Jump to content

Need help with Win32/Olmarik.TDL4


Recommended Posts

I am normally real good with fixing my pc's but this time my step son let this go for a long time before I found out about it and I can't seem to get rid of it.

I did download the Farbar Recovery Scan Tool and here are the logs from it. 

 

I will not do anything until asked to.

Thanks for the help.

 

FRST...

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by Sean (administrator) on SEAN-PC on 25-05-2014 16:50:15
Running from C:\Users\Sean\Downloads
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5074384 2012-11-26] (ESET)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-4255748949-1629323223-533167004-1000\...\Run: [iSUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [213936 2006-03-20] (Macrovision Corporation)
Startup: C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0AB8694D0177CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-06-23]

Chrome:
=======
CHR DefaultSearchKeyword: ask search
CHR DefaultSearchProvider: Ask Search
CHR DefaultSearchURL: http://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11411&l=dis&pf=V7&p2=%5EBBJ%5EOSJ000%5EYY%5EUS&gct=&itbv=12.10.6.48&doi=2014-05-06&apn_uid=3DAC6EF7-D0B2-439A-9B95-C35CB60AC7B0&apn_ptnrs=BBJ&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=cr_34.0.1847.131&psv=&trgb=CR&q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (Google Wallet) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-04]

========================== Services (Whitelisted) =================

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1329304 2012-11-26] (ESET)

==================== Drivers (Whitelisted) ====================

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [170656 2012-10-23] (ESET)
S3 efavdrv; C:\Windows\system32\drivers\efavdrv.sys [115008 2014-05-25] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [121216 2012-10-23] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [104712 2012-10-23] (ESET)
S3 BCMH43XX; system32\DRIVERS\bcmwlhigh6.sys [X]
S3 catchme; \??\C:\Users\Sean\AppData\Local\Temp\catchme.sys [X]
U3 TrueSight; \??\C:\Windows\system32\TrueSight.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-25 16:50 - 2014-05-25 16:50 - 00006266 _____ () C:\Users\Sean\Downloads\FRST.txt
2014-05-25 16:49 - 2014-05-25 16:50 - 00000000 ____D () C:\FRST
2014-05-25 16:48 - 2014-05-25 16:48 - 01056256 _____ (Farbar) C:\Users\Sean\Downloads\FRST (1).exe
2014-05-25 16:31 - 2014-05-25 16:49 - 01056256 _____ (Farbar) C:\Users\Sean\Downloads\FRST.exe
2014-05-25 16:21 - 2014-05-25 16:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-25 16:20 - 2014-05-25 16:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sean\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-25 16:16 - 2014-05-25 16:16 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-05-25 14:29 - 2014-05-25 16:03 - 00000000 ____D () C:\Users\Sean\Desktop\AV stuff
2014-05-25 14:09 - 2014-05-25 14:09 - 00115008 _____ (ESET) C:\Windows\system32\Drivers\efavdrv.sys
2014-05-25 13:54 - 2014-05-25 15:52 - 00000000 ___SD () C:\32788R22FWJFW
2014-05-25 12:43 - 2014-05-25 12:43 - 02273880 _____ (ESET) C:\Users\Sean\Downloads\ERARemover_x86.exe
2014-05-25 12:00 - 2014-05-25 12:00 - 04165472 _____ (Kaspersky Lab ZAO) C:\Users\Sean\Downloads\tdsskiller.exe
2014-05-25 11:13 - 2014-05-25 11:13 - 00368992 _____ (ESET) C:\Users\Sean\Downloads\ESETOlmarikOlmascoCleaner.exe
2014-05-25 10:19 - 2014-05-25 10:22 - 04745984 _____ (Piriform Ltd) C:\Users\Sean\Downloads\ccsetup413.exe
2014-05-25 10:13 - 2009-07-13 18:16 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2014-05-25 10:11 - 2014-05-25 15:52 - 00000000 ____D () C:\ProgramData\Licenses
2014-05-25 09:55 - 2014-05-25 16:14 - 00000000 ____D () C:\Program Files\Trojan Remover
2014-05-25 09:36 - 2014-05-25 09:41 - 21657592 _____ (Simply Super Software ) C:\Users\Sean\Downloads\trjsetup691 (1).exe
2014-05-25 09:36 - 2014-05-25 09:37 - 21657592 _____ (Simply Super Software ) C:\Users\Sean\Downloads\trjsetup691.exe
2014-05-20 18:57 - 2014-05-20 18:57 - 00000000 ____D () C:\Users\Sean\AppData\Local\ESET
2014-05-12 14:58 - 2014-05-12 14:58 - 00000000 ____D () C:\Windows\Sun
2014-05-06 19:10 - 2014-05-06 19:10 - 00000000 ____D () C:\Users\Sean\AppData\Roaming\Oracle
2014-05-06 19:09 - 2014-05-25 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-06 19:09 - 2014-05-25 15:50 - 00000000 ____D () C:\Program Files\Java
2014-05-06 19:09 - 2014-05-25 15:50 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-06 19:09 - 2014-05-06 19:09 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-06 19:09 - 2014-05-06 19:09 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-06 18:55 - 2014-05-06 18:55 - 00003272 ____N () C:\bootsqm.dat
2014-05-06 18:48 - 2014-05-25 15:53 - 00000000 ____D () C:\Program Files\GUM369.tmp
2014-05-06 18:48 - 2014-05-06 18:48 - 06103040 _____ () C:\Program Files\GUT36A.tmp
2014-05-05 19:37 - 2014-05-05 19:37 - 00000000 ____D () C:\ProgramData\APN
2014-05-05 19:33 - 2014-05-05 19:34 - 00004117 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-04-29 18:52 - 2014-04-29 18:52 - 00000028 _____ () C:\Windows\system32\u
2014-04-27 20:29 - 2014-05-16 20:17 - 00000069 _____ () C:\Windows\system32\qgogt.cct
2014-04-27 20:18 - 2014-04-27 20:18 - 00000064 _____ () C:\Windows\system32\ywtzaby.sot
2014-04-27 20:18 - 2014-04-27 20:18 - 00000000 _____ () C:\Windows\system32\dymbq.hxo
2014-04-27 20:16 - 2014-04-27 20:16 - 00239207 ____S () C:\Windows\system32\jgnhrh.vch

==================== One Month Modified Files and Folders =======

2014-05-25 16:50 - 2014-05-25 16:50 - 00006266 _____ () C:\Users\Sean\Downloads\FRST.txt
2014-05-25 16:50 - 2014-05-25 16:49 - 00000000 ____D () C:\FRST
2014-05-25 16:49 - 2014-05-25 16:31 - 01056256 _____ (Farbar) C:\Users\Sean\Downloads\FRST.exe
2014-05-25 16:48 - 2014-05-25 16:48 - 01056256 _____ (Farbar) C:\Users\Sean\Downloads\FRST (1).exe
2014-05-25 16:21 - 2014-05-25 16:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-25 16:21 - 2014-05-25 16:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sean\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-25 16:16 - 2014-05-25 16:16 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-05-25 16:15 - 2013-06-23 14:31 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-05-25 16:14 - 2014-05-25 09:55 - 00000000 ____D () C:\Program Files\Trojan Remover
2014-05-25 16:03 - 2014-05-25 14:29 - 00000000 ____D () C:\Users\Sean\Desktop\AV stuff
2014-05-25 15:58 - 2009-07-13 21:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-25 15:58 - 2009-07-13 21:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-25 15:56 - 2013-11-04 20:19 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-25 15:55 - 2013-06-23 14:05 - 01323902 _____ () C:\Windows\WindowsUpdate.log
2014-05-25 15:53 - 2014-05-06 18:48 - 00000000 ____D () C:\Program Files\GUM369.tmp
2014-05-25 15:53 - 2013-11-04 20:19 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-25 15:53 - 2013-06-23 14:14 - 00000000 ____D () C:\Users\Sean
2014-05-25 15:53 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-25 15:53 - 2009-07-13 21:39 - 00034232 _____ () C:\Windows\setupact.log
2014-05-25 15:53 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-05-25 15:52 - 2014-05-25 13:54 - 00000000 ___SD () C:\32788R22FWJFW
2014-05-25 15:52 - 2014-05-25 10:11 - 00000000 ____D () C:\ProgramData\Licenses
2014-05-25 15:52 - 2014-05-06 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-25 15:52 - 2014-04-18 20:40 - 00000000 ____D () C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AllFive 2000
2014-05-25 15:52 - 2014-04-18 20:40 - 00000000 ____D () C:\Program Files\AllFive 2000
2014-05-25 15:52 - 2014-03-10 11:43 - 00000000 ____D () C:\Windows\erdnt
2014-05-25 15:52 - 2013-11-04 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-25 15:52 - 2013-06-30 18:10 - 00000000 ____D () C:\ProgramData\InstallShield
2014-05-25 15:52 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\registration
2014-05-25 15:51 - 2013-06-23 15:06 - 00000000 ____D () C:\ProgramData\ESET
2014-05-25 15:50 - 2014-05-06 19:09 - 00000000 ____D () C:\Program Files\Java
2014-05-25 15:50 - 2014-05-06 19:09 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-25 14:09 - 2014-05-25 14:09 - 00115008 _____ (ESET) C:\Windows\system32\Drivers\efavdrv.sys
2014-05-25 14:00 - 2013-08-04 13:19 - 00003470 _____ () C:\Windows\PFRO.log
2014-05-25 12:43 - 2014-05-25 12:43 - 02273880 _____ (ESET) C:\Users\Sean\Downloads\ERARemover_x86.exe
2014-05-25 12:00 - 2014-05-25 12:00 - 04165472 _____ (Kaspersky Lab ZAO) C:\Users\Sean\Downloads\tdsskiller.exe
2014-05-25 11:13 - 2014-05-25 11:13 - 00368992 _____ (ESET) C:\Users\Sean\Downloads\ESETOlmarikOlmascoCleaner.exe
2014-05-25 10:22 - 2014-05-25 10:19 - 04745984 _____ (Piriform Ltd) C:\Users\Sean\Downloads\ccsetup413.exe
2014-05-25 09:41 - 2014-05-25 09:36 - 21657592 _____ (Simply Super Software ) C:\Users\Sean\Downloads\trjsetup691 (1).exe
2014-05-25 09:37 - 2014-05-25 09:36 - 21657592 _____ (Simply Super Software ) C:\Users\Sean\Downloads\trjsetup691.exe
2014-05-22 19:12 - 2013-11-04 20:20 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-20 18:57 - 2014-05-20 18:57 - 00000000 ____D () C:\Users\Sean\AppData\Local\ESET
2014-05-16 20:17 - 2014-04-27 20:29 - 00000069 _____ () C:\Windows\system32\qgogt.cct
2014-05-12 14:58 - 2014-05-12 14:58 - 00000000 ____D () C:\Windows\Sun
2014-05-08 19:25 - 2013-06-23 14:18 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-06 19:10 - 2014-05-06 19:10 - 00000000 ____D () C:\Users\Sean\AppData\Roaming\Oracle
2014-05-06 19:09 - 2014-05-06 19:09 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-06 19:09 - 2014-05-06 19:09 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-06 19:09 - 2013-11-04 20:47 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-06 18:55 - 2014-05-06 18:55 - 00003272 ____N () C:\bootsqm.dat
2014-05-06 18:48 - 2014-05-06 18:48 - 06103040 _____ () C:\Program Files\GUT36A.tmp
2014-05-05 19:37 - 2014-05-05 19:37 - 00000000 ____D () C:\ProgramData\APN
2014-05-05 19:34 - 2014-05-05 19:33 - 00004117 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-04-29 18:52 - 2014-04-29 18:52 - 00000028 _____ () C:\Windows\system32\u
2014-04-27 20:18 - 2014-04-27 20:18 - 00000064 _____ () C:\Windows\system32\ywtzaby.sot
2014-04-27 20:18 - 2014-04-27 20:18 - 00000000 _____ () C:\Windows\system32\dymbq.hxo
2014-04-27 20:16 - 2014-04-27 20:16 - 00239207 ____S () C:\Windows\system32\jgnhrh.vch

Some content of TEMP:
====================
C:\Users\Sean\AppData\Local\temp\APNSetup.exe
C:\Users\Sean\AppData\Local\temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Sean\AppData\Local\temp\ntdll_dump.dll
C:\Users\Sean\AppData\Local\temp\{B07A961C-0071-423F-8695-7918EB13FC7C}.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-09 18:37

==================== End Of Log ============================

 

 

Here is the

ADDITION...

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-05-2014 02
Ran by Sean at 2014-05-25 16:51:16
Running from C:\Users\Sean\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: ESET NOD32 Antivirus 6.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 6.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
AllFive 2000 (HKLM\...\AllFive 2000) (Version:  - )
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1015 - )
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.4.0.4 - Dell)
ESET NOD32 Antivirus (HKLM\...\{84DB5951-10B0-4D73-A767-C6D4B50E318B}) (Version: 6.0.306.0 - ESET, spol s r. o.)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Project MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Project Professional 2007 (HKLM\...\PRJPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Project Professional 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Milgard Standalone (HKLM\...\{468E8618-2C41-4053-AB60-AC9A06B5AE06}) (Version: 2.9.13.4.0.0 - Edgenet, Inc)

==================== Restore Points  =========================

06-05-2014 02:32:49 Installed Java 7 Update 55
07-05-2014 02:04:02 Removed Java 7 Update 55
07-05-2014 02:06:23 Removed Java 7 Update 55
07-05-2014 02:08:50 Installed Java 7 Update 55
25-05-2014 22:23:57 Restore Operation
25-05-2014 23:15:33 Removed NETGEAR WNA3100 wireless USB 2.0 adapter

==================== Hosts content: ==========================

2009-07-13 19:04 - 2014-05-25 14:08 - 00000741 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {19ED651A-F060-4920-895F-FCA44E8F8E1C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-04] (Google Inc.)
Task: {9B431B77-59B0-4227-A0C0-4F36CC6013AB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-04] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\41058051.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\41058051.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2014 03:16:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 444

Start Time: 01cf7866caf1e468

Termination Time: 66

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (05/25/2014 10:13:40 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{5C70CD3A-8913-4D93-94F7-79182EF1B930}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StopScreenSaver

Error: (05/24/2014 08:38:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13f0

Start Time: 01cf77ca875945a1

Termination Time: 5

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (05/23/2014 09:58:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 16d0

Start Time: 01cf770c3a20ee3c

Termination Time: 474

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (05/22/2014 07:30:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 168c

Start Time: 01cf762dc424ba65

Termination Time: 12752

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (05/22/2014 05:29:07 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{5C70CD3A-8913-4D93-94F7-79182EF1B930}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StopScreenSaver

Error: (05/21/2014 08:16:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 230

Start Time: 01cf756b1c5bf1a7

Termination Time: 5002

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (05/20/2014 09:01:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4a0

Start Time: 01cf74a1249c6b37

Termination Time: 1761

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (05/19/2014 07:51:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c54

Start Time: 01cf73d61bbf6130

Termination Time: 116

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (05/19/2014 07:49:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 12d0

Start Time: 01cf73d53f73b037

Termination Time: 1090

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

System errors:
=============
Error: (05/25/2014 04:39:20 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (05/25/2014 04:39:20 PM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (05/25/2014 04:39:19 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (05/25/2014 04:39:19 PM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (05/25/2014 04:39:07 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (05/25/2014 04:39:07 PM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (05/25/2014 04:39:07 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (05/25/2014 04:39:07 PM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (05/25/2014 04:38:51 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (05/25/2014 04:38:51 PM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 80%
Total physical RAM: 1022.14 MB
Available physical RAM: 203.06 MB
Total Pagefile: 2286.14 MB
Available Pagefile: 757.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.6 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.43 GB) (Free:25.42 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 409A4099)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

 

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Please download Malwarebytes Anti-Malware to your desktop.

 

  •  

     

  • Double-click mbam-setup and follow the prompts to install the program.

     

     

  • At the end, be sure a checkmark is placed next to the following:

     

     

  • Launch Malwarebytes Anti-Malware

     

     

  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

     

     

  • Click Finish.

     

     

  • On the Dashboard, click the 'Update Now >>' link

     

     

  • After the update completes, click the 'Scan Now >>' button.

     

     

  • Or, on the Dashboard, click the Scan Now >> button.

     

     

  • If an update is available, click the Update Now button.

     

     

  • A Threat Scan will begin.

     

     

  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

     

     

  • In most cases, a restart will be required.

     

     

  • Wait for the prompt to restart the computer to appear, then click on Yes.

     

     

 

 

How to get logs:

(Export log to save as txt)

 

 

  •  

     

  • After the restart once you are back at your desktop, open MBAM once more.

     

     

  • Click on the History tab > Application Logs.

     

     

  • Double click on the scan log which shows the Date and time of the scan just performed.

     

     

  • Click 'Export'.

     

     

  • Click 'Text file (*.txt)'

     

     

  • In the Save File dialog box which appears, click on Desktop.

     

     

  • In the File name: box type a name for your scan log.

     

     

  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".

     

     

  • Click Ok

     

     

  • Attach that saved log to your next reply.

     

     

 

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

 

  •  

     

  • Double click on Adwcleaner.exe to run the tool.

     

     

  • Click on Scan

     

     

  • Once the scan is done, click on the Clean button.

     

     

  • You will get a prompt asking to close all programs. Click OK.

     

     

  • Click OK again to reboot your computer.

     

     

  • A text file will open after the restart. Please post the content of that logfile in your reply.

     

     

  • You can also find the logfile at C:\AdwCleaner[sn].txt.

     

     

 

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

 

  •  

     

  • Shut down your protection software now to avoid potential conflicts.

     

     

  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

     

     

  • The tool will open and start scanning your system.

     

     

  • Please be patient as this can take a while to complete depending on your system's specifications.

     

     

  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

     

     

  • Post the contents of JRT.txt into your next message.

     

     

 

 

Let me see those logs, also give an update on any remaining issues or concerns...

 

Thank you,

 

Kevin....

fixlist.txt

Link to post
Share on other sites

As far as I could tell there are no peer to peer programs on this pc, here are the logs from the above steps.

 

My Eset is still giving me pop ups showing its still there.

 

 

Thanks

 

FIXLOG...

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by Sean at 2014-05-26 08:34:15 Run:1
Running from C:\Users\Sean\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
2014-05-25 09:36 - 2014-05-25 09:41 - 21657592 _____ (Simply Super Software ) C:\Users\Sean\Downloads\trjsetup691 (1).exe
2014-05-25 09:36 - 2014-05-25 09:37 - 21657592 _____ (Simply Super Software ) C:\Users\Sean\Downloads\trjsetup691.exe
2014-04-29 18:52 - 2014-04-29 18:52 - 00000028 _____ () C:\Windows\system32\u
2014-04-27 20:29 - 2014-05-16 20:17 - 00000069 _____ () C:\Windows\system32\qgogt.cct
2014-04-27 20:18 - 2014-04-27 20:18 - 00000064 _____ () C:\Windows\system32\ywtzaby.sot
2014-04-27 20:18 - 2014-04-27 20:18 - 00000000 _____ () C:\Windows\system32\dymbq.hxo
2014-04-27 20:16 - 2014-04-27 20:16 - 00239207 ____S () C:\Windows\system32\jgnhrh.vch
C:\Users\Sean\AppData\Local\temp\APNSetup.exe
C:\Users\Sean\AppData\Local\temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Sean\AppData\Local\temp\ntdll_dump.dll
C:\Users\Sean\AppData\Local\temp\{B07A961C-0071-423F-8695-7918EB13FC7C}.exe
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
End
*****************

C:\Users\Sean\Downloads\trjsetup691 (1).exe => Moved successfully.
C:\Users\Sean\Downloads\trjsetup691.exe => Moved successfully.
C:\Windows\system32\u => Moved successfully.
C:\Windows\system32\qgogt.cct => Moved successfully.
C:\Windows\system32\ywtzaby.sot => Moved successfully.
C:\Windows\system32\dymbq.hxo => Moved successfully.
C:\Windows\system32\jgnhrh.vch => Moved successfully.
C:\Users\Sean\AppData\Local\temp\APNSetup.exe => Moved successfully.
C:\Users\Sean\AppData\Local\temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
C:\Users\Sean\AppData\Local\temp\ntdll_dump.dll => Moved successfully.
C:\Users\Sean\AppData\Local\temp\{B07A961C-0071-423F-8695-7918EB13FC7C}.exe => Moved successfully.
C:\ProgramData\TEMP => ":CB0AACC9" ADS removed successfully.

==== End of Fixlog ====

 

 

 

MALWAREBYTES...

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/26/2014
Scan Time: 8:58:46 AM
Logfile: MALB 5-26-14.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.05.26.02
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7
CPU: x86
File System: NTFS
User: Sean

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 244480
Time Elapsed: 47 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

JRT...

Link to post
Share on other sites

Can you post a screenshot of ESET alert/popup. also run this please:

 

Download TDSSKiller and save it to your Desktop.

 

Make sure TDSSKiller.exe  is on the Desktop itself, not within a folder on the desktop.

 

Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

 

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt

 

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.

If Malicious objects are found, do NOT select Delete or Cure. Change the action to Skip, When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

 

Let me see log from TDSSKILLER, Also logs from AdwCleaner and JRT if you have them...

Link to post
Share on other sites

Looks like I forgot to add this log. Here is a screen shot of the pop up. I will run the TDSKiller and post it once it has finished.

 

 

 

ADWCLEANER...

 

 

# AdwCleaner v3.211 - Report created 26/05/2014 at 10:05:18
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Ultimate  (32 bits)
# Username : Sean - SEAN-PC
# Running from : C:\Users\Sean\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Users\Sean\AppData\Local\Temp\apn

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\AppDataLow\Software

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16496

-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [search Provider] : hxxp://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11411&l=dis&pf=V7&p2=%5EBBJ%5EOSJ000%5EYY%5EUS&gct=&itbv=12.10.6.48&doi=2014-05-06&apn_uid=3DAC6EF7-D0B2-439A-9B95-C35CB60AC7B0&apn_ptnrs=BBJ&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=cr_34.0.1847.131&psv=&trgb=CR&q={searchTerms}
Deleted [search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Extension] : pljcgbedjplidkdjahbaalanadmjfgop

*************************

AdwCleaner[R0].txt - [1443 octets] - [26/05/2014 10:02:28]
AdwCleaner[s0].txt - [1380 octets] - [26/05/2014 10:05:18]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1440 octets] ##########

 

 

post-164668-0-81720700-1401137300_thumb.

Link to post
Share on other sites

Sorry didnt see that the JRT did not get included into the postTDSSKiller.txt.

THink this is all of it below.

 

JRT.....

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by Sean on Mon 05/26/2014 at 10:17:11.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 05/26/2014 at 12:51:27.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

TDSKILLER.... is attached since its saying post is too long with it included inside the post.

 

 

Link to post
Share on other sites

Scan is not completed, what happen this time? Run again as follows:

 

Delete TDSSKiller from your Desktop then continue:

 

Download TDSSKiller and save it to your Desktop.

 

Make sure TDSSKiller.exe  is on the Desktop itself, not within a folder on the desktop.

 

Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

 

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt

 

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.

If Malicious objects are found, do NOT select Delete or Skip. Change the action to Cure, then click Continue > Reboot now to finish the cleaning process.

 

When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Link to post
Share on other sites

This is strange we do not see evidence of \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) except for first run of TDSSKiller when action "Skip" was used so rootkit was left intact, now subsequent runs give us a clean logs....

Does your security still alert to the memory rootkit?

Link to post
Share on other sites

Run this please:

 

Please download RogueKiller from here:

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe'>http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe  <- 32 bit version

http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe'>http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe  <- 64 bit version

                                   

  • Make sure to get the correct version for your system.
  • Quit all running programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • The following EULA will appear, please select accept
     
    RKLicence.png
     
  • Ensure MBR scan, Check faked and AntiRootkit are checked
  • Select Scan
     
    RK1A.png
     
  • When the scan completes select Report, copy and paste that to your reply.
     
    RK2A.png
     
  • The log should be found in RKreport[?].txt on your Desktop
  • Exit/Close RogueKiller

Link to post
Share on other sites

Here is the log file.

 

ROUGERKILLER...

 

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Sean [Admin rights]
Mode : Scan -- Date : 05/26/2014 15:30:40
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] EAT @explorer.exe (BeginBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F309AE)
[Address] EAT @explorer.exe (BeginBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F249A1)
[Address] EAT @explorer.exe (BeginPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F50731)
[Address] EAT @explorer.exe (BufferedPaintClear) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F26395)
[Address] EAT @explorer.exe (BufferedPaintInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2940E)
[Address] EAT @explorer.exe (BufferedPaintRenderAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F308ED)
[Address] EAT @explorer.exe (BufferedPaintSetAlpha) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F3E6B3)
[Address] EAT @explorer.exe (BufferedPaintStopAllAnimations) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F3D395)
[Address] EAT @explorer.exe (BufferedPaintUnInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F294AB)
[Address] EAT @explorer.exe (CloseThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F26A18)
[Address] EAT @explorer.exe (DrawThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F23982)
[Address] EAT @explorer.exe (DrawThemeBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F3D9DA)
[Address] EAT @explorer.exe (DrawThemeEdge) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F43B52)
[Address] EAT @explorer.exe (DrawThemeIcon) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F535E7)
[Address] EAT @explorer.exe (DrawThemeParentBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F253E5)
[Address] EAT @explorer.exe (DrawThemeParentBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F251BF)
[Address] EAT @explorer.exe (DrawThemeText) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F24EA1)
[Address] EAT @explorer.exe (DrawThemeTextEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F263E6)
[Address] EAT @explorer.exe (EnableThemeDialogTexture) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2FCAF)
[Address] EAT @explorer.exe (EnableTheming) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52FEB)
[Address] EAT @explorer.exe (EndBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F23F9A)
[Address] EAT @explorer.exe (EndBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F23F9A)
[Address] EAT @explorer.exe (EndPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F506CC)
[Address] EAT @explorer.exe (GetBufferedPaintBits) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F24BAF)
[Address] EAT @explorer.exe (GetBufferedPaintDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F304BC)
[Address] EAT @explorer.exe (GetBufferedPaintTargetDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F30473)
[Address] EAT @explorer.exe (GetBufferedPaintTargetRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52E7F)
[Address] EAT @explorer.exe (GetCurrentThemeName) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F305DD)
[Address] EAT @explorer.exe (GetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F30FB1)
[Address] EAT @explorer.exe (GetThemeBackgroundContentRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2CD2E)
[Address] EAT @explorer.exe (GetThemeBackgroundExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2F8BF)
[Address] EAT @explorer.exe (GetThemeBackgroundRegion) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F3165D)
[Address] EAT @explorer.exe (GetThemeBitmap) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2BF93)
[Address] EAT @explorer.exe (GetThemeBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F27C1F)
[Address] EAT @explorer.exe (GetThemeColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2616C)
[Address] EAT @explorer.exe (GetThemeDocumentationProperty) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52932)
[Address] EAT @explorer.exe (GetThemeEnumValue) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2616C)
[Address] EAT @explorer.exe (GetThemeFilename) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52412)
[Address] EAT @explorer.exe (GetThemeFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2FF21)
[Address] EAT @explorer.exe (GetThemeInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2616C)
[Address] EAT @explorer.exe (GetThemeIntList) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F523B1)
[Address] EAT @explorer.exe (GetThemeMargins) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F286E9)
[Address] EAT @explorer.exe (GetThemeMetric) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F306E2)
[Address] EAT @explorer.exe (GetThemePartSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2CDB1)
[Address] EAT @explorer.exe (GetThemePosition) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52350)
[Address] EAT @explorer.exe (GetThemePropertyOrigin) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F43FBB)
[Address] EAT @explorer.exe (GetThemeRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F33611)
[Address] EAT @explorer.exe (GetThemeStream) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F339D9)
[Address] EAT @explorer.exe (GetThemeString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F522E4)
[Address] EAT @explorer.exe (GetThemeSysBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F53172)
[Address] EAT @explorer.exe (GetThemeSysColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F43274)
[Address] EAT @explorer.exe (GetThemeSysColorBrush) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F5301E)
[Address] EAT @explorer.exe (GetThemeSysFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F529C4)
[Address] EAT @explorer.exe (GetThemeSysInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52BD3)
[Address] EAT @explorer.exe (GetThemeSysSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F5320B)
[Address] EAT @explorer.exe (GetThemeSysString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F52B3F)
[Address] EAT @explorer.exe (GetThemeTextExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F22D57)
[Address] EAT @explorer.exe (GetThemeTextMetrics) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2F992)
[Address] EAT @explorer.exe (GetThemeTransitionDuration) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F31081)
[Address] EAT @explorer.exe (GetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2DF46)
[Address] EAT @explorer.exe (HitTestThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F33CE3)
[Address] EAT @explorer.exe (IsAppThemed) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2F869)
[Address] EAT @explorer.exe (IsCompositionActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F22E9A)
[Address] EAT @explorer.exe (IsThemeActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2F785)
[Address] EAT @explorer.exe (IsThemeBackgroundPartiallyTransparent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F260AB)
[Address] EAT @explorer.exe (IsThemeDialogTextureEnabled) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F5312B)
[Address] EAT @explorer.exe (IsThemePartDefined) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F285B4)
[Address] EAT @explorer.exe (OpenThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F273D2)
[Address] EAT @explorer.exe (OpenThemeDataEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F43D43)
[Address] EAT @explorer.exe (SetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F53296)
[Address] EAT @explorer.exe (SetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F30134)
[Address] EAT @explorer.exe (SetWindowThemeAttribute) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F3CFE6)
[Address] EAT @explorer.exe (ThemeInitApiHook) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F2B176)
[Address] EAT @explorer.exe (UpdatePanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F5068D)
[Address] EAT @explorer.exe (DllCanUnloadNow) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x706D2AF3)
[Address] EAT @explorer.exe (DllGetClassObject) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x706E183E)
[Address] EAT @explorer.exe (DllGetVersion) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x706D293A)
[Address] EAT @explorer.exe (DllRegisterServer) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70767BF5)
[Address] EAT @explorer.exe (DllUnregisterServer) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70767FBF)
[Address] EAT @explorer.exe (Migrate10CachedPackagesA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7076C57C)
[Address] EAT @explorer.exe (Migrate10CachedPackagesW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7076DFE4)
[Address] EAT @explorer.exe (MsiAdvertiseProductA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077238F)
[Address] EAT @explorer.exe (MsiAdvertiseProductExA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707725E7)
[Address] EAT @explorer.exe (MsiAdvertiseProductExW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7076D4F9)
[Address] EAT @explorer.exe (MsiAdvertiseProductW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7076D2A7)
[Address] EAT @explorer.exe (MsiAdvertiseScriptA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077884F)
[Address] EAT @explorer.exe (MsiAdvertiseScriptW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077B451)
[Address] EAT @explorer.exe (MsiApplyMultiplePatchesA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70785773)
[Address] EAT @explorer.exe (MsiApplyMultiplePatchesW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70780E5F)
[Address] EAT @explorer.exe (MsiApplyPatchA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70772B6D)
[Address] EAT @explorer.exe (MsiApplyPatchW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7076D77B)
[Address] EAT @explorer.exe (MsiBeginTransactionA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707892B1)
[Address] EAT @explorer.exe (MsiBeginTransactionW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7078384C)
[Address] EAT @explorer.exe (MsiCloseAllHandles) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7078FF33)
[Address] EAT @explorer.exe (MsiCloseHandle) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7078FE85)
[Address] EAT @explorer.exe (MsiCollectUserInfoA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70771A4A)
[Address] EAT @explorer.exe (MsiCollectUserInfoW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7076CFA7)
[Address] EAT @explorer.exe (MsiConfigureFeatureA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70771B6A)
[Address] EAT @explorer.exe (MsiConfigureFeatureFromDescriptorA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077D51A)
[Address] EAT @explorer.exe (MsiConfigureFeatureFromDescriptorW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077E223)
[Address] EAT @explorer.exe (MsiConfigureFeatureW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7076D0EF)
[Address] EAT @explorer.exe (MsiConfigureProductA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077F05E)
[Address] EAT @explorer.exe (MsiConfigureProductExA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077D8DA)
[Address] EAT @explorer.exe (MsiConfigureProductExW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077E699)
[Address] EAT @explorer.exe (MsiConfigureProductW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077F389)
[Address] EAT @explorer.exe (MsiCreateAndVerifyInstallerDirectory) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x706EB231)
[Address] EAT @explorer.exe (MsiCreateRecord) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70791384)
[Address] EAT @explorer.exe (MsiCreateTransformSummaryInfoA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70795441)
[Address] EAT @explorer.exe (MsiCreateTransformSummaryInfoW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7079475F)
[Address] EAT @explorer.exe (MsiDatabaseApplyTransformA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70794719)
[Address] EAT @explorer.exe (MsiDatabaseApplyTransformW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70791207)
[Address] EAT @explorer.exe (MsiDatabaseCommit) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70790C5B)
[Address] EAT @explorer.exe (MsiDatabaseExportA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70794602)
[Address] EAT @explorer.exe (MsiDatabaseExportW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70790E78)
[Address] EAT @explorer.exe (MsiDatabaseGenerateTransformA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707946CD)
[Address] EAT @explorer.exe (MsiDatabaseGenerateTransformW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707910E0)
[Address] EAT @explorer.exe (MsiDatabaseGetPrimaryKeysA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7079446D)
[Address] EAT @explorer.exe (MsiDatabaseGetPrimaryKeysW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70793AC4)
[Address] EAT @explorer.exe (MsiDatabaseImportA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7079459E)
[Address] EAT @explorer.exe (MsiDatabaseImportW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70790D8E)
[Address] EAT @explorer.exe (MsiDatabaseIsTablePersistentA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707944B3)
[Address] EAT @explorer.exe (MsiDatabaseIsTablePersistentW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70790AFF)
[Address] EAT @explorer.exe (MsiDatabaseMergeA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70794687)
[Address] EAT @explorer.exe (MsiDatabaseMergeW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70790F81)
[Address] EAT @explorer.exe (MsiDatabaseOpenViewA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70794427)
[Address] EAT @explorer.exe (MsiDatabaseOpenViewW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70790127)
[Address] EAT @explorer.exe (MsiDecomposeDescriptorA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077D88B)
[Address] EAT @explorer.exe (MsiDecomposeDescriptorW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x706C6286)
[Address] EAT @explorer.exe (MsiDeleteUserDataA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077A177)
[Address] EAT @explorer.exe (MsiDeleteUserDataW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707767FB)
[Address] EAT @explorer.exe (MsiDetermineApplicablePatchesA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7078D335)
[Address] EAT @explorer.exe (MsiDetermineApplicablePatchesW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7078C3C9)
[Address] EAT @explorer.exe (MsiDeterminePatchSequenceA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7078D849)
[Address] EAT @explorer.exe (MsiDeterminePatchSequenceW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7078C851)
[Address] EAT @explorer.exe (MsiDoActionA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70795FAD)
[Address] EAT @explorer.exe (MsiDoActionW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70792BD1)
[Address] EAT @explorer.exe (MsiEnableLogA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707716AB)
[Address] EAT @explorer.exe (MsiEnableLogW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7076F9F9)
[Address] EAT @explorer.exe (MsiEnableUIPreview) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7079383D)
[Address] EAT @explorer.exe (MsiEndTransaction) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70783C89)
[Address] EAT @explorer.exe (MsiEnumClientsA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x706EEBE6)
[Address] EAT @explorer.exe (MsiEnumClientsExA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70785BDE)
[Address] EAT @explorer.exe (MsiEnumClientsExW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707811AF)
[Address] EAT @explorer.exe (MsiEnumClientsW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x706D35FF)
[Address] EAT @explorer.exe (MsiEnumComponentCostsA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707976B7)
[Address] EAT @explorer.exe (MsiEnumComponentCostsW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70797905)
[Address] EAT @explorer.exe (MsiEnumComponentQualifiersA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077CB7D)
[Address] EAT @explorer.exe (MsiEnumComponentQualifiersW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x706D3805)
[Address] EAT @explorer.exe (MsiEnumComponentsA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70778FC9)
[Address] EAT @explorer.exe (MsiEnumComponentsExA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70785978)
[Address] EAT @explorer.exe (MsiEnumComponentsExW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70781025)
[Address] EAT @explorer.exe (MsiEnumComponentsW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077B867)
[Address] EAT @explorer.exe (MsiEnumFeaturesA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70779A14)
[Address] EAT @explorer.exe (MsiEnumFeaturesW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077C069)
[Address] EAT @explorer.exe (MsiEnumPatchesA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7078965B)
[Address] EAT @explorer.exe (MsiEnumPatchesExA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7078470F)
[Address] EAT @explorer.exe (MsiEnumPatchesExW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70780C81)
[Address] EAT @explorer.exe (MsiEnumPatchesW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70784506)
[Address] EAT @explorer.exe (MsiEnumProductsA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70778F85)
[Address] EAT @explorer.exe (MsiEnumProductsExA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70786183)
[Address] EAT @explorer.exe (MsiEnumProductsExW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70781531)
[Address] EAT @explorer.exe (MsiEnumProductsW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x706D554D)
[Address] EAT @explorer.exe (MsiEnumRelatedProductsA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70778F19)
[Address] EAT @explorer.exe (MsiEnumRelatedProductsW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077B7FB)
[Address] EAT @explorer.exe (MsiEvaluateConditionA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70796036)
[Address] EAT @explorer.exe (MsiEvaluateConditionW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70792F31)
[Address] EAT @explorer.exe (MsiExtractPatchXMLDataA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70784E23)
[Address] EAT @explorer.exe (MsiExtractPatchXMLDataW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70784A9A)
[Address] EAT @explorer.exe (MsiFormatRecordA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707928E3)
[Address] EAT @explorer.exe (MsiFormatRecordW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70792A69)
[Address] EAT @explorer.exe (MsiGetActiveDatabase) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707924A9)
[Address] EAT @explorer.exe (MsiGetComponentPathA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077ECC5)
[Address] EAT @explorer.exe (MsiGetComponentPathExA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70785EC3)
[Address] EAT @explorer.exe (MsiGetComponentPathExW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70781361)
[Address] EAT @explorer.exe (MsiGetComponentPathW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x706C62DD)
[Address] EAT @explorer.exe (MsiGetComponentStateA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70797053)
[Address] EAT @explorer.exe (MsiGetComponentStateW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7079714C)
[Address] EAT @explorer.exe (MsiGetDatabaseState) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70790D49)
[Address] EAT @explorer.exe (MsiGetFeatureCostA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7079746D)
[Address] EAT @explorer.exe (MsiGetFeatureCostW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70797572)
[Address] EAT @explorer.exe (MsiGetFeatureInfoA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70770B2A)
[Address] EAT @explorer.exe (MsiGetFeatureInfoW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7076F3FE)
[Address] EAT @explorer.exe (MsiGetFeatureStateA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70796B45)
[Address] EAT @explorer.exe (MsiGetFeatureStateW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70796C33)
[Address] EAT @explorer.exe (MsiGetFeatureUsageA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70779F21)
[Address] EAT @explorer.exe (MsiGetFeatureUsageW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077C7CD)
[Address] EAT @explorer.exe (MsiGetFeatureValidStatesA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70797B35)
[Address] EAT @explorer.exe (MsiGetFeatureValidStatesW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7079355C)
[Address] EAT @explorer.exe (MsiGetFileHashA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70771024)
[Address] EAT @explorer.exe (MsiGetFileHashW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7076C881)
[Address] EAT @explorer.exe (MsiGetFileSignatureInformationA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077109C)
[Address] EAT @explorer.exe (MsiGetFileSignatureInformationW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7076C8D7)
[Address] EAT @explorer.exe (MsiGetFileVersionA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70770D08)
[Address] EAT @explorer.exe (MsiGetFileVersionW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70773B3F)
[Address] EAT @explorer.exe (MsiGetLanguage) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70792597)
[Address] EAT @explorer.exe (MsiGetLastErrorRecord) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70791BD9)
[Address] EAT @explorer.exe (MsiGetMode) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7079260F)
[Address] EAT @explorer.exe (MsiGetPatchFileListA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7078D0CD)
[Address] EAT @explorer.exe (MsiGetPatchFileListW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707889DE)
[Address] EAT @explorer.exe (MsiGetPatchInfoA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077A05F)
[Address] EAT @explorer.exe (MsiGetPatchInfoExA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70785459)
[Address] EAT @explorer.exe (MsiGetPatchInfoExW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70784FEB)
[Address] EAT @explorer.exe (MsiGetPatchInfoW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077C90B)
[Address] EAT @explorer.exe (MsiGetProductCodeA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x706EEA2C)
[Address] EAT @explorer.exe (MsiGetProductCodeFromPackageCodeA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077EB67)
[Address] EAT @explorer.exe (MsiGetProductCodeFromPackageCodeW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077F15B)
[Address] EAT @explorer.exe (MsiGetProductCodeW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x706EEDBC)
[Address] EAT @explorer.exe (MsiGetProductInfoA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077D172)
[Address] EAT @explorer.exe (MsiGetProductInfoExA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7078644E)
[Address] EAT @explorer.exe (MsiGetProductInfoExW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70781707)
[Address] EAT @explorer.exe (MsiGetProductInfoFromScriptA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70770690)
[Address] EAT @explorer.exe (MsiGetProductInfoFromScriptW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7076EF42)
[Address] EAT @explorer.exe (MsiGetProductInfoW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x706D422B)
[Address] EAT @explorer.exe (MsiGetProductPropertyA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707709A0)
[Address] EAT @explorer.exe (MsiGetProductPropertyW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7076F29B)
[Address] EAT @explorer.exe (MsiGetPropertyA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707957DD)
[Address] EAT @explorer.exe (MsiGetPropertyW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70795A13)
[Address] EAT @explorer.exe (MsiGetShortcutTargetA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70772868)
[Address] EAT @explorer.exe (MsiGetShortcutTargetW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70774499)
[Address] EAT @explorer.exe (MsiGetSourcePathA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70796079)
[Address] EAT @explorer.exe (MsiGetSourcePathW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7079627D)
[Address] EAT @explorer.exe (MsiGetSummaryInformationA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7079572D)
[Address] EAT @explorer.exe (MsiGetSummaryInformationW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70794103)
[Address] EAT @explorer.exe (MsiGetTargetPathA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70796465)
[Address] EAT @explorer.exe (MsiGetTargetPathW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70796669)
[Address] EAT @explorer.exe (MsiGetUserInfoA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077900E)
[Address] EAT @explorer.exe (MsiGetUserInfoW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x706EE3B6)
[Address] EAT @explorer.exe (MsiInstallMissingComponentA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707720D7)
[Address] EAT @explorer.exe (MsiInstallMissingComponentW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707741E9)
[Address] EAT @explorer.exe (MsiInstallMissingFileA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70771E77)
[Address] EAT @explorer.exe (MsiInstallMissingFileW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70773F89)
[Address] EAT @explorer.exe (MsiInstallProductA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077178E)
[Address] EAT @explorer.exe (MsiInstallProductW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7076CC83)
[Address] EAT @explorer.exe (MsiInvalidateFeatureCache) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7076C574)
[Address] EAT @explorer.exe (MsiIsProductElevatedA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70773116)
[Address] EAT @explorer.exe (MsiIsProductElevatedW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077486D)
[Address] EAT @explorer.exe (MsiJoinTransaction) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70783E63)
[Address] EAT @explorer.exe (MsiLoadStringA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077122F)
[Address] EAT @explorer.exe (MsiLoadStringW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x706DADB9)
[Address] EAT @explorer.exe (MsiLocateComponentA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077EFA7)
[Address] EAT @explorer.exe (MsiLocateComponentW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077F2D2)
[Address] EAT @explorer.exe (MsiMessageBoxA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707714EA)
[Address] EAT @explorer.exe (MsiMessageBoxExA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70771338)
[Address] EAT @explorer.exe (MsiMessageBoxExW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7076CAE9)
[Address] EAT @explorer.exe (MsiMessageBoxW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7076CC5C)
[Address] EAT @explorer.exe (MsiNotifySidChangeA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077A116)
[Address] EAT @explorer.exe (MsiNotifySidChangeW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70774E2B)
[Address] EAT @explorer.exe (MsiOpenDatabaseA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70794501)
[Address] EAT @explorer.exe (MsiOpenDatabaseW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70793BFD)
[Address] EAT @explorer.exe (MsiOpenPackageA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7076EBD0)
[Address] EAT @explorer.exe (MsiOpenPackageExA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7076C46E)
[Address] EAT @explorer.exe (MsiOpenPackageExW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7076C721)
[Address] EAT @explorer.exe (MsiOpenPackageW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7076F5BB)
[Address] EAT @explorer.exe (MsiOpenProductA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70778A02)
[Address] EAT @explorer.exe (MsiOpenProductW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077B667)
[Address] EAT @explorer.exe (MsiPreviewBillboardA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70797BBE)
[Address] EAT @explorer.exe (MsiPreviewBillboardW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7079395A)
[Address] EAT @explorer.exe (MsiPreviewDialogA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70797B7B)
[Address] EAT @explorer.exe (MsiPreviewDialogW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70793906)
[Address] EAT @explorer.exe (MsiProcessAdvertiseScriptA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077C9C2)
[Address] EAT @explorer.exe (MsiProcessAdvertiseScriptW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077DD46)
[Address] EAT @explorer.exe (MsiProcessMessage) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70792DC1)
[Address] EAT @explorer.exe (MsiProvideAssemblyA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077FB65)
[Address] EAT @explorer.exe (MsiProvideAssemblyW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7078056D)
[Address] EAT @explorer.exe (MsiProvideComponentA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077F5C1)
[Address] EAT @explorer.exe (MsiProvideComponentFromDescriptorA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077F8BB)
[Address] EAT @explorer.exe (MsiProvideComponentFromDescriptorW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x706D4F3C)
[Address] EAT @explorer.exe (MsiProvideComponentW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70780114)
[Address] EAT @explorer.exe (MsiProvideQualifiedComponentA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x706EC2D5)
[Address] EAT @explorer.exe (MsiProvideQualifiedComponentExA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x706ED361)
[Address] EAT @explorer.exe (MsiProvideQualifiedComponentExW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x706C8A57)
[Address] EAT @explorer.exe (MsiProvideQualifiedComponentW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x706C8C96)
[Address] EAT @explorer.exe (MsiQueryComponentStateA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707866EC)
[Address] EAT @explorer.exe (MsiQueryComponentStateW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707818E9)
[Address] EAT @explorer.exe (MsiQueryFeatureStateA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077F4F9)
[Address] EAT @explorer.exe (MsiQueryFeatureStateExA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70786904)
[Address] EAT @explorer.exe (MsiQueryFeatureStateExW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70781AE1)
[Address] EAT @explorer.exe (MsiQueryFeatureStateFromDescriptorA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077FA0A)
[Address] EAT @explorer.exe (MsiQueryFeatureStateFromDescriptorW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70780385)
[Address] EAT @explorer.exe (MsiQueryFeatureStateW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x706C617D)
[Address] EAT @explorer.exe (MsiQueryProductStateA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077D26D)
[Address] EAT @explorer.exe (MsiQueryProductStateW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x706D49B6)
[Address] EAT @explorer.exe (MsiRecordClearData) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70791B97)
[Address] EAT @explorer.exe (MsiRecordDataSize) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70791555)
[Address] EAT @explorer.exe (MsiRecordGetFieldCount) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70791786)
[Address] EAT @explorer.exe (MsiRecordGetInteger) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70791725)
[Address] EAT @explorer.exe (MsiRecordGetStringA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70793D8D)
[Address] EAT @explorer.exe (MsiRecordGetStringW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70793F3C)
[Address] EAT @explorer.exe (MsiRecordIsNull) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70791465)
[Address] EAT @explorer.exe (MsiRecordReadStream) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707919DD)
[Address] EAT @explorer.exe (MsiRecordSetInteger) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70791632)
[Address] EAT @explorer.exe (MsiRecordSetStreamA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707956E7)
[Address] EAT @explorer.exe (MsiRecordSetStreamW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70791873)
[Address] EAT @explorer.exe (MsiRecordSetStringA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7079548D)
[Address] EAT @explorer.exe (MsiRecordSetStringW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7079559E)
[Address] EAT @explorer.exe (MsiReinstallFeatureA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70771CEE)
[Address] EAT @explorer.exe (MsiReinstallFeatureFromDescriptorA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077D6D2)
[Address] EAT @explorer.exe (MsiReinstallFeatureFromDescriptorW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077E45F)
[Address] EAT @explorer.exe (MsiReinstallFeatureW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x706D8BD4)
[Address] EAT @explorer.exe (MsiReinstallProductA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077190E)
[Address] EAT @explorer.exe (MsiReinstallProductW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7076CE27)
[Address] EAT @explorer.exe (MsiRemovePatchesA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70789476)
[Address] EAT @explorer.exe (MsiRemovePatchesW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7078357E)
[Address] EAT @explorer.exe (MsiSequenceA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70795FF0)
[Address] EAT @explorer.exe (MsiSequenceW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70792CBB)
[Address] EAT @explorer.exe (MsiSetComponentStateA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7079725B)
[Address] EAT @explorer.exe (MsiSetComponentStateW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70797355)
[Address] EAT @explorer.exe (MsiSetExternalUIA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7076C55F)
[Address] EAT @explorer.exe (MsiSetExternalUIRecord) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70783173)
[Address] EAT @explorer.exe (MsiSetExternalUIW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x706D4E3E)
[Address] EAT @explorer.exe (MsiSetFeatureAttributesA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70796E71)
[Address] EAT @explorer.exe (MsiSetFeatureAttributesW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70796F24)
[Address] EAT @explorer.exe (MsiSetFeatureStateA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70796C9D)
[Address] EAT @explorer.exe (MsiSetFeatureStateW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70796D4F)
[Address] EAT @explorer.exe (MsiSetInstallLevel) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70793294)
[Address] EAT @explorer.exe (MsiSetInternalUI) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x706D4F9E)
[Address] EAT @explorer.exe (MsiSetMode) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7079272B)
[Address] EAT @explorer.exe (MsiSetOfflineContextW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707982F5)
[Address] EAT @explorer.exe (MsiSetPropertyA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70795C31)
[Address] EAT @explorer.exe (MsiSetPropertyW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70795DF5)
[Address] EAT @explorer.exe (MsiSetTargetPathA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7079684D)
[Address] EAT @explorer.exe (MsiSetTargetPathW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707969D1)
[Address] EAT @explorer.exe (MsiSourceListAddMediaDiskA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70786FA6)
[Address] EAT @explorer.exe (MsiSourceListAddMediaDiskW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70781F6D)
[Address] EAT @explorer.exe (MsiSourceListAddSourceA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70772E47)
[Address] EAT @explorer.exe (MsiSourceListAddSourceExA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70786D83)
[Address] EAT @explorer.exe (MsiSourceListAddSourceExW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70781D4B)
[Address] EAT @explorer.exe (MsiSourceListAddSourceW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7076DA89)
[Address] EAT @explorer.exe (MsiSourceListClearAllA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70772D00)
[Address] EAT @explorer.exe (MsiSourceListClearAllExA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707876E5)
[Address] EAT @explorer.exe (MsiSourceListClearAllExW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70782623)
[Address] EAT @explorer.exe (MsiSourceListClearAllW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7076D923)
[Address] EAT @explorer.exe (MsiSourceListClearMediaDiskA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707874BA)
[Address] EAT @explorer.exe (MsiSourceListClearMediaDiskW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70782415)
[Address] EAT @explorer.exe (MsiSourceListClearSourceA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707872A6)
[Address] EAT @explorer.exe (MsiSourceListClearSourceW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7078220D)
[Address] EAT @explorer.exe (MsiSourceListEnumMediaDisksA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707881BE)
[Address] EAT @explorer.exe (MsiSourceListEnumMediaDisksW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70782FBD)
[Address] EAT @explorer.exe (MsiSourceListEnumSourcesA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70787ABB)
[Address] EAT @explorer.exe (MsiSourceListEnumSourcesW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70782A0F)
[Address] EAT @explorer.exe (MsiSourceListForceResolutionA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70772FC8)
[Address] EAT @explorer.exe (MsiSourceListForceResolutionExA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707878DC)
[Address] EAT @explorer.exe (MsiSourceListForceResolutionExW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70782811)
[Address] EAT @explorer.exe (MsiSourceListForceResolutionW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7076DC13)
[Address] EAT @explorer.exe (MsiSourceListGetInfoA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70787C9E)
[Address] EAT @explorer.exe (MsiSourceListGetInfoW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70782BBD)
[Address] EAT @explorer.exe (MsiSourceListSetInfoA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70787F68)
[Address] EAT @explorer.exe (MsiSourceListSetInfoW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70782DB3)
[Address] EAT @explorer.exe (MsiSummaryInfoGetPropertyA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70792029)
[Address] EAT @explorer.exe (MsiSummaryInfoGetPropertyCount) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70791CAD)
[Address] EAT @explorer.exe (MsiSummaryInfoGetPropertyW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707921FB)
[Address] EAT @explorer.exe (MsiSummaryInfoPersist) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707923C1)
[Address] EAT @explorer.exe (MsiSummaryInfoSetPropertyA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70795776)
[Address] EAT @explorer.exe (MsiSummaryInfoSetPropertyW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70791D9B)
[Address] EAT @explorer.exe (MsiUseFeatureA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70780B8B)
[Address] EAT @explorer.exe (MsiUseFeatureExA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7077F7F0)
[Address] EAT @explorer.exe (MsiUseFeatureExW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x706D4CF2)
[Address] EAT @explorer.exe (MsiUseFeatureW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70780BA8)
[Address] EAT @explorer.exe (MsiVerifyDiskSpace) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707936D3)
[Address] EAT @explorer.exe (MsiVerifyPackageA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707705BA)
[Address] EAT @explorer.exe (MsiVerifyPackageW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7076EEA7)
[Address] EAT @explorer.exe (MsiViewClose) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70790A1F)
[Address] EAT @explorer.exe (MsiViewExecute) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7079057F)
[Address] EAT @explorer.exe (MsiViewFetch) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707906A3)
[Address] EAT @explorer.exe (MsiViewGetColumnInfo) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70790901)
[Address] EAT @explorer.exe (MsiViewGetErrorA) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x70790261)
[Address] EAT @explorer.exe (MsiViewGetErrorW) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7079043E)
[Address] EAT @explorer.exe (MsiViewModify) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x707907AF)
[Address] EAT @explorer.exe (QueryInstanceCount) : ieframe.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x706D2AE2)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST380013AS ATA Device +++++
--- User ---
[MBR] 584113dfd246fc1d9b8bb3a2fcbdffea
[bSP] e9aea0c7e24d79844ff56af379d66bbe : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 76217 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_05262014_153040.txt >>

 

 

Link to post
Share on other sites

Ok we have confirmation rootkit is gone, we still need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is ticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Select "Change" next to Current scan targets A new window will open, select any extra drives, Flash drives etc as required.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

Link to post
Share on other sites

Here is the report of the two Eset online scanner found.

 

C:\FRST\Quarantine\C\Users\Sean\AppData\Local\temp\APNSetup.exe.xBAD a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application deleted - quarantined
C:\Users\Sean\Downloads\ccsetup413.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
 

Link to post
Share on other sites

Ok do this to clean up....

 

Download "Delfix by Xplode" and save it to your desktop.

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Activate UAC
    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if any remaining issues or concerns....

 

Kevin....

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.