Jump to content

Malicious Website Blocked: C\Windows\SysWOW64\dllhost.exe

beaucomb

By beaucomb
in Resolved Malware Removal Logs

 Share

Recommended Posts

beaucomb

beaucomb

Posted
Posted

Hello!

I noticed the first signs of malware infection around 4:00 today (12/15/14).  Advertisement audio repeatedly played on my PC (at work) without any programs being open.  I opened task manager and saw multiple internet explorer applications running (from videosearch.org, if I remember correctly), though I never run Explorer.  I downloaded malwarebytes and ran a threat scan that never seemed to finish up. It detected 14 threats and checked each step of the process as "done," but, after 1.5 hours, the progress bar never finished up.  I restarted the PC in safe mode, then restarted again.  I ran a hyper scan with Malwarebytes, which quarantined one item, then restarted again to remove.  The explorer applications have ceased, but I am getting continuous alerts stating, "Malicious Website Blocked:  C\Windows\SysWOW64\dllhost.exe. I have just downloaded Farbar Recovery Scan Tool and performed a scan (FRST and Addition logs attached here).

 

Potentially related - I get an occasional flickering (duration 5-10 seconds) of open files/programs that started on Saturday night (12/13/14).  

Addition.txt

FRST.txt

Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Hello beaucomb, welcome to Malwarebytes' Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. :)
 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • If you are unable to copy/paste your logs directly into your post, please attach the file. 
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
  • Ensure you are following this topic. Click xetYzdbu.png.pagespeed.ic.U7AjmRUewW.png at the top of the page. 
     

======================================================

 

Do you recognise these files?

2014-12-15 13:41 - 2014-12-15 13:41 - 00001174 _____ () C:\Users\Bruce\AppData\Roaming\ProdASC.Asc
2014-12-15 13:31 - 2014-12-15 13:31 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\pw1v51q0u3vi.xml
2014-12-15 13:30 - 2014-12-15 13:30 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\rzls5cbnuwyl.xml
2014-12-14 16:06 - 2014-12-14 16:06 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\3rrjxmuyuhjq.xml
2014-12-14 16:01 - 2014-12-14 16:01 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\oajv3ge2u30o.xml
2014-12-14 15:41 - 2014-12-14 15:41 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\d5upmq1lu3my.xml
2014-12-13 19:21 - 2014-12-13 19:21 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\nkhskxvsusig.xml
2014-12-13 18:31 - 2014-12-13 18:31 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\bqu0rqu5ufgh.xml
2014-12-13 17:51 - 2014-12-13 17:51 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\bpe4nxekuv1j.xml
2014-12-13 16:36 - 2014-12-13 16:36 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\zzdu1ycyulf0.xml
2014-12-13 16:33 - 2014-12-13 16:33 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\y1200142uw3b.xml
2014-12-13 16:33 - 2014-12-13 16:33 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\x4j0rlgkugaj.xml
2014-12-13 16:26 - 2014-12-13 16:26 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\sbe1p2gmuqbz.xml
2014-12-13 16:16 - 2014-12-13 16:16 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\mp5zsoj3uupp.xml
2014-12-03 12:23 - 2014-12-03 12:23 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\vpuz0mblumft.xml
2014-12-03 12:20 - 2014-12-03 12:20 - 00000079 _____ () C:\Users\Bruce\AppData\Roaming\lhbjtl1ju4cn.xml
2014-12-03 12:13 - 2014-12-03 12:13 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\15m4t4zyugz2.xml
2014-12-03 12:00 - 2014-12-03 12:00 - 00000079 _____ () C:\Users\Bruce\AppData\Roaming\seysxkpsug1a.xml
2014-12-03 11:57 - 2014-12-03 11:57 - 00000079 _____ () C:\Users\Bruce\AppData\Roaming\w2pb353ku5iv.xml
2014-12-03 11:56 - 2014-12-03 11:56 - 00000079 _____ () C:\Users\Bruce\AppData\Roaming\z0blwszjugpi.xml
2014-11-21 02:18 - 2014-12-15 13:41 - 00000456 _____ () C:\Users\Bruce\AppData\Roaming\Customer.Asc
2014-11-19 08:10 - 2014-11-19 08:10 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\fqnlodbsuv4v.xml


STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    startCloseProcesses:HKLM-x32\...\Run: [] => [X]HKU\S-1-5-21-2824077954-1205789865-475378249-1000\...\Run: [1613486462] => C:\Users\Bruce\AppData\Roaming\mskyls.exeC:\Users\Bruce\AppData\Roaming\mskyls.exeHKU\S-1-5-21-2824077954-1205789865-475378249-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2824077954-1205789865-475378249-1000 -> DefaultScope {E26E4C2D-80B9-49B9-9E08-AAC702DE94CC} URL = SearchScopes: HKU\S-1-5-21-2824077954-1205789865-475378249-1000 -> {E26E4C2D-80B9-49B9-9E08-AAC702DE94CC} URL = CHR HKU\S-1-5-21-2824077954-1205789865-475378249-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path2014-12-15 16:14 - 2014-12-15 16:34 - 00000584 _____ () C:\ProgramData\@system.temp2014-12-15 16:14 - 2014-12-15 16:34 - 00000320 ____H () C:\ProgramData\@system3.att2014-12-15 16:13 - 2014-12-15 20:06 - 00000000 ____D () C:\Users\Bruce\AppData\Roaming\FrameworkUpdate2014-12-15 16:13 - 2014-12-15 16:13 - 00000480 ____H () C:\Users\Bruce\AppData\Roaming\麽鎒駓覜2014-12-15 16:12 - 2014-12-15 16:13 - 00003026 _____ () C:\Windows\System32\Tasks\suyggdf2014-12-15 16:11 - 2014-12-15 16:12 - 00000000 ____D () C:\ProgramData\Windows Genuine AdvantageC:\Users\Bruce\AppData\Local\Temp\01aw1xj0.dllC:\Users\Bruce\AppData\Local\Temp\0cjvn3wc.dllC:\Users\Bruce\AppData\Local\Temp\0olceg2b.dllC:\Users\Bruce\AppData\Local\Temp\0pap3ig4.dllC:\Users\Bruce\AppData\Local\Temp\1larqct3.dllC:\Users\Bruce\AppData\Local\Temp\2ds0ghrp.dllC:\Users\Bruce\AppData\Local\Temp\2ys14syx.dllC:\Users\Bruce\AppData\Local\Temp\3sjrqdx0.dllC:\Users\Bruce\AppData\Local\Temp\3u2rqndq.dllC:\Users\Bruce\AppData\Local\Temp\4cak12ju.dllC:\Users\Bruce\AppData\Local\Temp\4cnh50bs.dllC:\Users\Bruce\AppData\Local\Temp\4mom2j1s.dllC:\Users\Bruce\AppData\Local\Temp\52uknnct.dllC:\Users\Bruce\AppData\Local\Temp\5ilsxins.dllC:\Users\Bruce\AppData\Local\Temp\aoleluz0.dllC:\Users\Bruce\AppData\Local\Temp\b2rsz3ip.dllC:\Users\Bruce\AppData\Local\Temp\bbi1nzqk.dllC:\Users\Bruce\AppData\Local\Temp\cbquw4o0.dllC:\Users\Bruce\AppData\Local\Temp\cdo1198667821.dllC:\Users\Bruce\AppData\Local\Temp\cdo1347323570.dllC:\Users\Bruce\AppData\Local\Temp\co0io4ft.dllC:\Users\Bruce\AppData\Local\Temp\cpkwqt1k.dllC:\Users\Bruce\AppData\Local\Temp\ctbifd0l.dllC:\Users\Bruce\AppData\Local\Temp\ctxut101.dllC:\Users\Bruce\AppData\Local\Temp\cvd1din5.dllC:\Users\Bruce\AppData\Local\Temp\d2af04gj.dllC:\Users\Bruce\AppData\Local\Temp\dcfq51um.dllC:\Users\Bruce\AppData\Local\Temp\dddzqp51.dllC:\Users\Bruce\AppData\Local\Temp\dfjk3sb5.dllC:\Users\Bruce\AppData\Local\Temp\dhp41ljl.dllC:\Users\Bruce\AppData\Local\Temp\ebrudvgc.dllC:\Users\Bruce\AppData\Local\Temp\edofwmea.dllC:\Users\Bruce\AppData\Local\Temp\ewdqgupi.dllC:\Users\Bruce\AppData\Local\Temp\fav2r4xd.dllC:\Users\Bruce\AppData\Local\Temp\fbyxigfo.dllC:\Users\Bruce\AppData\Local\Temp\fp4o3b3w.dllC:\Users\Bruce\AppData\Local\Temp\fzeg2l3m.dllC:\Users\Bruce\AppData\Local\Temp\g2qd3qpy.dllC:\Users\Bruce\AppData\Local\Temp\g3gm3xvd.dllC:\Users\Bruce\AppData\Local\Temp\gmodbaqo.dllC:\Users\Bruce\AppData\Local\Temp\gpe0h4s2.dllC:\Users\Bruce\AppData\Local\Temp\gwqf2f1y.dllC:\Users\Bruce\AppData\Local\Temp\h1yvmful.dllC:\Users\Bruce\AppData\Local\Temp\h4vsa352.dllC:\Users\Bruce\AppData\Local\Temp\hfh5rcmy.dllC:\Users\Bruce\AppData\Local\Temp\hppyca5s.dllC:\Users\Bruce\AppData\Local\Temp\iagwmfpy.dllC:\Users\Bruce\AppData\Local\Temp\in3nxdja.dllC:\Users\Bruce\AppData\Local\Temp\j02nuhwo.dllC:\Users\Bruce\AppData\Local\Temp\jfndicbx.dllC:\Users\Bruce\AppData\Local\Temp\jlour33l.dllC:\Users\Bruce\AppData\Local\Temp\KB18004496.exeC:\Users\Bruce\AppData\Local\Temp\kgnu0vrp.dllC:\Users\Bruce\AppData\Local\Temp\ldyz5ayo.dllC:\Users\Bruce\AppData\Local\Temp\ljmeesn3.dllC:\Users\Bruce\AppData\Local\Temp\lxdzq0av.dllC:\Users\Bruce\AppData\Local\Temp\m3ajvjnj.dllC:\Users\Bruce\AppData\Local\Temp\m5edmxow.dllC:\Users\Bruce\AppData\Local\Temp\mkpmzby2.dllC:\Users\Bruce\AppData\Local\Temp\mzedqmxx.dllC:\Users\Bruce\AppData\Local\Temp\nzxr0hxj.dllC:\Users\Bruce\AppData\Local\Temp\o00ibrcj.dllC:\Users\Bruce\AppData\Local\Temp\o151dvgy.dllC:\Users\Bruce\AppData\Local\Temp\oaluym0d.dllC:\Users\Bruce\AppData\Local\Temp\okcg2wgk.dllC:\Users\Bruce\AppData\Local\Temp\oqrrn4oe.dllC:\Users\Bruce\AppData\Local\Temp\ozgm25j4.dllC:\Users\Bruce\AppData\Local\Temp\pd5q1drr.dllC:\Users\Bruce\AppData\Local\Temp\q3jxhqvx.dllC:\Users\Bruce\AppData\Local\Temp\qfx2p24p.dllC:\Users\Bruce\AppData\Local\Temp\qqxstapm.dllC:\Users\Bruce\AppData\Local\Temp\qsujacgb.dllC:\Users\Bruce\AppData\Local\Temp\rfzddm45.dllC:\Users\Bruce\AppData\Local\Temp\rjl4rvbn.dllC:\Users\Bruce\AppData\Local\Temp\savlsnyd.dllC:\Users\Bruce\AppData\Local\Temp\snzvfgui.dllC:\Users\Bruce\AppData\Local\Temp\solplgqx.dllC:\Users\Bruce\AppData\Local\Temp\spuebldn.dllC:\Users\Bruce\AppData\Local\Temp\syr01jnz.dllC:\Users\Bruce\AppData\Local\Temp\tfdhr5cn.dllC:\Users\Bruce\AppData\Local\Temp\toz5rx4a.dllC:\Users\Bruce\AppData\Local\Temp\tvpdeupd.dllC:\Users\Bruce\AppData\Local\Temp\u3jwbgh4.dllC:\Users\Bruce\AppData\Local\Temp\u45lvdj0.dllC:\Users\Bruce\AppData\Local\Temp\ujifse10.dllC:\Users\Bruce\AppData\Local\Temp\update.exeC:\Users\Bruce\AppData\Local\Temp\vbxetvl2.dllC:\Users\Bruce\AppData\Local\Temp\wbm0skxz.dllC:\Users\Bruce\AppData\Local\Temp\wfuzly1e.dllC:\Users\Bruce\AppData\Local\Temp\wszywdj5.dllC:\Users\Bruce\AppData\Local\Temp\wvscf0fz.dllC:\Users\Bruce\AppData\Local\Temp\xdilb0tw.dllC:\Users\Bruce\AppData\Local\Temp\xdweyzd.exeC:\Users\Bruce\AppData\Local\Temp\xedcb3lb.dllC:\Users\Bruce\AppData\Local\Temp\xmxn22rm.dllC:\Users\Bruce\AppData\Local\Temp\xpywhhqf.dllC:\Users\Bruce\AppData\Local\Temp\xt3knbff.dllC:\Users\Bruce\AppData\Local\Temp\y2a44dwz.dllC:\Users\Bruce\AppData\Local\Temp\yqr4uj1x.dllC:\Users\Bruce\AppData\Local\Temp\z5l13xwn.dllC:\Users\Bruce\AppData\Local\Temp\za22k5ln.dllC:\Users\Bruce\AppData\Local\Temp\zfwfkwdq.dllC:\Users\Bruce\AppData\Local\Temp\zwbo2kli.dllCustomCLSID: HKU\S-1-5-21-2824077954-1205789865-475378249-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?Task: {B3DCF021-A547-4B4F-8148-19E5CE7A8429} - System32\Tasks\suyggdf => C:\Users\Bruce\AppData\Local\Temp\xdweyzdjiepwhd.exe <==== ATTENTIONC:\Users\Bruce\AppData\Local\Temp\xdweyzdjiepwhd.exeCMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name.
  • Important: In the Encoding: drop-down box, select Unicode.
  • Important: The file must be saved in the same location as FRST64.exe.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 3
9SN2ePL.png ComboFix

  • Note: Please read through these instructions before running ComboFix. 
  • Please download ComboFix and save the file to your Desktop. << Important!
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click ComboFix.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
     
  • Allow ComboFix to complete it's removal routine (please refer to Important Notes:).
  • Upon completion, a log (ComboFix.txt) will be created in the root directory (C:\). Copy the contents of the log and paste in your next reply.
  • Re-enable your anti-virus software.
     

Important Notes:

  • Do NOT mouse click ComboFix's window whilst it is running. This may cause the programme to stall.
  • Do NOT use your computer whilst ComboFix is running.
  • Your Desktop/taskbar may disappear whilst ComboFix is running; this is normal.
     
  • If you get the message Illegal operation attempted on registry key that has been marked for deletion please reboot your computer.
  • ComboFix will disconnect your machine from the Internet as soon as it starts.
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If you are unable to access the Internet after running ComboFix, please reboot your computer. 
     

STEP 4
YARWD1t.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to:
    • Loaded Modules
    • Detect TDLFS file system
    • Verify file digital signatures
  • Note: If you receive the following message: Extended Monitoring Driver is required, click Reboot now, and continue from here following the reboot.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach the log in your next reply.
     

======================================================
 
STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Do you recognise the files?
  • Fixlog.txt
  • MBAM log
  • ComboFix.txt
  • TDSSKiller log (attached!)
Link to post
Share on other sites
beaucomb

beaucomb

Posted
  • Author
Posted

Well, it still says "fixing is in progress," but this is the content of the fixlog.  Should I move ahead with step 2, or wait for FRST to finish up?:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01
Ran by Bruce at 2014-12-16 09:10:43 Run:1
Running from C:\Users\Bruce\Desktop
Loaded Profiles: Bruce &  (Available profiles: Bruce)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2824077954-1205789865-475378249-1000\...\Run: [1613486462] => C:\Users\Bruce\AppData\Roaming\mskyls.exe
C:\Users\Bruce\AppData\Roaming\mskyls.exe
HKU\S-1-5-21-2824077954-1205789865-475378249-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2824077954-1205789865-475378249-1000 -> DefaultScope {E26E4C2D-80B9-49B9-9E08-AAC702DE94CC} URL = 
SearchScopes: HKU\S-1-5-21-2824077954-1205789865-475378249-1000 -> {E26E4C2D-80B9-49B9-9E08-AAC702DE94CC} URL = 
CHR HKU\S-1-5-21-2824077954-1205789865-475378249-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
2014-12-15 16:14 - 2014-12-15 16:34 - 00000584 _____ () C:\ProgramData\@system.temp
2014-12-15 16:14 - 2014-12-15 16:34 - 00000320 ____H () C:\ProgramData\@system3.att
2014-12-15 16:13 - 2014-12-15 20:06 - 00000000 ____D () C:\Users\Bruce\AppData\Roaming\FrameworkUpdate
2014-12-15 16:13 - 2014-12-15 16:13 - 00000480 ____H () C:\Users\Bruce\AppData\Roaming\麽鎒駓覜
2014-12-15 16:12 - 2014-12-15 16:13 - 00003026 _____ () C:\Windows\System32\Tasks\suyggdf
2014-12-15 16:11 - 2014-12-15 16:12 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
C:\Users\Bruce\AppData\Local\Temp\01aw1xj0.dll
C:\Users\Bruce\AppData\Local\Temp\0cjvn3wc.dll
C:\Users\Bruce\AppData\Local\Temp\0olceg2b.dll
C:\Users\Bruce\AppData\Local\Temp\0pap3ig4.dll
C:\Users\Bruce\AppData\Local\Temp\1larqct3.dll
C:\Users\Bruce\AppData\Local\Temp\2ds0ghrp.dll
C:\Users\Bruce\AppData\Local\Temp\2ys14syx.dll
C:\Users\Bruce\AppData\Local\Temp\3sjrqdx0.dll
C:\Users\Bruce\AppData\Local\Temp\3u2rqndq.dll
C:\Users\Bruce\AppData\Local\Temp\4cak12ju.dll
C:\Users\Bruce\AppData\Local\Temp\4cnh50bs.dll
C:\Users\Bruce\AppData\Local\Temp\4mom2j1s.dll
C:\Users\Bruce\AppData\Local\Temp\52uknnct.dll
C:\Users\Bruce\AppData\Local\Temp\5ilsxins.dll
C:\Users\Bruce\AppData\Local\Temp\aoleluz0.dll
C:\Users\Bruce\AppData\Local\Temp\b2rsz3ip.dll
C:\Users\Bruce\AppData\Local\Temp\bbi1nzqk.dll
C:\Users\Bruce\AppData\Local\Temp\cbquw4o0.dll
C:\Users\Bruce\AppData\Local\Temp\cdo1198667821.dll
C:\Users\Bruce\AppData\Local\Temp\cdo1347323570.dll
C:\Users\Bruce\AppData\Local\Temp\co0io4ft.dll
C:\Users\Bruce\AppData\Local\Temp\cpkwqt1k.dll
C:\Users\Bruce\AppData\Local\Temp\ctbifd0l.dll
C:\Users\Bruce\AppData\Local\Temp\ctxut101.dll
C:\Users\Bruce\AppData\Local\Temp\cvd1din5.dll
C:\Users\Bruce\AppData\Local\Temp\d2af04gj.dll
C:\Users\Bruce\AppData\Local\Temp\dcfq51um.dll
C:\Users\Bruce\AppData\Local\Temp\dddzqp51.dll
C:\Users\Bruce\AppData\Local\Temp\dfjk3sb5.dll
C:\Users\Bruce\AppData\Local\Temp\dhp41ljl.dll
C:\Users\Bruce\AppData\Local\Temp\ebrudvgc.dll
C:\Users\Bruce\AppData\Local\Temp\edofwmea.dll
C:\Users\Bruce\AppData\Local\Temp\ewdqgupi.dll
C:\Users\Bruce\AppData\Local\Temp\fav2r4xd.dll
C:\Users\Bruce\AppData\Local\Temp\fbyxigfo.dll
C:\Users\Bruce\AppData\Local\Temp\fp4o3b3w.dll
C:\Users\Bruce\AppData\Local\Temp\fzeg2l3m.dll
C:\Users\Bruce\AppData\Local\Temp\g2qd3qpy.dll
C:\Users\Bruce\AppData\Local\Temp\g3gm3xvd.dll
C:\Users\Bruce\AppData\Local\Temp\gmodbaqo.dll
C:\Users\Bruce\AppData\Local\Temp\gpe0h4s2.dll
C:\Users\Bruce\AppData\Local\Temp\gwqf2f1y.dll
C:\Users\Bruce\AppData\Local\Temp\h1yvmful.dll
C:\Users\Bruce\AppData\Local\Temp\h4vsa352.dll
C:\Users\Bruce\AppData\Local\Temp\hfh5rcmy.dll
C:\Users\Bruce\AppData\Local\Temp\hppyca5s.dll
C:\Users\Bruce\AppData\Local\Temp\iagwmfpy.dll
C:\Users\Bruce\AppData\Local\Temp\in3nxdja.dll
C:\Users\Bruce\AppData\Local\Temp\j02nuhwo.dll
C:\Users\Bruce\AppData\Local\Temp\jfndicbx.dll
C:\Users\Bruce\AppData\Local\Temp\jlour33l.dll
C:\Users\Bruce\AppData\Local\Temp\KB18004496.exe
C:\Users\Bruce\AppData\Local\Temp\kgnu0vrp.dll
C:\Users\Bruce\AppData\Local\Temp\ldyz5ayo.dll
C:\Users\Bruce\AppData\Local\Temp\ljmeesn3.dll
C:\Users\Bruce\AppData\Local\Temp\lxdzq0av.dll
C:\Users\Bruce\AppData\Local\Temp\m3ajvjnj.dll
C:\Users\Bruce\AppData\Local\Temp\m5edmxow.dll
C:\Users\Bruce\AppData\Local\Temp\mkpmzby2.dll
C:\Users\Bruce\AppData\Local\Temp\mzedqmxx.dll
C:\Users\Bruce\AppData\Local\Temp\nzxr0hxj.dll
C:\Users\Bruce\AppData\Local\Temp\o00ibrcj.dll
C:\Users\Bruce\AppData\Local\Temp\o151dvgy.dll
C:\Users\Bruce\AppData\Local\Temp\oaluym0d.dll
C:\Users\Bruce\AppData\Local\Temp\okcg2wgk.dll
C:\Users\Bruce\AppData\Local\Temp\oqrrn4oe.dll
C:\Users\Bruce\AppData\Local\Temp\ozgm25j4.dll
C:\Users\Bruce\AppData\Local\Temp\pd5q1drr.dll
C:\Users\Bruce\AppData\Local\Temp\q3jxhqvx.dll
C:\Users\Bruce\AppData\Local\Temp\qfx2p24p.dll
C:\Users\Bruce\AppData\Local\Temp\qqxstapm.dll
C:\Users\Bruce\AppData\Local\Temp\qsujacgb.dll
C:\Users\Bruce\AppData\Local\Temp\rfzddm45.dll
C:\Users\Bruce\AppData\Local\Temp\rjl4rvbn.dll
C:\Users\Bruce\AppData\Local\Temp\savlsnyd.dll
C:\Users\Bruce\AppData\Local\Temp\snzvfgui.dll
C:\Users\Bruce\AppData\Local\Temp\solplgqx.dll
C:\Users\Bruce\AppData\Local\Temp\spuebldn.dll
C:\Users\Bruce\AppData\Local\Temp\syr01jnz.dll
C:\Users\Bruce\AppData\Local\Temp\tfdhr5cn.dll
C:\Users\Bruce\AppData\Local\Temp\toz5rx4a.dll
C:\Users\Bruce\AppData\Local\Temp\tvpdeupd.dll
C:\Users\Bruce\AppData\Local\Temp\u3jwbgh4.dll
C:\Users\Bruce\AppData\Local\Temp\u45lvdj0.dll
C:\Users\Bruce\AppData\Local\Temp\ujifse10.dll
C:\Users\Bruce\AppData\Local\Temp\update.exe
C:\Users\Bruce\AppData\Local\Temp\vbxetvl2.dll
C:\Users\Bruce\AppData\Local\Temp\wbm0skxz.dll
C:\Users\Bruce\AppData\Local\Temp\wfuzly1e.dll
C:\Users\Bruce\AppData\Local\Temp\wszywdj5.dll
C:\Users\Bruce\AppData\Local\Temp\wvscf0fz.dll
C:\Users\Bruce\AppData\Local\Temp\xdilb0tw.dll
C:\Users\Bruce\AppData\Local\Temp\xdweyzd.exe
C:\Users\Bruce\AppData\Local\Temp\xedcb3lb.dll
C:\Users\Bruce\AppData\Local\Temp\xmxn22rm.dll
C:\Users\Bruce\AppData\Local\Temp\xpywhhqf.dll
C:\Users\Bruce\AppData\Local\Temp\xt3knbff.dll
C:\Users\Bruce\AppData\Local\Temp\y2a44dwz.dll
C:\Users\Bruce\AppData\Local\Temp\yqr4uj1x.dll
C:\Users\Bruce\AppData\Local\Temp\z5l13xwn.dll
C:\Users\Bruce\AppData\Local\Temp\za22k5ln.dll
C:\Users\Bruce\AppData\Local\Temp\zfwfkwdq.dll
C:\Users\Bruce\AppData\Local\Temp\zwbo2kli.dll
CustomCLSID: HKU\S-1-5-21-2824077954-1205789865-475378249-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
Task: {B3DCF021-A547-4B4F-8148-19E5CE7A8429} - System32\Tasks\suyggdf => C:\Users\Bruce\AppData\Local\Temp\xdweyzdjiepwhd.exe <==== ATTENTION
C:\Users\Bruce\AppData\Local\Temp\xdweyzdjiepwhd.exe
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
end
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-2824077954-1205789865-475378249-1000\Software\Microsoft\Windows\CurrentVersion\Run\\1613486462 => value deleted successfully.
"C:\Users\Bruce\AppData\Roaming\mskyls.exe" => File/Directory not found.
"HKU\S-1-5-21-2824077954-1205789865-475378249-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key not found.
"HKU\S-1-5-21-2824077954-1205789865-475378249-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKU\S-1-5-21-2824077954-1205789865-475378249-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2824077954-1205789865-475378249-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E26E4C2D-80B9-49B9-9E08-AAC702DE94CC}" => Key deleted successfully.
"HKCR\CLSID\{E26E4C2D-80B9-49B9-9E08-AAC702DE94CC}" => Key not found.
"HKU\S-1-5-21-2824077954-1205789865-475378249-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully.
C:\ProgramData\@system.temp => Moved successfully.
C:\ProgramData\@system3.att => Moved successfully.
C:\Users\Bruce\AppData\Roaming\FrameworkUpdate => Moved successfully.
C:\Users\Bruce\AppData\Roaming\麽鎒駓覜 => Moved successfully.
C:\Windows\System32\Tasks\suyggdf => Moved successfully.
C:\ProgramData\Windows Genuine Advantage => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\01aw1xj0.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\0cjvn3wc.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\0olceg2b.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\0pap3ig4.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\1larqct3.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\2ds0ghrp.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\2ys14syx.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\3sjrqdx0.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\3u2rqndq.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\4cak12ju.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\4cnh50bs.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\4mom2j1s.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\52uknnct.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\5ilsxins.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\aoleluz0.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\b2rsz3ip.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\bbi1nzqk.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\cbquw4o0.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\cdo1198667821.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\cdo1347323570.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\co0io4ft.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\cpkwqt1k.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\ctbifd0l.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\ctxut101.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\cvd1din5.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\d2af04gj.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\dcfq51um.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\dddzqp51.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\dfjk3sb5.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\dhp41ljl.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\ebrudvgc.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\edofwmea.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\ewdqgupi.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\fav2r4xd.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\fbyxigfo.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\fp4o3b3w.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\fzeg2l3m.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\g2qd3qpy.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\g3gm3xvd.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\gmodbaqo.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\gpe0h4s2.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\gwqf2f1y.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\h1yvmful.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\h4vsa352.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\hfh5rcmy.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\hppyca5s.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\iagwmfpy.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\in3nxdja.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\j02nuhwo.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\jfndicbx.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\jlour33l.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\KB18004496.exe => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\kgnu0vrp.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\ldyz5ayo.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\ljmeesn3.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\lxdzq0av.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\m3ajvjnj.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\m5edmxow.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\mkpmzby2.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\mzedqmxx.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\nzxr0hxj.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\o00ibrcj.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\o151dvgy.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\oaluym0d.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\okcg2wgk.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\oqrrn4oe.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\ozgm25j4.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\pd5q1drr.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\q3jxhqvx.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\qfx2p24p.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\qqxstapm.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\qsujacgb.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\rfzddm45.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\rjl4rvbn.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\savlsnyd.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\snzvfgui.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\solplgqx.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\spuebldn.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\syr01jnz.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\tfdhr5cn.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\toz5rx4a.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\tvpdeupd.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\u3jwbgh4.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\u45lvdj0.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\ujifse10.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\update.exe => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\vbxetvl2.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\wbm0skxz.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\wfuzly1e.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\wszywdj5.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\wvscf0fz.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\xdilb0tw.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\xdweyzd.exe => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\xedcb3lb.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\xmxn22rm.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\xpywhhqf.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\xt3knbff.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\y2a44dwz.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\yqr4uj1x.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\z5l13xwn.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\za22k5ln.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\zfwfkwdq.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\zwbo2kli.dll => Moved successfully.
"HKU\S-1-5-21-2824077954-1205789865-475378249-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B3DCF021-A547-4B4F-8148-19E5CE7A8429}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3DCF021-A547-4B4F-8148-19E5CE7A8429}" => Key deleted successfully.
C:\Windows\System32\Tasks\suyggdf not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\suyggdf" => Key deleted successfully.
"C:\Users\Bruce\AppData\Local\Temp\xdweyzdjiepwhd.exe" => File/Directory not found.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
Link to post
Share on other sites
beaucomb

beaucomb

Posted
  • Author
Posted

All right, Adam. I've made it through steps 1 and 2 (logs pasted below).  I cannot download ComboFix - upon attempting, the result is "Failed - Download error." Please advise!

 

1. Do you recognise these files?  No

2. Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01
Ran by Bruce at 2014-12-16 09:10:43 Run:1
Running from C:\Users\Bruce\Desktop
Loaded Profiles: Bruce &  (Available profiles: Bruce)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2824077954-1205789865-475378249-1000\...\Run: [1613486462] => C:\Users\Bruce\AppData\Roaming\mskyls.exe
C:\Users\Bruce\AppData\Roaming\mskyls.exe
HKU\S-1-5-21-2824077954-1205789865-475378249-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2824077954-1205789865-475378249-1000 -> DefaultScope {E26E4C2D-80B9-49B9-9E08-AAC702DE94CC} URL = 
SearchScopes: HKU\S-1-5-21-2824077954-1205789865-475378249-1000 -> {E26E4C2D-80B9-49B9-9E08-AAC702DE94CC} URL = 
CHR HKU\S-1-5-21-2824077954-1205789865-475378249-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
2014-12-15 16:14 - 2014-12-15 16:34 - 00000584 _____ () C:\ProgramData\@system.temp
2014-12-15 16:14 - 2014-12-15 16:34 - 00000320 ____H () C:\ProgramData\@system3.att
2014-12-15 16:13 - 2014-12-15 20:06 - 00000000 ____D () C:\Users\Bruce\AppData\Roaming\FrameworkUpdate
2014-12-15 16:13 - 2014-12-15 16:13 - 00000480 ____H () C:\Users\Bruce\AppData\Roaming\麽鎒駓覜
2014-12-15 16:12 - 2014-12-15 16:13 - 00003026 _____ () C:\Windows\System32\Tasks\suyggdf
2014-12-15 16:11 - 2014-12-15 16:12 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
C:\Users\Bruce\AppData\Local\Temp\01aw1xj0.dll
C:\Users\Bruce\AppData\Local\Temp\0cjvn3wc.dll
C:\Users\Bruce\AppData\Local\Temp\0olceg2b.dll
C:\Users\Bruce\AppData\Local\Temp\0pap3ig4.dll
C:\Users\Bruce\AppData\Local\Temp\1larqct3.dll
C:\Users\Bruce\AppData\Local\Temp\2ds0ghrp.dll
C:\Users\Bruce\AppData\Local\Temp\2ys14syx.dll
C:\Users\Bruce\AppData\Local\Temp\3sjrqdx0.dll
C:\Users\Bruce\AppData\Local\Temp\3u2rqndq.dll
C:\Users\Bruce\AppData\Local\Temp\4cak12ju.dll
C:\Users\Bruce\AppData\Local\Temp\4cnh50bs.dll
C:\Users\Bruce\AppData\Local\Temp\4mom2j1s.dll
C:\Users\Bruce\AppData\Local\Temp\52uknnct.dll
C:\Users\Bruce\AppData\Local\Temp\5ilsxins.dll
C:\Users\Bruce\AppData\Local\Temp\aoleluz0.dll
C:\Users\Bruce\AppData\Local\Temp\b2rsz3ip.dll
C:\Users\Bruce\AppData\Local\Temp\bbi1nzqk.dll
C:\Users\Bruce\AppData\Local\Temp\cbquw4o0.dll
C:\Users\Bruce\AppData\Local\Temp\cdo1198667821.dll
C:\Users\Bruce\AppData\Local\Temp\cdo1347323570.dll
C:\Users\Bruce\AppData\Local\Temp\co0io4ft.dll
C:\Users\Bruce\AppData\Local\Temp\cpkwqt1k.dll
C:\Users\Bruce\AppData\Local\Temp\ctbifd0l.dll
C:\Users\Bruce\AppData\Local\Temp\ctxut101.dll
C:\Users\Bruce\AppData\Local\Temp\cvd1din5.dll
C:\Users\Bruce\AppData\Local\Temp\d2af04gj.dll
C:\Users\Bruce\AppData\Local\Temp\dcfq51um.dll
C:\Users\Bruce\AppData\Local\Temp\dddzqp51.dll
C:\Users\Bruce\AppData\Local\Temp\dfjk3sb5.dll
C:\Users\Bruce\AppData\Local\Temp\dhp41ljl.dll
C:\Users\Bruce\AppData\Local\Temp\ebrudvgc.dll
C:\Users\Bruce\AppData\Local\Temp\edofwmea.dll
C:\Users\Bruce\AppData\Local\Temp\ewdqgupi.dll
C:\Users\Bruce\AppData\Local\Temp\fav2r4xd.dll
C:\Users\Bruce\AppData\Local\Temp\fbyxigfo.dll
C:\Users\Bruce\AppData\Local\Temp\fp4o3b3w.dll
C:\Users\Bruce\AppData\Local\Temp\fzeg2l3m.dll
C:\Users\Bruce\AppData\Local\Temp\g2qd3qpy.dll
C:\Users\Bruce\AppData\Local\Temp\g3gm3xvd.dll
C:\Users\Bruce\AppData\Local\Temp\gmodbaqo.dll
C:\Users\Bruce\AppData\Local\Temp\gpe0h4s2.dll
C:\Users\Bruce\AppData\Local\Temp\gwqf2f1y.dll
C:\Users\Bruce\AppData\Local\Temp\h1yvmful.dll
C:\Users\Bruce\AppData\Local\Temp\h4vsa352.dll
C:\Users\Bruce\AppData\Local\Temp\hfh5rcmy.dll
C:\Users\Bruce\AppData\Local\Temp\hppyca5s.dll
C:\Users\Bruce\AppData\Local\Temp\iagwmfpy.dll
C:\Users\Bruce\AppData\Local\Temp\in3nxdja.dll
C:\Users\Bruce\AppData\Local\Temp\j02nuhwo.dll
C:\Users\Bruce\AppData\Local\Temp\jfndicbx.dll
C:\Users\Bruce\AppData\Local\Temp\jlour33l.dll
C:\Users\Bruce\AppData\Local\Temp\KB18004496.exe
C:\Users\Bruce\AppData\Local\Temp\kgnu0vrp.dll
C:\Users\Bruce\AppData\Local\Temp\ldyz5ayo.dll
C:\Users\Bruce\AppData\Local\Temp\ljmeesn3.dll
C:\Users\Bruce\AppData\Local\Temp\lxdzq0av.dll
C:\Users\Bruce\AppData\Local\Temp\m3ajvjnj.dll
C:\Users\Bruce\AppData\Local\Temp\m5edmxow.dll
C:\Users\Bruce\AppData\Local\Temp\mkpmzby2.dll
C:\Users\Bruce\AppData\Local\Temp\mzedqmxx.dll
C:\Users\Bruce\AppData\Local\Temp\nzxr0hxj.dll
C:\Users\Bruce\AppData\Local\Temp\o00ibrcj.dll
C:\Users\Bruce\AppData\Local\Temp\o151dvgy.dll
C:\Users\Bruce\AppData\Local\Temp\oaluym0d.dll
C:\Users\Bruce\AppData\Local\Temp\okcg2wgk.dll
C:\Users\Bruce\AppData\Local\Temp\oqrrn4oe.dll
C:\Users\Bruce\AppData\Local\Temp\ozgm25j4.dll
C:\Users\Bruce\AppData\Local\Temp\pd5q1drr.dll
C:\Users\Bruce\AppData\Local\Temp\q3jxhqvx.dll
C:\Users\Bruce\AppData\Local\Temp\qfx2p24p.dll
C:\Users\Bruce\AppData\Local\Temp\qqxstapm.dll
C:\Users\Bruce\AppData\Local\Temp\qsujacgb.dll
C:\Users\Bruce\AppData\Local\Temp\rfzddm45.dll
C:\Users\Bruce\AppData\Local\Temp\rjl4rvbn.dll
C:\Users\Bruce\AppData\Local\Temp\savlsnyd.dll
C:\Users\Bruce\AppData\Local\Temp\snzvfgui.dll
C:\Users\Bruce\AppData\Local\Temp\solplgqx.dll
C:\Users\Bruce\AppData\Local\Temp\spuebldn.dll
C:\Users\Bruce\AppData\Local\Temp\syr01jnz.dll
C:\Users\Bruce\AppData\Local\Temp\tfdhr5cn.dll
C:\Users\Bruce\AppData\Local\Temp\toz5rx4a.dll
C:\Users\Bruce\AppData\Local\Temp\tvpdeupd.dll
C:\Users\Bruce\AppData\Local\Temp\u3jwbgh4.dll
C:\Users\Bruce\AppData\Local\Temp\u45lvdj0.dll
C:\Users\Bruce\AppData\Local\Temp\ujifse10.dll
C:\Users\Bruce\AppData\Local\Temp\update.exe
C:\Users\Bruce\AppData\Local\Temp\vbxetvl2.dll
C:\Users\Bruce\AppData\Local\Temp\wbm0skxz.dll
C:\Users\Bruce\AppData\Local\Temp\wfuzly1e.dll
C:\Users\Bruce\AppData\Local\Temp\wszywdj5.dll
C:\Users\Bruce\AppData\Local\Temp\wvscf0fz.dll
C:\Users\Bruce\AppData\Local\Temp\xdilb0tw.dll
C:\Users\Bruce\AppData\Local\Temp\xdweyzd.exe
C:\Users\Bruce\AppData\Local\Temp\xedcb3lb.dll
C:\Users\Bruce\AppData\Local\Temp\xmxn22rm.dll
C:\Users\Bruce\AppData\Local\Temp\xpywhhqf.dll
C:\Users\Bruce\AppData\Local\Temp\xt3knbff.dll
C:\Users\Bruce\AppData\Local\Temp\y2a44dwz.dll
C:\Users\Bruce\AppData\Local\Temp\yqr4uj1x.dll
C:\Users\Bruce\AppData\Local\Temp\z5l13xwn.dll
C:\Users\Bruce\AppData\Local\Temp\za22k5ln.dll
C:\Users\Bruce\AppData\Local\Temp\zfwfkwdq.dll
C:\Users\Bruce\AppData\Local\Temp\zwbo2kli.dll
CustomCLSID: HKU\S-1-5-21-2824077954-1205789865-475378249-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
Task: {B3DCF021-A547-4B4F-8148-19E5CE7A8429} - System32\Tasks\suyggdf => C:\Users\Bruce\AppData\Local\Temp\xdweyzdjiepwhd.exe <==== ATTENTION
C:\Users\Bruce\AppData\Local\Temp\xdweyzdjiepwhd.exe
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
end
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-2824077954-1205789865-475378249-1000\Software\Microsoft\Windows\CurrentVersion\Run\\1613486462 => value deleted successfully.
"C:\Users\Bruce\AppData\Roaming\mskyls.exe" => File/Directory not found.
"HKU\S-1-5-21-2824077954-1205789865-475378249-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key not found.
"HKU\S-1-5-21-2824077954-1205789865-475378249-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKU\S-1-5-21-2824077954-1205789865-475378249-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2824077954-1205789865-475378249-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E26E4C2D-80B9-49B9-9E08-AAC702DE94CC}" => Key deleted successfully.
"HKCR\CLSID\{E26E4C2D-80B9-49B9-9E08-AAC702DE94CC}" => Key not found.
"HKU\S-1-5-21-2824077954-1205789865-475378249-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully.
C:\ProgramData\@system.temp => Moved successfully.
C:\ProgramData\@system3.att => Moved successfully.
C:\Users\Bruce\AppData\Roaming\FrameworkUpdate => Moved successfully.
C:\Users\Bruce\AppData\Roaming\麽鎒駓覜 => Moved successfully.
C:\Windows\System32\Tasks\suyggdf => Moved successfully.
C:\ProgramData\Windows Genuine Advantage => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\01aw1xj0.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\0cjvn3wc.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\0olceg2b.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\0pap3ig4.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\1larqct3.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\2ds0ghrp.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\2ys14syx.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\3sjrqdx0.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\3u2rqndq.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\4cak12ju.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\4cnh50bs.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\4mom2j1s.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\52uknnct.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\5ilsxins.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\aoleluz0.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\b2rsz3ip.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\bbi1nzqk.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\cbquw4o0.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\cdo1198667821.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\cdo1347323570.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\co0io4ft.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\cpkwqt1k.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\ctbifd0l.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\ctxut101.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\cvd1din5.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\d2af04gj.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\dcfq51um.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\dddzqp51.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\dfjk3sb5.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\dhp41ljl.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\ebrudvgc.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\edofwmea.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\ewdqgupi.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\fav2r4xd.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\fbyxigfo.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\fp4o3b3w.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\fzeg2l3m.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\g2qd3qpy.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\g3gm3xvd.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\gmodbaqo.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\gpe0h4s2.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\gwqf2f1y.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\h1yvmful.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\h4vsa352.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\hfh5rcmy.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\hppyca5s.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\iagwmfpy.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\in3nxdja.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\j02nuhwo.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\jfndicbx.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\jlour33l.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\KB18004496.exe => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\kgnu0vrp.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\ldyz5ayo.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\ljmeesn3.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\lxdzq0av.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\m3ajvjnj.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\m5edmxow.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\mkpmzby2.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\mzedqmxx.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\nzxr0hxj.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\o00ibrcj.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\o151dvgy.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\oaluym0d.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\okcg2wgk.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\oqrrn4oe.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\ozgm25j4.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\pd5q1drr.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\q3jxhqvx.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\qfx2p24p.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\qqxstapm.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\qsujacgb.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\rfzddm45.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\rjl4rvbn.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\savlsnyd.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\snzvfgui.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\solplgqx.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\spuebldn.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\syr01jnz.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\tfdhr5cn.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\toz5rx4a.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\tvpdeupd.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\u3jwbgh4.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\u45lvdj0.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\ujifse10.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\update.exe => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\vbxetvl2.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\wbm0skxz.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\wfuzly1e.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\wszywdj5.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\wvscf0fz.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\xdilb0tw.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\xdweyzd.exe => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\xedcb3lb.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\xmxn22rm.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\xpywhhqf.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\xt3knbff.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\y2a44dwz.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\yqr4uj1x.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\z5l13xwn.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\za22k5ln.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\zfwfkwdq.dll => Moved successfully.
C:\Users\Bruce\AppData\Local\Temp\zwbo2kli.dll => Moved successfully.
"HKU\S-1-5-21-2824077954-1205789865-475378249-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B3DCF021-A547-4B4F-8148-19E5CE7A8429}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3DCF021-A547-4B4F-8148-19E5CE7A8429}" => Key deleted successfully.
C:\Windows\System32\Tasks\suyggdf not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\suyggdf" => Key deleted successfully.
"C:\Users\Bruce\AppData\Local\Temp\xdweyzdjiepwhd.exe" => File/Directory not found.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
EmptyTemp: => Removed 17.2 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 
3. MBAM log:
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/16/2014
Scan Time: 10:12:48 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.16.03
Rootkit Database: v2014.12.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Bruce
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 319691
Time Elapsed: 8 min, 2 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites
beaucomb

beaucomb

Posted
  • Author
Posted

Thanks, Adam!  Copied below is the ComboFix.txt log.  The TDSSKiller created 2 logs, both of which are attached here.

 

ComboFix 14-12-14.01 - Bruce 12/17/2014  10:26:39.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8097.5394 [GMT -6:00]
Running from: c:\users\Bruce\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bruce\AppData\Local\Temp\_MEI41162\_ctypes.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\_elementtree.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\_hashlib.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\_multiprocessing.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\_socket.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\_ssl.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\hashobjs_ext.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\pyexpat.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\pysqlite2._sqlite.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\python27.dll
c:\users\Bruce\AppData\Local\Temp\_MEI41162\pythoncom27.dll
c:\users\Bruce\AppData\Local\Temp\_MEI41162\PyWinTypes27.dll
c:\users\Bruce\AppData\Local\Temp\_MEI41162\select.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\unicodedata.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\win32api.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\win32com.shell.shell.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\win32crypt.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\win32event.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\win32file.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\win32gui.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\win32inet.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\win32pdh.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\win32pipe.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\win32process.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\win32profile.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\win32security.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\win32ts.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\windows._lib_cacheinvalidation.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\wx._animate.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\wx._controls_.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\wx._core_.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\wx._gdi_.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\wx._html2.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\wx._misc_.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\wx._windows_.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\wx._wizard.pyd
c:\users\Bruce\AppData\Local\Temp\_MEI41162\wxbase294u_net_vc90.dll
c:\users\Bruce\AppData\Local\Temp\_MEI41162\wxbase294u_vc90.dll
c:\users\Bruce\AppData\Local\Temp\_MEI41162\wxmsw294u_adv_vc90.dll
c:\users\Bruce\AppData\Local\Temp\_MEI41162\wxmsw294u_core_vc90.dll
c:\users\Bruce\AppData\Local\Temp\_MEI41162\wxmsw294u_html_vc90.dll
c:\users\Bruce\AppData\Local\Temp\_MEI41162\wxmsw294u_webview_vc90.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-11-17 to 2014-12-17  )))))))))))))))))))))))))))))))
.
.
2014-12-17 16:30 . 2014-12-17 16:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-17 14:59 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04D85995-FB1F-4D15-9117-E9DB68778815}\mpengine.dll
2014-12-16 18:28 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-12-16 02:32 . 2014-12-16 16:04 -------- d-----w- C:\FRST
2014-12-15 23:56 . 2014-12-17 16:31 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-15 23:54 . 2014-11-21 12:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-12-15 23:54 . 2014-11-21 12:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-15 23:54 . 2014-11-21 12:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-12-15 23:54 . 2014-12-15 23:55 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-12-15 23:54 . 2014-12-15 23:54 -------- d-----w- c:\programdata\Malwarebytes
2014-12-15 23:54 . 2014-12-15 23:54 -------- d-----w- c:\users\Bruce\AppData\Local\Programs
2014-12-15 23:26 . 2014-12-15 23:26 -------- d-----w- c:\windows\system32\appmgmt
2014-12-11 09:20 . 2014-12-11 09:20 -------- d-----w- c:\windows\system32\appraiser
2014-12-11 09:00 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2014-12-11 09:00 . 2014-07-07 02:06 206848 ----a-w- c:\windows\system32\mfps.dll
2014-12-11 09:00 . 2014-07-07 02:06 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2014-12-11 09:00 . 2014-07-07 02:06 24576 ----a-w- c:\windows\system32\mfpmp.exe
2014-12-11 09:00 . 2014-07-07 02:02 2048 ----a-w- c:\windows\system32\mferror.dll
2014-12-11 09:00 . 2014-07-07 01:40 103424 ----a-w- c:\windows\SysWow64\mfps.dll
2014-12-11 09:00 . 2014-07-07 01:39 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
2014-12-11 09:00 . 2014-07-07 01:39 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe
2014-12-11 09:00 . 2014-07-07 01:37 2048 ----a-w- c:\windows\SysWow64\mferror.dll
2014-12-11 09:00 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll
2014-12-10 15:18 . 2014-10-11 00:45 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62EF69D9-35FD-4EEB-ADB5-F6BF91815847}\gapaengine.dll
2014-12-10 15:07 . 2014-12-04 02:50 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-10 15:07 . 2014-12-04 02:50 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-10 15:07 . 2014-12-04 02:44 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-10 15:07 . 2014-12-01 23:28 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-12-10 15:07 . 2014-12-04 02:50 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-10 15:07 . 2014-12-04 02:50 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-10 15:07 . 2014-12-04 02:50 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-10 15:07 . 2014-11-11 03:09 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-12-10 15:07 . 2014-11-11 02:44 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-12-10 15:07 . 2014-11-11 01:46 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-12-10 15:04 . 2014-10-30 02:03 165888 ----a-w- c:\windows\system32\charmap.exe
2014-11-24 21:32 . 2014-11-24 21:32 -------- d-----w- c:\program files (x86)\Common Files\Intuit
2014-11-24 20:53 . 2014-12-17 16:05 -------- d-----r- c:\users\Bruce\Google Drive
2014-11-19 14:15 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-19 14:15 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-19 14:15 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-19 14:15 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-11 17:47 . 2014-10-11 04:38 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2014-12-11 17:46 . 2014-10-11 04:38 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-12-11 17:46 . 2014-10-11 04:38 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-12-11 09:01 . 2014-10-14 03:51 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-12-07 06:16 . 2014-10-29 14:34 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2014-12-07 06:16 . 2014-10-30 06:56 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2014-12-07 06:16 . 2014-10-30 06:56 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2014-11-16 21:54 . 2014-10-29 14:34 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2014-11-02 06:00 . 2014-10-11 04:38 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-10-30 11:25 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-25 01:57 . 2014-11-12 15:15 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 15:15 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-20 15:14 . 2014-09-29 16:30 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-20 15:14 . 2014-09-29 16:30 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-18 02:05 . 2014-11-12 15:15 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-12 15:15 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16 . 2014-11-12 15:16 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 15:16 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-12 15:15 3241984 ----a-w- c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-12 15:16 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-12 15:16 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-12 15:16 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-12 15:16 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-12 15:15 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-12 15:16 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-12 15:16 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-12 15:16 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-10-11 00:45 . 2014-11-02 17:10 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-10-10 00:57 . 2014-11-12 15:15 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-10-07 09:06 . 2014-10-11 02:20 590536 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-10-03 02:12 . 2014-11-12 15:15 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-10-03 02:11 . 2014-11-12 15:15 284672 ----a-w- c:\windows\system32\EncDump.dll
2014-10-03 02:11 . 2014-11-12 15:15 680960 ----a-w- c:\windows\system32\audiosrv.dll
2014-10-03 02:11 . 2014-11-12 15:15 440832 ----a-w- c:\windows\system32\AudioEng.dll
2014-10-03 02:11 . 2014-11-12 15:15 296448 ----a-w- c:\windows\system32\AudioSes.dll
2014-10-03 01:44 . 2014-11-12 15:15 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44 . 2014-11-12 15:15 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44 . 2014-11-12 15:15 195584 ----a-w- c:\windows\SysWow64\AudioSes.dll
2014-09-29 18:18 . 2014-09-29 18:18 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2014-09-29 18:18 . 2014-09-29 18:18 778752 ----a-w- c:\windows\system32\mssvp.dll
2014-09-29 18:18 . 2014-09-29 18:18 75264 ----a-w- c:\windows\system32\msscntrs.dll
2014-09-29 18:18 . 2014-09-29 18:18 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2014-09-29 18:18 . 2014-09-29 18:18 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2014-09-29 18:18 . 2014-09-29 18:18 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2014-09-29 18:18 . 2014-09-29 18:18 491520 ----a-w- c:\windows\system32\mssph.dll
2014-09-29 18:18 . 2014-09-29 18:18 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2014-09-29 18:18 . 2014-09-29 18:18 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2014-09-29 18:18 . 2014-09-29 18:18 288256 ----a-w- c:\windows\system32\mssphtb.dll
2014-09-29 18:18 . 2014-09-29 18:18 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2014-09-29 18:18 . 2014-09-29 18:18 2315776 ----a-w- c:\windows\system32\tquery.dll
2014-09-29 18:18 . 2014-09-29 18:18 2223616 ----a-w- c:\windows\system32\mssrch.dll
2014-09-29 18:18 . 2014-09-29 18:18 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2014-09-29 18:18 . 2014-09-29 18:18 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2014-09-29 18:18 . 2014-09-29 18:18 1549312 ----a-w- c:\windows\SysWow64\tquery.dll
2014-09-29 18:18 . 2014-09-29 18:18 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll
2014-09-29 18:18 . 2014-09-29 18:18 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2014-09-29 18:18 . 2014-09-29 18:18 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2014-09-29 18:18 . 2014-09-29 18:18 2048 ----a-w- c:\windows\system32\msxml6r.dll
2014-09-29 18:18 . 2014-09-29 18:18 2002432 ----a-w- c:\windows\system32\msxml6.dll
2014-09-29 18:18 . 2014-09-29 18:18 1389056 ----a-w- c:\windows\SysWow64\msxml6.dll
2014-09-29 18:18 . 2014-09-29 18:18 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2014-09-29 18:18 . 2014-09-29 18:18 692736 ----a-w- c:\windows\system32\osk.exe
2014-09-29 18:18 . 2014-09-29 18:18 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-09-29 18:18 . 2014-09-29 18:18 46080 ----a-w- c:\windows\system32\atmlib.dll
2014-09-29 18:18 . 2014-09-29 18:18 41472 ----a-w- c:\windows\system32\lpk.dll
2014-09-29 18:18 . 2014-09-29 18:18 368128 ----a-w- c:\windows\system32\atmfd.dll
2014-09-29 18:18 . 2014-09-29 18:18 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2014-09-29 18:18 . 2014-09-29 18:18 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2014-09-29 18:18 . 2014-09-29 18:18 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2014-09-29 18:18 . 2014-09-29 18:18 1474048 ----a-w- c:\windows\system32\crypt32.dll
2014-09-29 18:18 . 2014-09-29 18:18 14336 ----a-w- c:\windows\system32\dciman32.dll
2014-09-29 18:18 . 2014-09-29 18:18 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2014-09-29 18:18 . 2014-09-29 18:18 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2014-09-29 18:18 . 2014-09-29 18:18 100864 ----a-w- c:\windows\system32\fontsub.dll
2014-09-29 18:18 . 2014-09-29 18:18 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2014-09-29 18:18 . 2014-09-29 18:18 830464 ----a-w- c:\windows\system32\nshwfp.dll
2014-09-29 18:18 . 2014-09-29 18:18 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2014-09-29 18:18 . 2014-09-29 18:18 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2014-09-29 18:18 . 2014-09-29 18:18 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-09-29 18:18 . 2014-09-29 18:18 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2014-09-29 18:18 . 2014-09-29 18:18 197120 ----a-w- c:\windows\system32\credui.dll
2014-09-29 18:18 . 2014-09-29 18:18 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2014-09-29 18:18 . 2014-09-29 18:18 168960 ----a-w- c:\windows\SysWow64\credui.dll
2014-09-29 18:18 . 2014-09-29 18:18 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2014-09-29 18:18 . 2014-09-29 18:18 722944 ----a-w- c:\windows\system32\objsel.dll
2014-09-29 18:18 . 2014-09-29 18:18 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2014-09-29 18:18 . 2014-09-29 18:18 6656 ----a-w- c:\windows\system32\apisetschema.dll
2014-09-29 18:18 . 2014-09-29 18:18 57344 ----a-w- c:\windows\system32\cngprovider.dll
2014-09-29 18:18 . 2014-09-29 18:18 56832 ----a-w- c:\windows\system32\adprovider.dll
2014-09-29 18:18 . 2014-09-29 18:18 5550016 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-09-29 18:18 . 2014-09-29 18:18 538112 ----a-w- c:\windows\SysWow64\objsel.dll
2014-09-29 18:18 . 2014-09-29 18:18 53760 ----a-w- c:\windows\system32\capiprovider.dll
2014-09-29 18:18 . 2014-09-29 18:18 52736 ----a-w- c:\windows\system32\dpapiprovider.dll
2014-09-29 18:18 . 2014-09-29 18:18 51200 ----a-w- c:\windows\SysWow64\cngprovider.dll
2014-09-29 18:18 . 2014-09-29 18:18 49664 ----a-w- c:\windows\SysWow64\adprovider.dll
2014-09-29 18:18 . 2014-09-29 18:18 48128 ----a-w- c:\windows\SysWow64\capiprovider.dll
2014-09-29 18:18 . 2014-09-29 18:18 47616 ----a-w- c:\windows\SysWow64\dpapiprovider.dll
2014-09-29 18:18 . 2014-09-29 18:18 44544 ----a-w- c:\windows\system32\dimsroam.dll
2014-09-29 18:18 . 2014-09-29 18:18 43520 ----a-w- c:\windows\system32\csrsrv.dll
2014-09-29 18:18 . 2014-09-29 18:18 424960 ----a-w- c:\windows\system32\KernelBase.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-10-11 02:37 222920 ----a-w- c:\users\Bruce\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-10-11 02:37 222920 ----a-w- c:\users\Bruce\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-10-11 02:37 222920 ----a-w- c:\users\Bruce\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-10-14 16:29 1729752 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-10-14 16:29 1729752 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-10-14 16:29 1729752 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet 6600 (NET)"="c:\program files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-10-21 22869088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-02-22 292088]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-06-07 56128]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
.
c:\users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-15 507448]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-15 507448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 WvPCR;WvPCR;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\COMMON~1\mcafee\actwiz\mcawfwk.exe;c:\progra~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDFw7x64.sys [x]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDRw7x64.sys [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [x]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [x]
S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [x]
S2 EmbassyService;EmbassyService;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x]
S2 McOobeSv2;McAfee OOBE Service2;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 PbaDrvSvc_x64;Dell PBA x64 Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [x]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys;c:\windows\SYSNATIVE\Drivers\cvusbdrv.sys [x]
S3 dcdbas;System Management Driver;c:\windows\system32\DRIVERS\dcdbas64.sys;c:\windows\SYSNATIVE\DRIVERS\dcdbas64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjw7x64.sys [x]
S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_ACCEL.sys;c:\windows\SYSNATIVE\DRIVERS\ST_ACCEL.sys [x]
S3 wbfcvusbdrv;WBF Control Vault;c:\windows\system32\Drivers\wbfcvusbdrv.sys;c:\windows\SYSNATIVE\Drivers\wbfcvusbdrv.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-12 14:14 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-17 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-2824077954-1205789865-475378249-1000.job
- c:\users\Bruce\AppData\Local\Citrix\GoToMeeting\2033\g2mupdate.exe [2014-12-03 19:13]
.
2014-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20 15:15]
.
2014-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20 15:15]
.
2014-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cfec798f61a5d8.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20 15:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-10-11 02:37 261832 ----a-w- c:\users\Bruce\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-10-11 02:37 261832 ----a-w- c:\users\Bruce\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-10-11 02:37 261832 ----a-w- c:\users\Bruce\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-10-14 18:27 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-10-14 18:27 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-10-14 18:27 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2013-03-05 19:32 136024 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2013-03-05 19:32 136024 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2013-02-21 698712]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-02-05 1702912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-09 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-09 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-09 440600]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2012-01-18 7469568]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2013-03-05 371024]
"DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2012-08-15 7077432]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\o2flash.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-12-17  10:34:54 - machine was rebooted
ComboFix-quarantined-files.txt  2014-12-17 16:34
.
Pre-Run: 431,840,055,296 bytes free
Post-Run: 431,292,923,904 bytes free
.
- - End Of File - - D032B7F9226EC66D0F11E6260249A130
 

TDSSKiller.3.0.0.42_17.12.2014_10.42.28_log.txt

TDSSKiller.3.0.0.42_17.12.2014_10.45.07_log.txt

Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Hi Caity,

Please consider the following suggestion, and proceed with the instructions below. 
 

goGMWSt.gifMultiple Anti-Virus Software Installed
 
------------------------------
 
It is inadvisable to have more than one Anti-Virus installed on your computer at the same time. Doing so may:

  • Cause conflicts, negatively impacting the effectiveness of each Anti-Virus installed. 
  • Trigger false-positives.
  • Trigger false-negatives, where neither programme detects malware. 
  • Cause system instability/performance issues. Your system may lock up or slow down due to both software attempting to access the same file at the same time. 
Please remove all but one Anti-Virus from your computer.
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time.
  • Type appwiz.cpl and click OK.
  • Search for and uninstall all but one of the programmes listed below by right-clicking and clicking Uninstall.
    • McAfee Anti-Virus
    • Microsoft Security Essentials
  • ​Follow the prompts, and reboot your computer once uninstalled. 

 
STEP 1
b8zkrsY.png Browser Reset
 
Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

Proceed with the reset once done.

STEP 2
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for anything removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 
 
STEP 3
mlEX1wH.png RogueKiller

  • Please download RogueKiller (x64) and save the file to your Desktop.
  • Close any running programmes.
  • Right-Click RogueKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Allow the Prescan to complete. Upon completion, a window will open. Click Accept.
  • A browser window may open. Close the browser window.
  • Click Scan. Upon completion, click Report.
  • Close the programme. Do not fix anything!
  • A log (RKreport.txt) will be open. Copy the contents of the log and paste in your next reply.
     

STEP 4
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click Finish.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Which Anti-Virus did you uninstall? 
  • Did your browsers reset OK?
  • AdwCleaner[s0].txt
  • RKreport.txt
  • ESET Online Scan log
Link to post
Share on other sites
beaucomb

beaucomb

Posted
  • Author
Posted

Thanks again, Adam!

 

1. I uninstalled McAfee Anti-Virus

2. I reset Google Chrome and Internet Explorer.

3. AdwCleaner[sO].txt:

 

# AdwCleaner v4.105 - Report created 17/12/2014 at 11:55:44
# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Bruce - BRUCE-PC
# Running from : C:\Users\Bruce\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [857 octets] - [17/12/2014 11:54:06]
AdwCleaner[s0].txt - [777 octets] - [17/12/2014 11:55:44]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [836 octets] ##########
 
 
 
4. RKreport_SCN_12172014_120350.log
 
RogueKiller V10.1.0.0 (x64) [Dec 11 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Bruce [Administrator]
Mode : Scan -- Date : 12/17/2014  12:03:50
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 12 ¤¤¤
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2824077954-1205789865-475378249-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2824077954-1205789865-475378249-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2824077954-1205789865-475378249-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2824077954-1205789865-475378249-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ACF050 +++++
--- User ---
[MBR] 6c336b36d1e0ef4a050b7b54bdc793d6
[bSP] d2bb226f61196bf6567dd6daa278eb71 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 750 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1617920 | Size: 476149 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
5.  ESET Online Scan Log:
 
C:\FRST\Quarantine\C\Users\Bruce\AppData\Local\Temp\update.exe.xBAD Win64/Fleercivet.AA trojan
 

 

Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Hello Caity, 
 
How is your computer performing? Are there any outstanding issues? 
 
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
Link to post
Share on other sites
beaucomb

beaucomb

Posted
  • Author
Posted

Hi Adam,

Sorry for the delay - I missed your last response!  To my knowledge, the computer has been performing very well over the past few days. When I return to work tomorrow I will perform the last FRST scan and post the logs for your review.

I cannot thank you enough for all of your assistance!

Link to post
Share on other sites
beaucomb

beaucomb

Posted
  • Author
Posted

Hi again, Adam.  Below are pasted the two FRST logs.  Let me know if you have any further recommendations, otherwise I think we are good to go.  Thank you for everything!

 

 

1. FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-12-2014 01
Ran by Bruce (administrator) on BRUCE-PC on 22-12-2014 11:43:22
Running from C:\Users\Bruce\Desktop
Loaded Profile: Bruce (Available profiles: Bruce)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-02-05] (IDT, Inc.)
HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [7469568 2012-01-18] (Dell Inc.)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [371024 2013-03-05] (Wave Systems Corp.)
HKLM\...\Run: [DFEPApplication] => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-15] (Dell Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2824077954-1205789865-475378249-1000\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2824077954-1205789865-475378249-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-2824077954-1205789865-475378249-1000\...\RunOnce: [Adobe Speed Launcher] => 1418839056
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [uninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2824077954-1205789865-475378249-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2824077954-1205789865-475378249-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2824077954-1205789865-475378249-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2824077954-1205789865-475378249-1000 -> {E26E4C2D-80B9-49B9-9E08-AAC702DE94CC} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2824077954-1205789865-475378249-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Bruce\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-20]
CHR Extension: (Google Drive) - C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-20]
CHR Extension: (YouTube) - C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-20]
CHR Extension: (Google Search) - C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-20]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-16]
CHR Extension: (Google Wallet) - C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-20]
CHR Extension: (Gmail) - C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-20]
CHR HKU\S-1-5-21-2824077954-1205789865-475378249-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-15] (Dell Inc.)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [231792 2013-03-11] ()
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [21504 2013-01-21] (Dell, Inc.) [File not signed]
S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] () [File not signed]
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1773056 2013-02-26] (Wave Systems Corp.) [File not signed]
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6157312 2012-01-18] (Dell Inc.) [File not signed]
S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254824 2013-03-08] (Wave Systems Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics)
S3 wbfcvusbdrv; C:\Windows\System32\Drivers\wbfcvusbdrv.sys [17120 2013-03-07] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-22 11:42 - 2014-12-22 11:42 - 00000000 ____D () C:\Users\Bruce\Desktop\FRST-OlderVersion
2014-12-18 19:23 - 2014-12-18 19:23 - 00034710 _____ () C:\Users\Bruce\Documents\J. MORRISON - FRANKS - LVP ONLY - CARRY OVER FROM 2014 - 10-14.xlsx
2014-12-18 19:12 - 2014-12-18 20:45 - 00034746 _____ () C:\Users\Bruce\Documents\J. MORRISON - FRANKS - LAM ONLY INV AMENDED FOR 12-2014.xlsx
2014-12-18 08:15 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 08:15 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 20:43 - 2014-12-17 20:45 - 00057423 _____ () C:\Users\Bruce\Documents\J  MORRISON - GADDAM - UPPER LEVEL CPT - MBR & HALL&STRS - 12-14.xlsx
2014-12-17 20:31 - 2014-12-17 20:31 - 00057433 _____ () C:\Users\Bruce\Documents\J  MORRISON - GADDAM - MAIN LEVEL CPT - FR & OFF - 12-14.xlsx
2014-12-17 20:04 - 2014-12-17 20:10 - 00057263 _____ () C:\Users\Bruce\Documents\J  MORRISON - GADDAM - MAIN LEVEL HW NEW  EXIST - 12-14.xlsx
2014-12-17 19:32 - 2014-12-17 19:32 - 00335360 _____ () C:\Users\Bruce\Documents\CCA GLOBAL - FOD  Small Group Census Request Part 2.xls
2014-12-17 13:10 - 2014-12-17 13:10 - 00000096 _____ () C:\Users\Bruce\Desktop\MyEsetScan.txt
2014-12-17 12:16 - 2014-12-17 12:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-17 12:11 - 2014-12-17 12:11 - 02347384 _____ (ESET) C:\Users\Bruce\Desktop\esetsmartinstaller_enu.exe
2014-12-17 12:00 - 2014-12-17 12:00 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-17 12:00 - 2014-12-17 12:00 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-17 11:59 - 2014-12-17 11:59 - 18315864 _____ () C:\Users\Bruce\Desktop\RogueKillerX64.exe
2014-12-17 11:54 - 2014-12-17 11:55 - 00000000 ____D () C:\AdwCleaner
2014-12-17 11:53 - 2014-12-17 11:53 - 02166272 _____ () C:\Users\Bruce\Desktop\AdwCleaner.exe
2014-12-17 10:41 - 2014-12-17 10:42 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Bruce\Desktop\tdsskiller.exe
2014-12-17 10:34 - 2014-12-17 10:34 - 00043115 _____ () C:\ComboFix.txt
2014-12-17 10:25 - 2014-12-17 10:34 - 00000000 ____D () C:\Qoobox
2014-12-17 10:25 - 2014-12-17 10:33 - 00000000 ____D () C:\Windows\erdnt
2014-12-17 10:25 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-17 10:25 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-17 10:25 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-17 10:25 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-17 10:25 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-17 10:25 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-17 10:25 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-17 10:25 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-16 11:21 - 2014-12-16 11:21 - 00368256 _____ (RegNow.com) C:\Users\Bruce\Downloads\Download_MaxSDRDM.exe
2014-12-15 20:32 - 2014-12-22 11:43 - 00018162 _____ () C:\Users\Bruce\Desktop\FRST.txt
2014-12-15 20:32 - 2014-12-22 11:43 - 00000000 ____D () C:\FRST
2014-12-15 20:32 - 2014-12-15 20:33 - 00033234 _____ () C:\Users\Bruce\Desktop\Addition.txt
2014-12-15 20:31 - 2014-12-22 11:42 - 02122240 _____ (Farbar) C:\Users\Bruce\Desktop\FRST64.exe
2014-12-15 17:56 - 2014-12-22 11:02 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-15 17:55 - 2014-12-15 17:55 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-15 17:55 - 2014-12-15 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-15 17:54 - 2014-12-15 17:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-15 17:54 - 2014-12-15 17:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-15 17:54 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-15 17:54 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-15 17:54 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-15 17:53 - 2014-12-15 17:54 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Bruce\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-15 17:26 - 2014-12-15 17:26 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-12-15 13:41 - 2014-12-18 15:08 - 00000339 _____ () C:\Users\Bruce\AppData\Roaming\ProdASC.Asc
2014-12-15 13:31 - 2014-12-15 13:31 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\pw1v51q0u3vi.xml
2014-12-15 13:30 - 2014-12-15 13:30 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\rzls5cbnuwyl.xml
2014-12-14 16:06 - 2014-12-14 16:06 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\3rrjxmuyuhjq.xml
2014-12-14 16:01 - 2014-12-14 16:01 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\oajv3ge2u30o.xml
2014-12-14 15:41 - 2014-12-14 15:41 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\d5upmq1lu3my.xml
2014-12-13 19:21 - 2014-12-13 19:21 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\nkhskxvsusig.xml
2014-12-13 18:31 - 2014-12-13 18:31 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\bqu0rqu5ufgh.xml
2014-12-13 17:51 - 2014-12-13 17:51 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\bpe4nxekuv1j.xml
2014-12-13 16:36 - 2014-12-13 16:36 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\zzdu1ycyulf0.xml
2014-12-13 16:33 - 2014-12-13 16:33 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\y1200142uw3b.xml
2014-12-13 16:33 - 2014-12-13 16:33 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\x4j0rlgkugaj.xml
2014-12-13 16:26 - 2014-12-13 16:26 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\sbe1p2gmuqbz.xml
2014-12-13 16:16 - 2014-12-13 16:16 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\mp5zsoj3uupp.xml
2014-12-13 03:02 - 2014-12-13 03:02 - 00283456 _____ () C:\Windows\Minidump\121314-32339-01.dmp
2014-12-11 03:20 - 2014-12-11 03:20 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 03:00 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 03:00 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 03:00 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-11 03:00 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-11 03:00 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-11 03:00 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-11 03:00 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-11 03:00 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-11 03:00 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-11 03:00 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-10 09:07 - 2014-12-03 20:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 09:07 - 2014-12-03 20:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 09:07 - 2014-12-03 20:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 09:07 - 2014-12-03 20:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 09:07 - 2014-12-03 20:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 09:07 - 2014-12-03 20:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 09:07 - 2014-12-03 20:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 09:07 - 2014-12-01 17:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 09:07 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 09:07 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 09:07 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 09:06 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 09:06 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 09:06 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 09:06 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 09:06 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 09:06 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 09:06 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 09:06 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 09:06 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 09:06 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 09:06 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 09:06 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 09:06 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 09:06 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 09:06 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 09:06 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 09:06 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 09:06 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 09:06 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 09:06 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 09:06 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 09:06 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 09:06 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 09:06 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 09:06 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 09:06 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 09:06 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 09:06 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 09:06 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 09:06 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 09:06 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 09:06 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 09:06 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 09:06 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 09:06 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 09:06 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 09:06 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 09:06 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 09:06 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 09:06 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 09:06 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 09:06 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 09:06 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 09:06 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 09:06 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 09:06 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 09:06 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 09:06 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 09:06 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 09:06 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 09:06 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 09:06 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 09:06 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 09:06 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 09:04 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 09:04 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 09:04 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 09:04 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 09:04 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 09:04 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 09:04 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 09:04 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 09:04 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 09:04 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 09:04 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 09:04 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 09:04 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 09:04 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 21:16 - 2014-12-09 21:35 - 00181488 _____ () C:\Users\Bruce\Documents\DENO - MAIN AREA - W SOME CPT & SOME HW 12-14.msr
2014-12-09 14:17 - 2014-12-09 15:06 - 00192120 _____ () C:\Users\Bruce\Documents\SCOTT - UPPER LEVL CPT PROJ - DRAW 12-14.msr
2014-12-08 22:38 - 2014-12-08 22:38 - 00008952 _____ () C:\Users\Bruce\Downloads\accent wall cork %232.jpeg
2014-12-08 22:38 - 2014-12-08 22:38 - 00008952 _____ () C:\Users\Bruce\Downloads\accent wall cork %232 (1).jpeg
2014-12-08 22:38 - 2014-12-08 22:38 - 00008567 _____ () C:\Users\Bruce\Downloads\accent wall ledger stone.jpeg
2014-12-08 22:38 - 2014-12-08 22:38 - 00008166 _____ () C:\Users\Bruce\Downloads\accent wall in wood bath.jpeg
2014-12-07 17:20 - 2014-12-13 03:02 - 759072059 _____ () C:\Windows\MEMORY.DMP
2014-12-07 17:20 - 2014-12-13 03:02 - 00000000 ____D () C:\Windows\Minidump
2014-12-07 17:20 - 2014-12-07 17:20 - 00721560 _____ () C:\Windows\Minidump\120714-15272-01.dmp
2014-12-03 12:23 - 2014-12-03 12:23 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\vpuz0mblumft.xml
2014-12-03 12:20 - 2014-12-03 12:20 - 00000079 _____ () C:\Users\Bruce\AppData\Roaming\lhbjtl1ju4cn.xml
2014-12-03 12:13 - 2014-12-03 12:13 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\15m4t4zyugz2.xml
2014-12-03 12:00 - 2014-12-03 12:00 - 00000079 _____ () C:\Users\Bruce\AppData\Roaming\seysxkpsug1a.xml
2014-12-03 11:57 - 2014-12-03 11:57 - 00000079 _____ () C:\Users\Bruce\AppData\Roaming\w2pb353ku5iv.xml
2014-12-03 11:56 - 2014-12-03 11:56 - 00000079 _____ () C:\Users\Bruce\AppData\Roaming\z0blwszjugpi.xml
2014-12-01 12:21 - 2014-12-01 12:23 - 00045101 _____ () C:\Users\Bruce\Documents\REBEHN  CPT RESTRETCH - 09-14.xlsx
2014-11-30 16:26 - 2014-11-30 16:26 - 00089540 _____ () C:\Users\Bruce\Downloads\CONFIRMATION_PAGE_combo (4).js
2014-11-30 16:24 - 2014-11-30 16:24 - 00089540 _____ () C:\Users\Bruce\Downloads\CONFIRMATION_PAGE_combo (2).js
2014-11-30 16:18 - 2014-11-30 16:18 - 00089540 _____ () C:\Users\Bruce\Downloads\CONFIRMATION_PAGE_combo (6).js
2014-11-30 16:17 - 2014-11-30 16:17 - 00089540 _____ () C:\Users\Bruce\Downloads\CONFIRMATION_PAGE_combo (5).js
2014-11-30 16:16 - 2014-11-30 16:16 - 00089540 _____ () C:\Users\Bruce\Downloads\CONFIRMATION_PAGE_combo (3).js
2014-11-30 16:15 - 2014-11-30 16:15 - 03179174 _____ () C:\Users\Bruce\Downloads\VID-20140526-WA0001.mp4
2014-11-30 16:14 - 2014-11-30 16:14 - 00089540 _____ () C:\Users\Bruce\Downloads\CONFIRMATION_PAGE_combo.js
2014-11-30 16:14 - 2014-11-30 16:14 - 00089540 _____ () C:\Users\Bruce\Downloads\CONFIRMATION_PAGE_combo (1).js
2014-11-24 15:32 - 2014-11-24 15:32 - 00001939 _____ () C:\Users\Public\Desktop\Measure.lnk
2014-11-24 15:32 - 2014-11-24 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Measure
2014-11-24 14:53 - 2014-12-22 10:25 - 00000000 ___RD () C:\Users\Bruce\Google Drive
2014-11-24 14:52 - 2014-11-24 14:53 - 00001645 _____ () C:\Users\Bruce\Desktop\Google Drive.lnk
2014-11-24 14:48 - 2014-11-24 14:48 - 00880784 _____ (Google Inc.) C:\Users\Bruce\Downloads\googledrivesync.exe
2014-11-24 14:48 - 2014-11-24 14:48 - 00002044 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-11-24 14:48 - 2014-11-24 14:48 - 00002042 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-11-24 14:48 - 2014-11-24 14:48 - 00002032 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-11-24 14:48 - 2014-11-24 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-11-23 23:23 - 2014-12-22 11:41 - 00005014 _____ () C:\Windows\System32\Tasks\WSCEAA
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-22 11:41 - 2014-10-20 09:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-22 11:41 - 2014-09-29 10:30 - 02010447 _____ () C:\Windows\WindowsUpdate.log
2014-12-22 11:08 - 2014-10-20 09:21 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfec798f61a5d8.job
2014-12-22 10:50 - 2014-10-13 07:02 - 00000562 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2824077954-1205789865-475378249-1000.job
2014-12-22 10:40 - 2009-07-13 22:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-22 10:40 - 2009-07-13 22:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-20 15:49 - 2014-10-11 08:58 - 00000000 ____D () C:\Users\Bruce\Documents\Outlook Files
2014-12-20 15:49 - 2014-10-10 20:50 - 00000000 ____D () C:\Users\Bruce\Documents\Outlook PST
2014-12-20 13:08 - 2014-10-20 09:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-20 13:06 - 2014-10-13 07:02 - 00003588 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2824077954-1205789865-475378249-1000
2014-12-19 19:36 - 2014-10-10 21:40 - 00007169 _____ () C:\Users\Bruce\AppData\Roaming\WindowPositions_RF_C6.INI
2014-12-18 19:07 - 2014-10-20 18:51 - 00034986 _____ () C:\Users\Bruce\Documents\J. MORRISON - FRANKS - CPT AREAS  - 10-14.xlsx
2014-12-18 15:08 - 2014-11-21 02:18 - 00000517 _____ () C:\Users\Bruce\AppData\Roaming\Customer.Asc
2014-12-17 12:01 - 2009-07-13 23:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-17 11:56 - 2010-11-20 21:47 - 00181934 _____ () C:\Windows\PFRO.log
2014-12-17 11:56 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-17 11:56 - 2009-07-13 22:51 - 00044916 _____ () C:\Windows\setupact.log
2014-12-17 11:49 - 2014-09-29 10:51 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-17 10:34 - 2009-07-13 21:20 - 00000000 __RHD () C:\Users\Default
2014-12-17 10:32 - 2009-07-13 20:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-17 10:30 - 2009-07-13 20:34 - 79953920 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-12-17 10:30 - 2009-07-13 20:34 - 20447232 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-12-17 10:30 - 2009-07-13 20:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-12-17 10:30 - 2009-07-13 20:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-12-17 10:30 - 2009-07-13 20:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-12-15 15:36 - 2014-10-10 19:14 - 00027861 _____ () C:\Users\Bruce\Documents\FLANAGAN - MULLICAN HICK - MUIRFIELD PROJ - 10-14.xlsx
2014-12-15 11:21 - 2014-10-10 21:40 - 00001784 _____ () C:\Users\Bruce\Desktop\RFMS.lnk
2014-12-13 22:08 - 2014-10-10 21:41 - 00000000 ____D () C:\Users\Bruce\AppData\Roaming\%%d1mp8q22%RFMS
2014-12-13 03:49 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-12-12 08:20 - 2014-10-20 09:15 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 03:20 - 2014-10-12 11:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 03:20 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 03:20 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 03:04 - 2014-10-13 21:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 03:01 - 2014-10-13 21:51 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 22:12 - 2014-10-13 18:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-09 18:01 - 2014-10-10 19:13 - 00034837 _____ () C:\Users\Bruce\Documents\PRINCETON LIQUORS - LVT DISCOUNTED - 08-14.xlsx
2014-12-02 21:25 - 2014-11-06 15:56 - 00000000 ____D () C:\Users\Bruce\Documents\MEASURE PROJECTS
2014-11-24 14:53 - 2014-10-10 18:37 - 00000000 ____D () C:\Users\Bruce
2014-11-24 14:48 - 2014-10-20 09:15 - 00000000 ____D () C:\Users\Bruce\AppData\Local\Google
2014-11-24 14:48 - 2014-10-20 09:14 - 00000000 ____D () C:\Program Files (x86)\Google
 
Some content of TEMP:
====================
C:\Users\Bruce\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Bruce\AppData\Local\Temp\Quarantine.exe
C:\Users\Bruce\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-15 21:31
 
==================== End Of Log ============================
 
 
2. Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-12-2014 01
Ran by Bruce at 2014-12-22 11:43:52
Running from C:\Users\Bruce\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Citrix Online Launcher (HKLM-x32\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)
Custom (Version: 01.00.00.002 - Wave Systems Corp.) Hidden
Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.)
Dell ControlVault Host Components Installer 64 bit (Version: 2.3.309.1625 - Broadcom Corporation) Hidden
Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.3.00003.072 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Feature Enhancement Pack (HKLM\...\{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}) (Version: 2.2.1 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)
DellAccess (Version: 01.03.00.078 - Wave Systems Corp.) Hidden
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.100.82.124 - Dell Inc.)
EMBASSY Client Core (Version: 01.03.00.123 - Wave Systems Corp.) Hidden
ERAS Connector (Version: 02.09.05.0335 - Wave Systems Corp) Hidden
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
GemPcCCID (Version: 2.0.1 - Gemalto) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 7.0.5.2130 (HKU\S-1-5-21-2824077954-1205789865-475378249-1000\...\GoToMeeting) (Version: 7.0.5.2130 - CitrixOnline)
HP Officejet 6600 Basic Device Software (HKLM\...\{B407F586-D027-45C3-9109-CC2943E839FA}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6600 Help (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6600 Product Improvement Study (HKLM\...\{9DD732B9-9B16-4F28-8E21-4AB5E40AF7DE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Network Connections 16.8.45.00 (HKLM\...\PROSetDX) (Version: 16.8.45.00 - Dell)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2639 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Measure (HKLM-x32\...\{2F4F417C-4A49-4AFF-A759-F759BFC52191}) (Version: 11.0.2502 - RFMS)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2824077954-1205789865-475378249-1000\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
PBA Driver-x64 (Version: 1.0.1.8 - Dell Inc.) Hidden
Preboot Manager (Version: 03.05.00.043 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.03.00.032 - Wave Systems Corp.) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SI TSS (Version: 2.1.41 - Security Innovation) Hidden
SPBA (WBF) 5.9 (Version: 5.9.7.7232 - Authentec Inc.) Hidden
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0036 - ST Microelectronics)
toolkit32for64bit (x32 Version: 7.70.13.0001 - Wave Systems Corp) Hidden
Trusted Drive Manager (Version: 5.0.2.24 - Wave Systems Corp.) Hidden
Wave Crypto Runtime 2.0.9.0 x64 (Version: 02.00.09.0000 - Wave Systems Corp) Hidden
Wave Crypto Runtime 2.0.9.0 x86 (x32 Version: 02.00.09.0000 - Wave Systems Corp) Hidden
Wave Infrastructure Installer (Version: 07.70.13.0001 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.15.00.024 - Wave Systems Corp) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2824077954-1205789865-475378249-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Bruce\AppData\Local\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2824077954-1205789865-475378249-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Bruce\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2824077954-1205789865-475378249-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Bruce\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2824077954-1205789865-475378249-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Bruce\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2824077954-1205789865-475378249-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Bruce\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2824077954-1205789865-475378249-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Bruce\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
16-12-2014 12:27:57 Windows Update
19-12-2014 03:00:49 Windows Update
22-12-2014 10:36:02 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2014-12-17 10:31 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0283D675-A909-4AF6-A525-9EF0E6F06778} - System32\Tasks\HPCustParticipation HP Officejet 6600 => C:\Program Files\HP\HP Officejet 6600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {0C643862-B915-41C7-AF33-71B74D2E9704} - System32\Tasks\GoogleUpdateTaskMachineUA1cfec798f61a5d8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {6EFFB1B2-D91B-450B-86C4-68B60C4D476D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {855EC0FE-8BC1-48EA-865C-FA5E6A1CDF5A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {90021312-B630-498F-886A-D09115673ED0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-10-22] (Microsoft Corporation)
Task: {A0256E65-FB98-4598-B0E6-9F1E16D220A0} - System32\Tasks\WSCEAA => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\WSCEAA.exe [2012-11-28] (Wave Systems Corp.)
Task: {A80D771F-3B49-4B38-BBA2-55AE156284A4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {DCCCD4F9-4868-4305-AC1B-5D1F73547A8A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {F1624DE0-E55E-4FBE-B7CC-7C9954C80746} - System32\Tasks\G2MUpdateTask-S-1-5-21-2824077954-1205789865-475378249-1000 => C:\Users\Bruce\AppData\Local\Citrix\GoToMeeting\2130\g2mupdate.exe [2014-12-20] (Citrix Online, a division of Citrix Systems, Inc.)
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2824077954-1205789865-475378249-1000.job => C:\Users\Bruce\AppData\Local\Citrix\GoToMeeting\2130\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfec798f61a5d8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-10-10 20:04 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-03-11 09:05 - 2013-03-11 09:05 - 00231792 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
2013-03-11 09:04 - 2013-03-11 09:04 - 00039280 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\DeviceStatus.dll
2012-05-11 08:47 - 2012-05-11 08:47 - 00003072 _____ () C:\Program Files (x86)\Security Innovation\SI TSS\bin\TspPopup_ENU.dll
2014-10-10 20:21 - 2014-09-23 07:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-09-29 12:07 - 2012-02-01 15:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-12-17 11:57 - 2014-12-17 11:57 - 00098816 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\win32api.pyd
2014-12-17 11:57 - 2014-12-17 11:57 - 00110080 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\pywintypes27.dll
2014-12-17 11:57 - 2014-12-17 11:57 - 00364544 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\pythoncom27.dll
2014-12-17 11:57 - 2014-12-17 11:57 - 00045568 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\_socket.pyd
2014-12-17 11:57 - 2014-12-17 11:57 - 01160704 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\_ssl.pyd
2014-12-17 11:57 - 2014-12-17 11:57 - 00320512 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\win32com.shell.shell.pyd
2014-12-17 11:57 - 2014-12-17 11:57 - 00713216 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\_hashlib.pyd
2014-12-17 11:57 - 2014-12-17 11:57 - 01175040 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\wx._core_.pyd
2014-12-17 11:57 - 2014-12-17 11:57 - 00805888 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\wx._gdi_.pyd
2014-12-17 11:57 - 2014-12-17 11:57 - 00811008 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\wx._windows_.pyd
2014-12-17 11:57 - 2014-12-17 11:57 - 01062400 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\wx._controls_.pyd
2014-12-17 11:57 - 2014-12-17 11:57 - 00735232 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\wx._misc_.pyd
2014-12-17 11:57 - 2014-12-17 11:57 - 00128512 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\_elementtree.pyd
2014-12-17 11:57 - 2014-12-17 11:57 - 00127488 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\pyexpat.pyd
2014-12-17 11:57 - 2014-12-17 11:57 - 00557056 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\pysqlite2._sqlite.pyd
2014-12-17 11:57 - 2014-12-17 11:57 - 00087552 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\_ctypes.pyd
2014-12-17 11:57 - 2014-12-17 11:57 - 00119808 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\win32file.pyd
2014-12-17 11:57 - 2014-12-17 11:57 - 00108544 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\win32security.pyd
2014-12-17 11:57 - 2014-12-17 11:57 - 00007168 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\hashobjs_ext.pyd
2014-12-17 11:57 - 2014-12-17 11:57 - 00167936 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\win32gui.pyd
2014-12-17 11:57 - 2014-12-17 11:57 - 00018432 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\win32event.pyd
2014-12-17 11:57 - 2014-12-17 11:57 - 00038912 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\win32inet.pyd
2014-12-17 11:57 - 2014-12-17 11:57 - 00011264 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\win32crypt.pyd
2014-12-17 11:57 - 2014-12-17 11:57 - 00070656 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\wx._html2.pyd
2014-12-17 11:57 - 2014-12-17 11:57 - 00027136 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\_multiprocessing.pyd
2014-12-17 11:57 - 2014-12-17 11:57 - 00035840 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\win32process.pyd
2014-12-17 11:57 - 2014-12-17 11:57 - 00686080 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\unicodedata.pyd
2014-12-17 11:57 - 2014-12-17 11:57 - 00122368 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\wx._wizard.pyd
2014-12-17 11:57 - 2014-12-17 11:57 - 00024064 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\win32pipe.pyd
2014-12-17 11:57 - 2014-12-17 11:57 - 00025600 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\win32pdh.pyd
2014-12-17 11:57 - 2014-12-17 11:57 - 00525640 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\windows._lib_cacheinvalidation.pyd
2014-12-17 11:57 - 2014-12-17 11:57 - 00010240 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\select.pyd
2014-12-17 11:57 - 2014-12-17 11:57 - 00017408 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\win32profile.pyd
2014-12-17 11:57 - 2014-12-17 11:57 - 00022528 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\win32ts.pyd
2014-12-17 11:57 - 2014-12-17 11:57 - 00078336 _____ () C:\Users\Bruce\AppData\Local\Temp\_MEI31442\wx._animate.pyd
2014-10-10 20:21 - 2014-09-23 05:43 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-10-17 02:34 - 2014-10-17 02:34 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\2dace9622c68c6ce58d55a6950eeaa95\IsdiInterop.ni.dll
2014-09-29 10:39 - 2012-05-30 12:55 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-09-29 10:34 - 2013-11-13 15:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-12-12 08:19 - 2014-12-05 19:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 08:19 - 2014-12-05 19:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 08:19 - 2014-12-05 19:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 08:19 - 2014-12-05 19:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\54286184.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\54286184.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2824077954-1205789865-475378249-500 - Administrator - Disabled)
Bruce (S-1-5-21-2824077954-1205789865-475378249-1000 - Administrator - Enabled) => C:\Users\Bruce
Guest (S-1-5-21-2824077954-1205789865-475378249-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Broadcom Usbccid Smartcard Reader (WUDF)
Description: Broadcom Usbccid Smartcard Reader (WUDF)
Class Guid: {50dd5230-ba8a-11d1-bf5d-0000f805f530}
Manufacturer: Broadcom
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
Name: Control Vault w/ Fingerprint Swipe Sensor
Description: Control Vault w/ Fingerprint Swipe Sensor
Class Guid: {53d29ef7-377c-4d14-864b-eb3a85769359}
Manufacturer: Broadcom Corporation
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/17/2014 00:16:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (12/17/2014 00:16:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (12/17/2014 00:16:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (12/17/2014 00:12:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (12/17/2014 00:12:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (12/17/2014 11:57:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/17/2014 11:50:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/17/2014 11:50:13 AM) (Source: DellFeatureEnhancementPack) (EventID: 0) (User: )
Description: Unable to initialize the DellSmartSettingsSys.dll. Error number = 0xa0000008
 
Error: (12/17/2014 11:46:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program BCOE.EXE version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1234
 
Start Time: 01d01a2109b1b228
 
Termination Time: 0
 
Application Path: \\d1mp8q22\RFMS\BCOE.EXE
 
Report Id: 9651f4f8-8614-11e4-9fa8-f01faf6d6df5
 
Error: (12/17/2014 10:50:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (12/20/2014 09:43:08 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}
 
Error: (12/17/2014 00:01:02 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: The handle is invalid.Broadcom Corp Contacted SmartCard 0GET_STATEXX XX XX XX
 
Error: (12/17/2014 11:58:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (12/17/2014 11:56:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WvPCR service depends on the TPM Base Services service which failed to start because of the following error: 
%%0
 
Error: (12/17/2014 11:56:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The SI TSS v1.2.1.41 TCS service depends on the TPM Base Services service which failed to start because of the following error: 
%%0
 
Error: (12/17/2014 11:50:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (12/17/2014 11:49:33 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WvPCR service depends on the TPM Base Services service which failed to start because of the following error: 
%%0
 
Error: (12/17/2014 11:49:33 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The SI TSS v1.2.1.41 TCS service depends on the TPM Base Services service which failed to start because of the following error: 
%%0
 
Error: (12/17/2014 11:46:07 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}
 
Error: (12/17/2014 10:51:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (12/17/2014 00:16:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Bruce\Desktop\esetsmartinstaller_enu.exe
 
Error: (12/17/2014 00:16:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Bruce\Desktop\esetsmartinstaller_enu.exe
 
Error: (12/17/2014 00:16:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Bruce\Desktop\esetsmartinstaller_enu.exe
 
Error: (12/17/2014 00:12:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Bruce\Desktop\esetsmartinstaller_enu.exe
 
Error: (12/17/2014 00:12:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Bruce\Downloads\esetsmartinstaller_enu.exe
 
Error: (12/17/2014 11:57:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/17/2014 11:50:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/17/2014 11:50:13 AM) (Source: DellFeatureEnhancementPack) (EventID: 0) (User: )
Description: Unable to initialize the DellSmartSettingsSys.dll. Error number = 0xa0000008
 
Error: (12/17/2014 11:46:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: BCOE.EXE0.0.0.0123401d01a2109b1b2280\\d1mp8q22\RFMS\BCOE.EXE9651f4f8-8614-11e4-9fa8-f01faf6d6df5
 
Error: (12/17/2014 10:50:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-17 10:29:55.799
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-17 10:29:55.768
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i5-3340M CPU @ 2.70GHz
Percentage of memory in use: 32%
Total physical RAM: 8097.22 MB
Available physical RAM: 5460.26 MB
Total Pagefile: 16192.63 MB
Available Pagefile: 13089.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:464.99 GB) (Free:406.13 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 430C7AE3)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=465 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Hi Caity, 
 
Lets remove those files you didn't recognise earlier, and update your vulnerable software.
We should be just about done afterwards. 
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    startHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-2824077954-1205789865-475378249-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION2014-12-15 13:41 - 2014-12-18 15:08 - 00000339 _____ () C:\Users\Bruce\AppData\Roaming\ProdASC.Asc2014-12-15 13:31 - 2014-12-15 13:31 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\pw1v51q0u3vi.xml2014-12-15 13:30 - 2014-12-15 13:30 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\rzls5cbnuwyl.xml2014-12-14 16:06 - 2014-12-14 16:06 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\3rrjxmuyuhjq.xml2014-12-14 16:01 - 2014-12-14 16:01 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\oajv3ge2u30o.xml2014-12-14 15:41 - 2014-12-14 15:41 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\d5upmq1lu3my.xml2014-12-13 19:21 - 2014-12-13 19:21 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\nkhskxvsusig.xml2014-12-13 18:31 - 2014-12-13 18:31 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\bqu0rqu5ufgh.xml2014-12-13 17:51 - 2014-12-13 17:51 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\bpe4nxekuv1j.xml2014-12-13 16:36 - 2014-12-13 16:36 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\zzdu1ycyulf0.xml2014-12-13 16:33 - 2014-12-13 16:33 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\y1200142uw3b.xml2014-12-13 16:33 - 2014-12-13 16:33 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\x4j0rlgkugaj.xml2014-12-13 16:26 - 2014-12-13 16:26 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\sbe1p2gmuqbz.xml2014-12-13 16:16 - 2014-12-13 16:16 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\mp5zsoj3uupp.xml2014-12-03 12:23 - 2014-12-03 12:23 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\vpuz0mblumft.xml2014-12-03 12:20 - 2014-12-03 12:20 - 00000079 _____ () C:\Users\Bruce\AppData\Roaming\lhbjtl1ju4cn.xml2014-12-03 12:13 - 2014-12-03 12:13 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\15m4t4zyugz2.xml2014-12-03 12:00 - 2014-12-03 12:00 - 00000079 _____ () C:\Users\Bruce\AppData\Roaming\seysxkpsug1a.xml2014-12-03 11:57 - 2014-12-03 11:57 - 00000079 _____ () C:\Users\Bruce\AppData\Roaming\w2pb353ku5iv.xml2014-12-03 11:56 - 2014-12-03 11:56 - 00000079 _____ () C:\Users\Bruce\AppData\Roaming\z0blwszjugpi.xml2014-12-13 22:08 - 2014-10-10 21:41 - 00000000 ____D () C:\Users\Bruce\AppData\Roaming\%%d1mp8q22%RFMSend
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
CXrghb6.png Update Outdated Software
Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

STEP 3
oxliOQk.png Security Check

  • Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • checkup.txt
  • How is your computer performing? Are there any outstanding issues?
Link to post
Share on other sites
beaucomb

beaucomb

Posted
  • Author
Posted

Everything seems to be running very well!  Merry Christmas!

 

1.  Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-12-2014 01
Ran by Bruce at 2014-12-24 13:34:44 Run:2
Running from C:\Users\Bruce\Desktop
Loaded Profiles: Bruce &  (Available profiles: Bruce)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2824077954-1205789865-475378249-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
2014-12-15 13:41 - 2014-12-18 15:08 - 00000339 _____ () C:\Users\Bruce\AppData\Roaming\ProdASC.Asc
2014-12-15 13:31 - 2014-12-15 13:31 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\pw1v51q0u3vi.xml
2014-12-15 13:30 - 2014-12-15 13:30 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\rzls5cbnuwyl.xml
2014-12-14 16:06 - 2014-12-14 16:06 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\3rrjxmuyuhjq.xml
2014-12-14 16:01 - 2014-12-14 16:01 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\oajv3ge2u30o.xml
2014-12-14 15:41 - 2014-12-14 15:41 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\d5upmq1lu3my.xml
2014-12-13 19:21 - 2014-12-13 19:21 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\nkhskxvsusig.xml
2014-12-13 18:31 - 2014-12-13 18:31 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\bqu0rqu5ufgh.xml
2014-12-13 17:51 - 2014-12-13 17:51 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\bpe4nxekuv1j.xml
2014-12-13 16:36 - 2014-12-13 16:36 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\zzdu1ycyulf0.xml
2014-12-13 16:33 - 2014-12-13 16:33 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\y1200142uw3b.xml
2014-12-13 16:33 - 2014-12-13 16:33 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\x4j0rlgkugaj.xml
2014-12-13 16:26 - 2014-12-13 16:26 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\sbe1p2gmuqbz.xml
2014-12-13 16:16 - 2014-12-13 16:16 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\mp5zsoj3uupp.xml
2014-12-03 12:23 - 2014-12-03 12:23 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\vpuz0mblumft.xml
2014-12-03 12:20 - 2014-12-03 12:20 - 00000079 _____ () C:\Users\Bruce\AppData\Roaming\lhbjtl1ju4cn.xml
2014-12-03 12:13 - 2014-12-03 12:13 - 00000081 _____ () C:\Users\Bruce\AppData\Roaming\15m4t4zyugz2.xml
2014-12-03 12:00 - 2014-12-03 12:00 - 00000079 _____ () C:\Users\Bruce\AppData\Roaming\seysxkpsug1a.xml
2014-12-03 11:57 - 2014-12-03 11:57 - 00000079 _____ () C:\Users\Bruce\AppData\Roaming\w2pb353ku5iv.xml
2014-12-03 11:56 - 2014-12-03 11:56 - 00000079 _____ () C:\Users\Bruce\AppData\Roaming\z0blwszjugpi.xml
2014-12-13 22:08 - 2014-10-10 21:41 - 00000000 ____D () C:\Users\Bruce\AppData\Roaming\%%d1mp8q22%RFMS
end
*****************
 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2824077954-1205789865-475378249-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
C:\Users\Bruce\AppData\Roaming\ProdASC.Asc => Moved successfully.
C:\Users\Bruce\AppData\Roaming\pw1v51q0u3vi.xml => Moved successfully.
C:\Users\Bruce\AppData\Roaming\rzls5cbnuwyl.xml => Moved successfully.
C:\Users\Bruce\AppData\Roaming\3rrjxmuyuhjq.xml => Moved successfully.
C:\Users\Bruce\AppData\Roaming\oajv3ge2u30o.xml => Moved successfully.
C:\Users\Bruce\AppData\Roaming\d5upmq1lu3my.xml => Moved successfully.
C:\Users\Bruce\AppData\Roaming\nkhskxvsusig.xml => Moved successfully.
C:\Users\Bruce\AppData\Roaming\bqu0rqu5ufgh.xml => Moved successfully.
C:\Users\Bruce\AppData\Roaming\bpe4nxekuv1j.xml => Moved successfully.
C:\Users\Bruce\AppData\Roaming\zzdu1ycyulf0.xml => Moved successfully.
C:\Users\Bruce\AppData\Roaming\y1200142uw3b.xml => Moved successfully.
C:\Users\Bruce\AppData\Roaming\x4j0rlgkugaj.xml => Moved successfully.
C:\Users\Bruce\AppData\Roaming\sbe1p2gmuqbz.xml => Moved successfully.
C:\Users\Bruce\AppData\Roaming\mp5zsoj3uupp.xml => Moved successfully.
C:\Users\Bruce\AppData\Roaming\vpuz0mblumft.xml => Moved successfully.
C:\Users\Bruce\AppData\Roaming\lhbjtl1ju4cn.xml => Moved successfully.
C:\Users\Bruce\AppData\Roaming\15m4t4zyugz2.xml => Moved successfully.
C:\Users\Bruce\AppData\Roaming\seysxkpsug1a.xml => Moved successfully.
C:\Users\Bruce\AppData\Roaming\w2pb353ku5iv.xml => Moved successfully.
C:\Users\Bruce\AppData\Roaming\z0blwszjugpi.xml => Moved successfully.
C:\Users\Bruce\AppData\Roaming\%%d1mp8q22%RFMS => Moved successfully.
 
==== End of Fixlog 13:34:45 ====

 

2. checkup.txt

 

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Reader XI  
 Google Chrome (39.0.2171.71) 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Merry Christmas to you too, Caity. :)
 

Everything seems to be running very well! 

Excellent. 
With this in mind -
 
All Clean!
Congratulations, your computer appears clean!  :)
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful
 
My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. YSCcjW7.png
 
 
STEP 1
9SN2ePL.png ComboFix Uninstall

  • Press the Windows Key + r on your keyboard at the same time. Type the following text into the Run box:
    ComboFix /Uninstall
  • Click OK.
  • Note: It may appear as if Combofix is installing. This is not the case; the programme is uninstalling. Please do not interrupt the process.
     

STEP 2
AFZxnZc.jpg DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
======================================================
 
I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

The following programmes come highly recommended in the security community.

  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware. 
  • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secunia PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
 
======================================================
 
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
 
Thank you for using Malwarebytes.
 
Safe Surfing. :)
Adam

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept