06 03:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-11 13:06 - 2014-03-06 03:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-11 13:06 - 2014-03-06 03:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-11 13:06 - 2014-03-06 03:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-11 13:06 - 2014-03-06 03:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-11 13:06 - 2014-03-06 03:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-11 13:06 - 2014-03-06 03:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-11 13:06 - 2014-03-06 03:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-11 13:06 - 2014-03-06 03:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-11 13:06 - 2014-03-06 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-11 13:06 - 2014-03-06 02:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-11 13:06 - 2014-03-06 02:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-11 13:06 - 2014-03-06 02:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-11 13:06 - 2014-03-06 02:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-11 13:06 - 2014-03-06 02:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-11 13:06 - 2014-03-06 02:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-11 13:06 - 2014-03-06 02:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-11 13:06 - 2014-03-06 02:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-11 13:06 - 2014-03-06 02:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-11 13:06 - 2014-03-06 02:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-11 13:06 - 2014-03-06 02:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-11 13:06 - 2014-03-06 02:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-11 13:06 - 2014-03-06 02:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-11 13:06 - 2014-03-06 01:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-11 13:06 - 2014-03-06 00:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-11 13:06 - 2014-03-06 00:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-11 13:05 - 2014-03-06 04:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-11 13:05 - 2014-03-06 03:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-11 13:05 - 2014-03-06 03:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-11 13:05 - 2014-03-06 02:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-11 13:05 - 2014-03-06 02:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-11 13:05 - 2014-03-06 02:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-11 13:05 - 2014-03-06 01:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-11 13:05 - 2014-03-06 01:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-11 13:05 - 2014-03-06 01:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-11 13:05 - 2014-03-06 01:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-11 13:05 - 2014-03-06 00:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-11 13:05 - 2014-03-06 00:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-11 13:05 - 2014-03-06 00:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-09 04:31 - 2014-03-04 04:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 04:31 - 2014-03-04 04:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 04:31 - 2014-03-04 04:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 04:31 - 2014-03-04 04:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 04:31 - 2014-03-04 04:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 04:31 - 2014-03-04 04:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 04:31 - 2014-03-04 04:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 04:31 - 2014-03-04 04:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 04:31 - 2014-03-04 04:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 04:31 - 2014-03-04 03:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 04:31 - 2014-03-04 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 04:31 - 2014-02-03 21:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 04:31 - 2014-02-03 21:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 04:31 - 2014-02-03 21:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 04:31 - 2014-02-03 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 04:31 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 04:31 - 2014-01-23 21:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
 
==================== One Month Modified Files and Folders =======
 
2014-04-25 18:34 - 2014-04-25 18:33 - 00027619 _____ () C:\Users\dreamrecords\Desktop\FRST.txt
2014-04-25 18:33 - 2014-04-25 15:18 - 00000000 ____D () C:\FRST
2014-04-25 18:03 - 2013-07-31 19:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-25 18:02 - 2009-07-14 00:10 - 02013265 _____ () C:\Windows\WindowsUpdate.log
2014-04-25 17:53 - 2014-04-25 16:48 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-25 17:50 - 2014-04-25 17:32 - 00000000 ____D () C:\Users\dreamrecords\Desktop\RK_Quarantine
2014-04-25 17:37 - 2014-04-25 12:04 - 00000000 ____D () C:\Users\dreamrecords\Desktop\Virus 4-2014
2014-04-25 17:36 - 2014-04-25 17:36 - 00018237 _____ () C:\Users\dreamrecords\Desktop\RKreport[0]_S_04252014_173618.txt
2014-04-25 17:32 - 2014-04-25 17:31 - 04527616 _____ () C:\Users\dreamrecords\Downloads\RogueKillerX64.exe
2014-04-25 17:19 - 2014-04-25 17:18 - 00636088 _____ () C:\Users\dreamrecords\Downloads\Gamers_Unite.crxbho.exe
2014-04-25 16:53 - 2014-04-25 16:48 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-25 16:49 - 2014-04-25 16:49 - 00002221 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-25 16:49 - 2014-04-25 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-04-25 16:49 - 2014-04-25 16:48 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-25 16:49 - 2013-04-22 18:14 - 00000000 ____D () C:\Users\dreamrecords\AppData\Local\Google
2014-04-25 16:48 - 2014-04-25 16:48 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-25 16:48 - 2014-04-25 16:48 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-25 16:38 - 2012-03-10 22:28 - 00000956 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4087391027-3474875736-3329529687-1000UA.job
2014-04-25 16:38 - 2012-03-10 22:28 - 00000934 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4087391027-3474875736-3329529687-1000Core.job
2014-04-25 16:28 - 2014-04-25 11:43 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-25 16:28 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-25 16:28 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-25 16:26 - 2013-04-17 09:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-04-25 16:26 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-25 16:23 - 2014-04-25 14:45 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-04-25 16:23 - 2013-04-17 09:28 - 00000000 __RSD () C:\Users\dreamrecords\Documents\McAfee Vaults
2014-04-25 16:22 - 2010-06-24 18:33 - 00000000 ____D () C:\Users\dreamrecords\AppData\Local\SoftThinks
2014-04-25 16:22 - 2010-06-24 18:33 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-04-25 16:22 - 2010-06-24 18:33 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-04-25 16:22 - 2010-06-19 18:29 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-04-25 16:20 - 2014-04-25 15:20 - 00000906 _____ () C:\Windows\setupact.log
2014-04-25 16:20 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-25 15:33 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-04-25 15:26 - 2009-07-13 23:45 - 00472120 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-25 15:25 - 2014-04-25 15:25 - 00030554 _____ () C:\Windows\PFRO.log
2014-04-25 15:20 - 2014-04-25 15:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-25 15:16 - 2014-04-25 15:16 - 02061824 _____ (Farbar) C:\Users\dreamrecords\Desktop\FRST64.exe
2014-04-25 15:13 - 2014-04-25 15:13 - 00884720 _____ (Google Inc.) C:\Users\dreamrecords\Downloads\ChromeSetup.exe
2014-04-25 15:09 - 2014-04-25 14:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-25 15:09 - 2014-04-25 14:40 - 00000000 ____D () C:\Users\dreamrecords\Desktop\mbar
2014-04-25 14:45 - 2014-04-25 14:45 - 00001155 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-04-25 14:45 - 2014-04-25 14:45 - 00000000 ____D () C:\Users\dreamrecords\AppData\Roaming\Nico Mak Computing
2014-04-25 14:45 - 2014-04-25 14:45 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-04-25 14:45 - 2014-04-25 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2014-04-25 14:45 - 2014-04-25 14:45 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-04-25 14:45 - 2014-04-25 14:44 - 04892480 _____ (WinZip International LLC ) C:\Users\dreamrecords\Downloads\wzmp_8.exe
2014-04-25 14:45 - 2010-06-24 18:30 - 00130752 _____ () C:\Users\dreamrecords\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-25 14:42 - 2014-04-25 14:42 - 02454688 _____ (Malwarebytes ) C:\Users\dreamrecords\Downloads\mbae-setup-0.10.0.1000 (1).exe
2014-04-25 14:40 - 2014-04-25 11:42 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-25 14:23 - 2010-06-19 18:31 - 00000000 ____D () C:\ProgramData\Cozi
2014-04-25 14:21 - 2010-06-19 18:41 - 00000000 ____D () C:\Program Files (x86)\Creative
2014-04-25 14:21 - 2010-06-19 18:17 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-25 14:20 - 2011-03-03 16:41 - 00000000 ____D () C:\Xcelential
2014-04-25 14:19 - 2010-06-19 18:25 - 00000000 ____D () C:\ProgramData\WildTangent
2014-04-25 14:19 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-04-25 14:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-04-25 14:09 - 2014-04-25 14:09 - 00000452 _____ () C:\Users\dreamrecords\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2014-04-25 13:55 - 2010-07-21 17:31 - 00000090 _____ () C:\Windows\QBChanUtil_Trigger.ini
2014-04-25 13:49 - 2014-04-25 13:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-25 13:45 - 2010-06-19 20:41 - 00000000 ____D () C:\Windows\Panther
2014-04-25 13:42 - 2014-04-25 13:42 - 00002786 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-25 13:42 - 2014-04-25 13:42 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-25 13:42 - 2014-04-25 13:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-04-25 13:39 - 2014-04-25 13:39 - 04745984 _____ (Piriform Ltd) C:\Users\dreamrecords\Downloads\ccsetup413.exe
2014-04-25 13:33 - 2014-04-25 13:32 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\dreamrecords\Desktop\tdsskiller.exe
2014-04-25 12:08 - 2014-04-25 12:08 - 00167034 _____ () C:\Users\dreamrecords\Downloads\fileassassin-setup-1.06.exe
2014-04-25 12:08 - 2014-04-25 12:08 - 00001021 _____ () C:\Users\Public\Desktop\FileASSASSIN.lnk
2014-04-25 12:08 - 2014-04-25 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2014-04-25 12:08 - 2014-04-25 12:08 - 00000000 ____D () C:\Program Files (x86)\FileASSASSIN
2014-04-25 12:07 - 2014-04-25 12:07 - 00065232 _____ (Malwarebytes) C:\Users\dreamrecords\Downloads\regassassin-setup-1.03.exe
2014-04-25 12:06 - 2014-04-25 12:06 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
2014-04-25 12:06 - 2014-04-25 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-04-25 12:06 - 2014-04-25 12:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-04-25 12:06 - 2014-04-25 11:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-25 12:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-25 12:04 - 2013-11-30 20:20 - 00000000 ____D () C:\ProgramData\eSafe
2014-04-25 12:04 - 2013-11-24 20:38 - 00000000 ____D () C:\Users\dreamrecords\AppData\Local\NativeMessaging
2014-04-25 12:04 - 2013-11-24 20:38 - 00000000 ____D () C:\Users\dreamrecords\AppData\Local\CRE
2014-04-25 11:43 - 2014-04-25 11:43 - 02454688 _____ (Malwarebytes ) C:\Users\dreamrecords\Downloads\mbae-setup-0.10.0.1000.exe
2014-04-25 11:42 - 2014-04-25 11:42 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-25 11:42 - 2014-04-25 11:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-25 11:42 - 2014-04-25 11:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-25 11:41 - 2014-04-25 11:41 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\dreamrecords\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-25 09:01 - 2013-05-22 18:08 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-04-25 08:32 - 2013-05-04 20:31 - 00000000 ____D () C:\Users\dreamrecords\Desktop\WC
2014-04-25 08:30 - 2014-04-25 08:30 - 00000000 __SHD () C:\Users\dreamrecords\AppData\Local\EmieUserList
2014-04-25 08:30 - 2014-04-25 08:30 - 00000000 __SHD () C:\Users\dreamrecords\AppData\Local\EmieSiteList
2014-04-25 08:19 - 2014-03-12 17:01 - 00076193 _____ () C:\Users\dreamrecords\Desktop\t2 bookmarks.html
2014-04-25 07:25 - 2013-07-31 19:47 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-25 07:25 - 2013-07-27 02:40 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-25 07:25 - 2013-07-27 02:40 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-25 07:25 - 2010-07-19 11:34 - 00000000 ____D () C:\Users\dreamrecords\AppData\Local\Adobe
2014-04-24 08:29 - 2014-04-24 08:29 - 00011118 _____ () C:\Users\dreamrecords\Desktop\TJ Member List 4-24.xlsx
2014-04-18 18:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-04-18 11:00 - 2012-09-04 15:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-18 10:56 - 2013-07-12 09:26 - 00001113 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-18 10:56 - 2012-09-04 15:35 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-18 10:55 - 2013-11-09 23:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-14 21:41 - 2014-04-14 21:01 - 00010233 _____ () C:\Users\dreamrecords\Desktop\HitList 4-14.xlsx
2014-04-14 21:00 - 2014-04-14 19:20 - 00010853 _____ () C:\Users\dreamrecords\Desktop\HitList.xlsx
2014-04-13 06:48 - 2011-04-09 16:42 - 00007624 _____ () C:\Users\dreamrecords\AppData\Local\resmon.resmoncfg
2014-04-13 00:01 - 2010-04-13 22:11 - 00002090 _____ () C:\Windows\MOBK.blk
2014-04-13 00:01 - 2010-04-13 22:11 - 00000318 _____ () C:\Windows\MOBK.flt
2014-04-12 08:06 - 2013-04-17 09:19 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-04-11 13:04 - 2013-05-10 10:37 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-04-10 03:11 - 2010-06-24 18:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 03:09 - 2013-07-12 09:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 03:04 - 2011-07-08 05:19 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 14:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-05 22:41 - 2013-11-04 09:03 - 00000000 ____D () C:\Users\dreamrecords\Desktop\Christine - Court
2014-04-03 09:51 - 2014-04-25 11:42 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-25 11:42 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 09:35 - 2013-04-17 09:30 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-29 09:27 - 2013-11-24 20:40 - 00000000 ____D () C:\Users\dreamrecords\AppData\Roaming\ActivePresenter
2014-03-29 09:27 - 2013-11-24 20:36 - 00000000 ____D () C:\Users\dreamrecords\Desktop\VidCapture
 
Files to move or delete:
====================
C:\ProgramData\TempMOBK-update-4ec82966293498cc5bd9350557ef54e8.exe
 
 
Some content of TEMP:
====================
C:\Users\dreamrecords\AppData\Local\Temp\ntdll_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-09 06:07
 
==================== End Of Log ============================
Link to post
Share on other sites


********** Following is what was quarantined this morning by Malwarebytes Tool - Same entries were manually deleted from registry on 3/10 and 2/22 **********

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 4/25/2014

Scan Time: 12:04:35 PM

Logfile: 4-25-14 Malwarebyte.txt

Administrator: Yes

 

Version: 2.00.1.1004

Malware Database: v2014.04.25.08

Rootkit Database: v2014.03.27.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Chameleon: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: dreamrecords

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 272684

Time Elapsed: 21 min, 3 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 20

PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, Quarantined, [1b7142ec9be0a88e6746c18eda2859a7], 

PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, Quarantined, [1b7142ec9be0a88e6746c18eda2859a7], 

PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [2d5f72bcdc9f93a356ffdf3c55ada759], 

PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [2d5f72bcdc9f93a356ffdf3c55ada759], 

PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [7f0d1b13364576c09f60e435aa58cc34], 

PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [7f0d1b13364576c09f60e435aa58cc34], 

PUP.Optional.Adpeak, HKLM\SOFTWARE\CLASSES\APPID\AdpeakProxy.exe, Quarantined, [39531a14215ab97d9b6a13989b680cf4], 

PUP.Optional.Adpeak, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\AdpeakProxy.exe, Quarantined, [4646200eb5c6aa8cf6109f0c748fb24e], 

PUP.Optional.Adpeak, HKLM\SOFTWARE\WOW6432NODE\Adpeak, Inc., Quarantined, [8ffd022cb1caa78f0ef477341ee5cb35], 

PUP.Optional.Adpeak, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\AdpeakProxy.exe, Quarantined, [08847bb3e596db5b0401d5d6b54e23dd], 

PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, Quarantined, [434964ca27542e08faf9c3d82fd48080], 

PUP.Optional.Adpeak, HKLM\SOFTWARE\WOW6432NODE\WOW6432NODE\Adpeak, Inc., Quarantined, [6f1d64ca81fa6ec81ae904a716ed01ff], 

PUP.Optional.ScorpionSaver, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SAFEBOOT\NETWORK\AdpeakProxy, Quarantined, [aede9c926c0f5bdb1649d7d531d24bb5], 

PUP.Optional.AdPeak.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Level Quality Watcher, Quarantined, [9bf178b683f840f6435cb8c8fb077987], 

PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-4087391027-3474875736-3329529687-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, Quarantined, [7c10220c37440b2b15a42777fd0613ed], 

PUP.Optional.DataMngr.A, HKU\S-1-5-21-4087391027-3474875736-3329529687-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, Quarantined, [e5a7012d4f2ccb6b8a547c1e6c971de3], 

PUP.Optional.DataMngr.A, HKU\S-1-5-21-4087391027-3474875736-3329529687-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, Quarantined, [7b11b6787ffc5adc5b823d5d000336ca], 

PUP.Optional.InstallCore.A, HKU\S-1-5-21-4087391027-3474875736-3329529687-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [f894bc7272098aac21b961238181f50b], 

PUP.Optional.InstallCore.A, HKU\S-1-5-21-4087391027-3474875736-3329529687-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [5a32b777a2d98caa5da8d4c7c53efd03], 

PUP.Optional.SweetIM.A, HKU\S-1-5-21-4087391027-3474875736-3329529687-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, Quarantined, [bdcfa98548336cca1dd56932fa09619f], 

 

Registry Values: 3

PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, 1763663423562121215, Quarantined, [434964ca27542e08faf9c3d82fd48080]

PUP.Optional.InstallCore.A, HKU\S-1-5-21-4087391027-3474875736-3329529687-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0T1B1G1H1J1L1E1K1U1S, Quarantined, [5a32b777a2d98caa5da8d4c7c53efd03]

PUP.Optional.SweetIM.A, HKU\S-1-5-21-4087391027-3474875736-3329529687-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, 1763663423562121215, Quarantined, [bdcfa98548336cca1dd56932fa09619f]

 

Registry Data: 2

PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[1577ba74d7a43402519ee34c57adce32]

PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[2e5e48e6fe7d8ea84da2a08fd92bcb35]

 

Folders: 25

PUP.Optional.Quiknowledge.A, C:\Program Files (x86)\Quiknowledge, Quarantined, [1d6f59d544375ed8545df586e81a1ce4], 

PUP.Optional.Quiknowledge.A, C:\Program Files (x86)\Quiknowledge\3rd Party Licenses, Quarantined, [1d6f59d544375ed8545df586e81a1ce4], 

PUP.Optional.Quiknowledge.A, C:\Program Files (x86)\Quiknowledge\FireFox, Quarantined, [1d6f59d544375ed8545df586e81a1ce4], 

PUP.Optional.Quiknowledge.A, C:\Program Files (x86)\Quiknowledge\IE, Quarantined, [1d6f59d544375ed8545df586e81a1ce4], 

PUP.Optional.Quiknowledge.A, C:\Program Files (x86)\Quiknowledge\Service, Quarantined, [1d6f59d544375ed8545df586e81a1ce4], 

PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log, Quarantined, [2567f33b67146fc7f51e562b887ae020], 

PUP.Optional.OpenCandy, C:\Users\dreamrecords\AppData\Roaming\OpenCandy, Quarantined, [c7c5ac82512a2d0900a099c9956d12ee], 

PUP.Optional.OpenCandy, C:\Users\dreamrecords\AppData\Roaming\OpenCandy\4D6A28EF13BF4F8BA7C4239F067CAC62, Quarantined, [c7c5ac82512a2d0900a099c9956d12ee], 

PUP.Optional.Delta.A, C:\Users\dreamrecords\AppData\Local\Temp\mt_ffx\Delta, Quarantined, [ff8dff2fe7949a9c03ba550d92702fd1], 

PUP.Optional.Delta.A, C:\Users\dreamrecords\AppData\Local\Temp\mt_ffx\Delta\delta, Quarantined, [ff8dff2fe7949a9c03ba550d92702fd1], 

PUP.Optional.Delta.A, C:\Users\dreamrecords\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.16.16, Quarantined, [ff8dff2fe7949a9c03ba550d92702fd1], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\ct3306061, Quarantined, [3d4fa28cdf9ca88e27f1372c22e0e61a], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\ct3306061\plugins, Quarantined, [3d4fa28cdf9ca88e27f1372c22e0e61a], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\ct3306061\xpi, Quarantined, [3d4fa28cdf9ca88e27f1372c22e0e61a], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\ct3306061\xpi\defaults, Quarantined, [3d4fa28cdf9ca88e27f1372c22e0e61a], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\ct3306061\xpi\defaults\preferences, Quarantined, [3d4fa28cdf9ca88e27f1372c22e0e61a], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\CT3319613, Quarantined, [1676d45acead24128890cc97768c59a7], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\CT3324066, Quarantined, [f09c31fd85f6b97dcb4dde8513ef42be], 

PUP.Optional.Quiknowledge.A, C:\Program Files (x86)\Mozilla Firefox\extensions\quiknowledge@quiknowledge.com, Quarantined, [cebe7db14e2d201611e577f08d7507f9], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\NativeMessaging\CT3306061, Quarantined, [b1db05295b2068ce9e85db8ef111a35d], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\NativeMessaging\CT3306061\nativeMessaging, Quarantined, [b1db05295b2068ce9e85db8ef111a35d], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\NativeMessaging\CT3306061, Quarantined, [b9d33fef7803cd696c1ca3c6c33fcf31], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\NativeMessaging\CT3306061\1_0_0_4, Quarantined, [b9d33fef7803cd696c1ca3c6c33fcf31], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\TestIfExeExist\CT3306061, Quarantined, [91fb68c65c1f3501350997d3a75b0000], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\TestIfExeExist\CT3306061\nativeMessaging, Quarantined, [91fb68c65c1f3501350997d3a75b0000], 

 

Files: 102

PUP.Optional.OpenCandy.A, C:\Users\dreamrecords\AppData\Roaming\OpenCandy\4D6A28EF13BF4F8BA7C4239F067CAC62\dlm.exe, Quarantined, [cac262cc9ae11b1bb25ea07bfd0404fc], 

PUP.Optional.InstallCore.A, C:\Users\dreamrecords\Desktop\AdobeFlash_setup.exe, Quarantined, [d9b3ad8180fb41f547a5b7567094a759], 

PUP.Optional.SearchProtect.A, C:\Users\dreamrecords\AppData\Local\Temp\nsc427.exe, Quarantined, [ccc05ad4c5b6053150d3c95c31d0d42c], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\nstB5D9.exe, Quarantined, [107c032b463503330f03011934cdc53b], 

PUP.Optional.SearchProtect.A, C:\Users\dreamrecords\AppData\Local\Temp\nsi73CC.exe, Quarantined, [2d5f3cf2bebd9f971d06071e47baef11], 

PUP.Optional.SearchProtect.A, C:\Users\dreamrecords\AppData\Local\Temp\nsiF94D.exe, Quarantined, [f6960f1f1e5d4de9b86bed388f7247b9], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\nsiFD82.exe, Quarantined, [2f5d949a5e1d3bfbae64b565768bf20e], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\nsmE979.exe, Quarantined, [e8a426088cef2b0b29e9d545877a46ba], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\nsn2E20.exe, Quarantined, [3b5149e57a01fd3965ad63b7b9489b65], 

PUP.Optional.SearchProtect.A, C:\Users\dreamrecords\AppData\Local\Temp\nsnA553.exe, Quarantined, [9cf0a38b116a5fd7cf540d18877a758b], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\nstA9A6.exe, Quarantined, [fe8e0826651634026ea4be5c877a09f7], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\nstED98.exe, Quarantined, [8b019c927ffc80b6977b83976998649c], 

PUP.Optional.SearchProtect.A, C:\Users\dreamrecords\AppData\Local\Temp\nsx9F78.exe, Quarantined, [7c100a24710a1e181c0745e02cd5bb45], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\SPStub.exe, Quarantined, [b5d779b5c8b386b066e88f89b54c51af], 

PUP.Optional.Conduit, C:\Users\dreamrecords\AppData\Local\Temp\tbConn.dll, Quarantined, [890339f562193105bbc09a9521df8a76], 

PUP.Optional.SearchProtect.A, C:\Users\dreamrecords\AppData\Local\Temp\nsc9A68.exe, Quarantined, [cac273bb4d2ea4927ea549dc17ea5da3], 

PUP.Optional.SearchProtect.A, C:\Users\dreamrecords\AppData\Local\Temp\nscFE5C.exe, Quarantined, [a0ecff2f4e2d7fb76fb43ee76a97c040], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\nsi604A.exe, Quarantined, [a0ecd955443754e20f03b9614eb37987], 

PUP.Optional.Cooltech, C:\Users\dreamrecords\AppData\Local\Temp\392167715.Uninstall\__Uninstall_.exe, Quarantined, [771579b5552647ef795ad0316a9a7e82], 

PUP.Optional.Quiknowledge.A, C:\Users\dreamrecords\AppData\Local\Temp\is1275519350\476285561_stp\quiknowledge-setup-1.9.0.1.exe, Quarantined, [bfcd949abcbfce6839c6ec72699831cf], 

PUP.Optional.Installcore, C:\Users\dreamrecords\AppData\Local\Temp\is1412836710\105256041_stp\HomePageDLL.dll, Quarantined, [1d6f44ea7cffa294059b28e30cf850b0], 

PUP.Optional.Aartemis.A, C:\Users\dreamrecords\AppData\Local\Temp\is1412836710\105256317_stp\cor_aartemis.exe, Quarantined, [4c40dd519cdfbf77f28b5ed2c938a65a], 

PUP.Optional.RegCleanerPro, C:\Users\dreamrecords\AppData\Local\Temp\is1412836710\105256387_stp\rcpsetup_adppi5_adppi5.exe, Quarantined, [008cbc72aecd05311f91d82e59a8f010], 

PUP.Optional.Delta.A, C:\Users\dreamrecords\AppData\Local\Temp\is39941100\DeltaTB.exe, Quarantined, [ccc0c569c2b915211c0c2bd83ac701ff], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\ct3306061\chLogic.exe, Quarantined, [2d5fbd71f5862016301e0b0dac55c13f], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\ct3306061\ctbe.exe, Quarantined, [6e1e3df14239c472ec9349d503fdc43c], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\ct3306061\ffLogic.exe, Quarantined, [8507ac8292e98bab62ec021657aab44c], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\ct3306061\ieLogic.exe, Quarantined, [0a82cd6129528fa7f15d5dbb629f43bd], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\ct3306061\spch.exe, Quarantined, [eca04ee0d5a646f0e965b76122df3dc3], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\ct3306061\spff.exe, Quarantined, [9eeef13d5e1dc1752a24c553946d59a7], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\ct3306061\statisticsStub.exe, Quarantined, [0884c36b2358b2842fa445bd3dc4cb35], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\ct3306061\stub.exe, Quarantined, [c5c7a18d512adb5b08b4a97f5ba51be5], 

PUP.Optional.Babylon.A, C:\Users\dreamrecords\AppData\Local\Temp\2BE1EB75-BAB0-7891-A80A-2A26F5238AD2\Latest\BExternal.dll, Quarantined, [6c20f737bdbe50e64f909f83de227090], 

PUP.Optional.Babylon.A, C:\Users\dreamrecords\AppData\Local\Temp\2BE1EB75-BAB0-7891-A80A-2A26F5238AD2\Latest\CrxInstaller.dll, Quarantined, [48440529bac171c5bf1a1ef6a75ac33d], 

PUP.Optional.Delta.A, C:\Users\dreamrecords\AppData\Local\Temp\2BE1EB75-BAB0-7891-A80A-2A26F5238AD2\Latest\MyBabylonTB.exe, Quarantined, [8dffed41ccaffa3c641279f28b7630d0], 

PUP.Optional.Babylon.A, C:\Users\dreamrecords\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default\searchplugins\babylon.xml, Quarantined, [2f5df13def8cc96de995fa7f8a783dc3], 

PUP.Optional.Delta.A, C:\Users\dreamrecords\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default\searchplugins\delta.xml, Quarantined, [94f840eef388082ebdfa374254aeb848], 

PUP.Optional.Quiknowledge.A, C:\Program Files (x86)\Quiknowledge\terms-of-service.rtf, Quarantined, [1d6f59d544375ed8545df586e81a1ce4], 

PUP.Optional.Quiknowledge.A, C:\Program Files (x86)\Quiknowledge\Uninstall.exe, Quarantined, [1d6f59d544375ed8545df586e81a1ce4], 

PUP.Optional.Quiknowledge.A, C:\Program Files (x86)\Quiknowledge\3rd Party Licenses\buildcrx-license.txt, Quarantined, [1d6f59d544375ed8545df586e81a1ce4], 

PUP.Optional.Quiknowledge.A, C:\Program Files (x86)\Quiknowledge\3rd Party Licenses\Info-ZIP-license.txt, Quarantined, [1d6f59d544375ed8545df586e81a1ce4], 

PUP.Optional.Quiknowledge.A, C:\Program Files (x86)\Quiknowledge\3rd Party Licenses\nsJSON-license.txt, Quarantined, [1d6f59d544375ed8545df586e81a1ce4], 

PUP.Optional.Quiknowledge.A, C:\Program Files (x86)\Quiknowledge\3rd Party Licenses\SimpleSC-license.txt, Quarantined, [1d6f59d544375ed8545df586e81a1ce4], 

PUP.Optional.Quiknowledge.A, C:\Program Files (x86)\Quiknowledge\3rd Party Licenses\UAC-license.txt, Quarantined, [1d6f59d544375ed8545df586e81a1ce4], 

PUP.Optional.Quiknowledge.A, C:\Program Files (x86)\Quiknowledge\FireFox\quiknowledge@quiknowledge.com.xpi, Quarantined, [1d6f59d544375ed8545df586e81a1ce4], 

PUP.Optional.Quiknowledge.A, C:\Program Files (x86)\Quiknowledge\IE\QuiknowledgeClientIE.dll, Quarantined, [1d6f59d544375ed8545df586e81a1ce4], 

PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, Quarantined, [741879b526551b1b266e0c72e9190ff1], 

PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log\eGdpSvc.LOG, Quarantined, [2567f33b67146fc7f51e562b887ae020], 

PUP.Optional.AdpeakProxy, C:\Users\dreamrecords\AppData\Local\Temp\AdpeakProxyr.log, Quarantined, [4547fb336912e4528f91bcf0e71c6799], 

PUP.Optional.AdpeakProxy, C:\Windows\Temp\AdpeakProxy.log, Quarantined, [1f6db8760675072f73ada309966d4eb2], 

PUP.Optional.AdpeakProxy, C:\Windows\Temp\AdpeakProxyr.log, Quarantined, [0389cd613942b284f8285a524fb426da], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx, Quarantined, [404c60ce265545f114478233838008f8], 

PUP.Optional.OpenCandy, C:\Users\dreamrecords\AppData\Roaming\OpenCandy\4D6A28EF13BF4F8BA7C4239F067CAC62\SendoriSetupx11915.exe, Quarantined, [c7c5ac82512a2d0900a099c9956d12ee], 

PUP.Optional.OpenCandy, C:\Users\dreamrecords\AppData\Roaming\OpenCandy\4D6A28EF13BF4F8BA7C4239F067CAC62\SendoriSetupx11915_p4v6.exe, Quarantined, [c7c5ac82512a2d0900a099c9956d12ee], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\ct3306061\chromeid.txt, Quarantined, [3d4fa28cdf9ca88e27f1372c22e0e61a], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\ct3306061\CT3306061.txt, Quarantined, [3d4fa28cdf9ca88e27f1372c22e0e61a], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\ct3306061\CT3306061.xpi, Quarantined, [3d4fa28cdf9ca88e27f1372c22e0e61a], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\ct3306061\initdata.json, Quarantined, [3d4fa28cdf9ca88e27f1372c22e0e61a], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\ct3306061\manifest.json, Quarantined, [3d4fa28cdf9ca88e27f1372c22e0e61a], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\ct3306061\setup.ini.txt, Quarantined, [3d4fa28cdf9ca88e27f1372c22e0e61a], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\ct3306061\version.txt, Quarantined, [3d4fa28cdf9ca88e27f1372c22e0e61a], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\ct3306061\plugins\TBVerifier.dll, Quarantined, [3d4fa28cdf9ca88e27f1372c22e0e61a], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\ct3306061\xpi\install.rdf, Quarantined, [3d4fa28cdf9ca88e27f1372c22e0e61a], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\ct3306061\xpi\defaults\preferences\defaults.js, Quarantined, [3d4fa28cdf9ca88e27f1372c22e0e61a], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\CT3319613\ddt.csf, Quarantined, [1676d45acead24128890cc97768c59a7], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\CT3324066\ddt.csf, Quarantined, [f09c31fd85f6b97dcb4dde8513ef42be], 

PUP.Optional.Quiknowledge.A, C:\Program Files (x86)\Mozilla Firefox\extensions\quiknowledge@quiknowledge.com\browser.js, Quarantined, [cebe7db14e2d201611e577f08d7507f9], 

PUP.Optional.Quiknowledge.A, C:\Program Files (x86)\Mozilla Firefox\extensions\quiknowledge@quiknowledge.com\browser.xul, Quarantined, [cebe7db14e2d201611e577f08d7507f9], 

PUP.Optional.Quiknowledge.A, C:\Program Files (x86)\Mozilla Firefox\extensions\quiknowledge@quiknowledge.com\icon-48.png, Quarantined, [cebe7db14e2d201611e577f08d7507f9], 

PUP.Optional.Quiknowledge.A, C:\Program Files (x86)\Mozilla Firefox\extensions\quiknowledge@quiknowledge.com\icon-64.png, Quarantined, [cebe7db14e2d201611e577f08d7507f9], 

PUP.Optional.Quiknowledge.A, C:\Program Files (x86)\Mozilla Firefox\extensions\quiknowledge@quiknowledge.com\install.rdf, Quarantined, [cebe7db14e2d201611e577f08d7507f9], 

PUP.Optional.Quiknowledge.A, C:\Program Files (x86)\Mozilla Firefox\extensions\quiknowledge@quiknowledge.com\vitruvian.bootstrap.js, Quarantined, [cebe7db14e2d201611e577f08d7507f9], 

PUP.Optional.Quiknowledge.A, C:\Program Files (x86)\Mozilla Firefox\extensions\quiknowledge@quiknowledge.com\vitruvian.plugin-api.js, Quarantined, [cebe7db14e2d201611e577f08d7507f9], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\NativeMessaging\CT3306061\nativeMessaging\nmHostConfig.json, Quarantined, [b1db05295b2068ce9e85db8ef111a35d], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\NativeMessaging\CT3306061\nativeMessaging\nmHostManifest.json, Quarantined, [b1db05295b2068ce9e85db8ef111a35d], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\NativeMessaging\CT3306061\nativeMessaging\TBMessagingHost.exe, Quarantined, [b1db05295b2068ce9e85db8ef111a35d], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\NativeMessaging\CT3306061\nmHostManifest.json, Quarantined, [b9d33fef7803cd696c1ca3c6c33fcf31], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\NativeMessaging\CT3306061\1_0_0_4\nmHostConfig.json, Quarantined, [b9d33fef7803cd696c1ca3c6c33fcf31], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\NativeMessaging\CT3306061\1_0_0_4\nmHostManifest.json, Quarantined, [b9d33fef7803cd696c1ca3c6c33fcf31], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\NativeMessaging\CT3306061\1_0_0_4\TBMessagingHost.exe, Quarantined, [b9d33fef7803cd696c1ca3c6c33fcf31], 

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Local\Temp\TestIfExeExist\CT3306061\nativeMessaging\TBMessagingHost.exe, Quarantined, [91fb68c65c1f3501350997d3a75b0000], 

PUP.Optional.Delta.A, C:\Users\dreamrecords\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.admin", false), Replaced,[bcd09d917209a98d92bd2f2c7b89936d]

PUP.Optional.Delta.A, C:\Users\dreamrecords\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.aflt", "babsst"), Replaced,[bad2eb43f28976c02d2269f214f007f9]

PUP.Optional.Delta.A, C:\Users\dreamrecords\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"), Replaced,[ed9f6ac44d2ee94da2ad0d4edc28cd33]

PUP.Optional.Delta.A, C:\Users\dreamrecords\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.autoRvrt", "false"), Replaced,[b1db56d81b60ec4ac8871645a65e42be]

PUP.Optional.Delta.A, C:\Users\dreamrecords\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.dfltLng", "en"), Replaced,[ddafda54a5d6fb3b27287ae162a28b75]

PUP.Optional.Delta.A, C:\Users\dreamrecords\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.excTlbr", false), Replaced,[197360ce512ad95daba41249ac588878]

PUP.Optional.Delta.A, C:\Users\dreamrecords\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.ffxUnstlRst", true), Replaced,[d7b57faf62196bcbd47be07b10f4956b]

PUP.Optional.Delta.A, C:\Users\dreamrecords\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.id", "4e4678a9000000000000002314998219"), Replaced,[bcd0d757eb90e94de16e045712f28878]

PUP.Optional.Delta.A, C:\Users\dreamrecords\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.instlDay", "15832"), Replaced,[a0ec81ad423947ef153a46159f651fe1]

PUP.Optional.Delta.A, C:\Users\dreamrecords\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.instlRef", "sst"), Replaced,[a8e4a18da4d72412b897a4b7986c15eb]

PUP.Optional.Delta.A, C:\Users\dreamrecords\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.newTab", false), Replaced,[17752e007209af87440b92c944c0aa56]

PUP.Optional.Delta.A, C:\Users\dreamrecords\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.prdct", "delta"), Replaced,[1577e549700b0036a2ad74e7867ed12f]

PUP.Optional.Delta.A, C:\Users\dreamrecords\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.prtnrId", "delta"), Replaced,[4c407bb381fa53e380cfec6fe222a15f]

PUP.Optional.Delta.A, C:\Users\dreamrecords\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.rvrt", "false"), Replaced,[672586a8bfbc1b1b73dca6b57e866d93]

PUP.Optional.Delta.A, C:\Users\dreamrecords\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.smplGrp", "none"), Replaced,[ef9dcf5f80fbb28470df62f9c83c52ae]

PUP.Optional.Delta.A, C:\Users\dreamrecords\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.tlbrId", "base"), Replaced,[cfbdea443249350160eff16a06fef808]

PUP.Optional.Delta.A, C:\Users\dreamrecords\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.tlbrSrchUrl", ""), Replaced,[a5e79b934c2f77bf8ac53b2049bbd42c]

PUP.Optional.Delta.A, C:\Users\dreamrecords\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsn", "1.8.16.16"), Replaced,[92fa9599df9c71c5f45be5760cf8a35d]

PUP.Optional.Delta.A, C:\Users\dreamrecords\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsnTs", "1.8.16.1617:45:20"), Replaced,[d4b83fef4932ba7ca6a953082fd56898]

PUP.Optional.Delta.A, C:\Users\dreamrecords\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsni", "1.8.16.16"), Replaced,[92fa30fedc9f092d7cd387d413f103fd]

PUP.Optional.Conduit.A, C:\Users\dreamrecords\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default\prefs.js, Good: (), Bad: (user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN25722963978301104&UM=2&SearchSource=3&q={searchTerms}"), Replaced,[f3996cc28eed90a6a00d3c1fa85c46ba]

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

Read the following link before we continue and run Combofix:

 

ComboFix usage, Questions, Help? - Look here

 

Next,

 

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

http://www.infospyware.net/antimalware/combofix/

 

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
     
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
     
  • Close any open browsers and any other programs you might have running
     
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
     
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
     
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
     
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

 

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

 

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

 

*EXTRA NOTES*


    If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

 

Post the log in next reply please...

 

Kevin

Link to post
Share on other sites

Good morning Kevin - First and foremost thank you for everything ....  Following is the combofix log - took hours to run; so sorry its the next day - (i couldn't find ComboFix-quarantined-files.txt) didn't know if this file is needed)

 

ComboFix 14-04-20.01 - dreamrecords 04/25/2014  21:37:24.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3893.2606 [GMT -5:00]
Running from: c:\users\dreamrecords\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\programdata\PCDr\6426\AddOnDownloaded\0bb0beb6-da93-477d-980d-15bb6e2df09c.dll
c:\programdata\PCDr\6426\AddOnDownloaded\59be3af2-87f2-4d3a-b380-7509f3d47c40.dll
c:\programdata\PCDr\6426\AddOnDownloaded\8745715d-dc8a-4b32-b6a6-89cd3d0cc3c5.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bc1b45ef-7c18-4b8a-95cd-f77c43d4f7df.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d48ca7e0-0e31-445b-a98c-56b7318daa06.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e0db530c-27fc-4e55-af38-073796a09e9d.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-26 to 2014-04-26  )))))))))))))))))))))))))))))))
.
.
2014-04-25 21:48 . 2014-04-25 21:49 -------- d-----w- c:\program files (x86)\Google
2014-04-25 20:18 . 2014-04-25 23:35 -------- d-----w- C:\FRST
2014-04-25 19:45 . 2014-04-25 19:45 -------- d-----w- c:\users\dreamrecords\AppData\Roaming\Nico Mak Computing
2014-04-25 19:45 . 2014-04-25 19:45 -------- d-----w- c:\programdata\Nico Mak Computing
2014-04-25 19:45 . 2014-04-25 19:45 -------- d-----w- c:\program files (x86)\WinZip Malware Protector
2014-04-25 19:45 . 2013-03-15 22:10 20480 ----a-w- c:\windows\system32\wsusnative64.exe
2014-04-25 19:41 . 2014-04-25 20:09 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-04-25 18:42 . 2014-04-25 18:49 -------- d-----w- c:\program files\CCleaner
2014-04-25 17:08 . 2014-04-25 17:08 -------- d-----w- c:\program files (x86)\FileASSASSIN
2014-04-25 17:06 . 2014-04-25 17:06 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Exploit
2014-04-25 16:43 . 2014-04-26 09:43 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-25 16:42 . 2014-04-25 19:40 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-25 16:42 . 2014-04-03 14:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-25 16:42 . 2014-04-03 14:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-25 16:42 . 2014-04-25 17:06 -------- d-----w- c:\programdata\Malwarebytes
2014-04-25 16:42 . 2014-04-25 16:42 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-25 13:30 . 2014-04-25 13:30 -------- d-sh--w- c:\users\dreamrecords\AppData\Local\EmieUserList
2014-04-25 13:30 . 2014-04-25 13:30 -------- d-sh--w- c:\users\dreamrecords\AppData\Local\EmieSiteList
2014-04-25 11:24 . 2014-04-17 10:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{201C4C6A-845C-4803-B5A7-0EEF58B2A405}\mpengine.dll
2014-04-18 15:55 . 2014-03-15 08:41 46704 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-04-16 04:06 . 2013-09-23 18:49 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2014-04-11 18:05 . 2014-03-06 08:53 2767360 ----a-w- c:\windows\system32\iertutil.dll
2014-04-09 09:31 . 2014-02-04 02:35 190912 ----a-w- c:\windows\system32\drivers\storport.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-25 12:25 . 2013-07-27 07:40 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-25 12:25 . 2013-07-27 07:40 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-10 08:04 . 2011-07-08 10:19 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-31 14:35 . 2013-04-17 14:30 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-18 00:02 . 2012-12-26 16:55 70592 ----a-w- c:\windows\system32\drivers\cfwids.sys
2014-03-17 23:54 . 2012-12-26 16:52 345456 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2014-03-17 23:54 . 2013-04-17 14:19 185792 ----a-w- c:\windows\system32\mfevtps.exe
2014-03-17 23:49 . 2012-12-26 16:50 783864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2014-03-17 23:47 . 2012-12-26 16:49 522360 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2014-03-17 23:45 . 2012-12-26 16:49 311600 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2014-03-17 23:44 . 2012-12-26 16:48 180272 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2014-03-04 09:17 . 2014-04-09 09:31 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-07 01:23 . 2014-03-12 12:02 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-12 12:01 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-12 12:01 624128 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-12 12:01 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-12 12:01 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-02-03 02:06 . 2013-12-01 21:54 57096 ----a-w- c:\windows\system32\certsentry.dll
2014-02-03 02:06 . 2013-12-01 21:54 48392 ----a-w- c:\windows\SysWow64\certsentry.dll
2014-01-29 02:32 . 2014-03-12 12:02 484864 ----a-w- c:\windows\system32\wer.dll
2014-01-29 02:06 . 2014-03-12 12:02 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-01-28 02:32 . 2014-03-12 12:02 228864 ----a-w- c:\windows\system32\wwansvc.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2009-12-31 523408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-02-22 95560]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-05 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"AutoTask"="c:\program files (x86)\AutoTask\AutoTask.exe" [2009-06-22 335872]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-01-28 537992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"Malwarebytes Anti-Exploit"="c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [2014-02-21 1294136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"!CD"="c:\windows\temp\dragon_setup.exe" [2014-04-26 50758064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{91120000-0030-0000-0000-0000000FF1CE}"="del" [X]
.
c:\users\dreamrecords\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-17 1080096]
McAfee Online Backup Status.lnk - c:\program files (x86)\McAfee Online Backup\MOBKstat.exe [2010-4-13 4178744]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-15 329944]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-02-22 20:24 144712 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli FAPassSync
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R1 qknfd;qknfd;c:\windows\system32\drivers\qknfd.sys;c:\windows\SYSNATIVE\drivers\qknfd.sys [x]
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys;c:\windows\SYSNATIVE\DRIVERS\facap.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 OV550I;OVT Scanner;c:\windows\system32\Drivers\ov550ivx.sys;c:\windows\SYSNATIVE\Drivers\ov550ivx.sys [x]
R3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;c:\program files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe;c:\program files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys;c:\windows\SYSNATIVE\DRIVERS\stdflt.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys;c:\windows\SYSNATIVE\DRIVERS\MOBK.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [x]
S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys;c:\windows\SYSNATIVE\drivers\McPvDrv.sys [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys;c:\windows\SYSNATIVE\DRIVERS\Acceler.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-25 21:49 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-27 12:25]
.
2014-04-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4087391027-3474875736-3329529687-1000Core.job
- c:\users\dreamrecords\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-11 23:33]
.
2014-04-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4087391027-3474875736-3329529687-1000UA.job
- c:\users\dreamrecords\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-11 23:33]
.
2014-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-25 21:48]
.
2014-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-25 21:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 03:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 03:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 03:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-22 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-22 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-22 411672]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2BC92A1B-5BD1-48FB-A215-E3BCC1897FC3}: NameServer = 0.0.0.0
FF - ProfilePath - c:\users\dreamrecords\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default\
FF - prefs.js: browser.search.selectedEngine - Conduit Search
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 4e4678a9000000000000002314998219
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15832
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.1617:45
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-FAStartup - (no file)
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
Wow6432Node-HKLM-Run-BackupSoft - \RunRedem.exe
Wow6432Node-HKLM-Run-Corel File Shell Monitor - c:\program files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe
.
**************************************************************************
.
Completion time: 2014-04-26  05:02:12 - machine was rebooted
ComboFix-quarantined-files.txt  2014-04-26 10:02
.
Pre-Run: 406,869,819,392 bytes free
Post-Run: 407,972,077,568 bytes free
.
- - End Of File - - 8F7A91F82C4ADF768136B03FA408E2A2
5C616939100B85E558DA92B899A0FC36
Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

ClearJavaCache::Folder::c:\program files (x86)\WinZip Malware ProtectorFile::c:\windows\system32\drivers\qknfd.sysDriver::qknfdFirefox::FF - ProfilePath - c:\users\dreamrecords\AppData\Roaming\Mozilla\Firefox\Profiles\9nmicjl3.default\FF - prefs.js: browser.search.selectedEngine - Conduit SearchFF - user.js: extensions.shownSelectionUI - trueFF - user.js: extensions.delta.tlbrSrchUrl -FF - user.js: extensions.delta.id - 4e4678a9000000000000002314998219FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}FF - user.js: extensions.delta.instlDay - 15832FF - user.js: extensions.delta.vrsn - 1.8.16.16FF - user.js: extensions.delta.vrsni - 1.8.16.16FF - user.js: extensions.delta.vrsnTs - 1.8.16.1617:45FF - user.js: extensions.delta.prtnrId - deltaFF - user.js: extensions.delta.prdct - deltaFF - user.js: extensions.delta.aflt - babsstFF - user.js: extensions.delta.smplGrp - noneFF - user.js: extensions.delta.tlbrId - baseFF - user.js: extensions.delta.instlRef - sstFF - user.js: extensions.delta.dfltLng - enFF - user.js: extensions.delta.excTlbr - falseFF - user.js: extensions.delta.ffxUnstlRst - trueFF - user.js: extensions.delta.admin - falseFF - user.js: extensions.delta.autoRvrt - falseFF - user.js: extensions.delta.rvrt - falseFF - user.js: extensions.delta.newTab - false

 

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

CF3.jpg

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

Next,

 


On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

How to get logs:

(Export log to save as txt)

 


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

 

Let me see those logs, also give an update on any remaining issues or concerns...

 

Thanks,

 

Kevin.....

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.