View Full Version : Computer was cleaned but still has problems
threeputt
2014-01-31, 04:25
I had a pro clean this computer and was told it was clean. Of course I was told by him to run combofix. I did and it found this
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache86\userinit.exe
He went on to continue and clean the system. That was a few days ago. I was told to never run combofix without someone telling me to. I do understand it can mess a computer up but in my case I have an image so I can get it back going if I had to. Today I run combofix again because the computer was slowing down. It still finds the same infected file. I have run that program about 4 times and it always finds that one file infected even though I was told this computer had no problems. Like I mentioned its no big deal if it crashes because I have several acronis backups made and I can get it back running. I just want to know why combofix keeps finding that one file infected. Here are the logs you need
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by Tom at 22:01:56 on 2014-01-29
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6142.4528 [GMT -6:00]
.
AV: Webroot SecureAnywhere *Enabled/Updated* {66A6FE14-08CB-F415-3742-517201416109}
SP: Webroot SecureAnywhere *Enabled/Updated* {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_38_ActiveX.exe
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1058
TCP: NameServer = 24.177.176.38 71.92.29.130 24.217.201.67
TCP: Interfaces\{2FFDAB11-47E1-4C8E-9DC0-7A902F405408} : DHCPNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll
x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\1qmzyu6f.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2013-3-29 108832]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-3-24 55856]
R0 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2013-4-7 1120032]
R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2013-4-7 183224]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2013-4-7 161568]
R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2013-3-29 117024]
R0 WRkrn;WRkrn;C:\Windows\System32\drivers\WRkrn.sys [2013-4-3 115232]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2013-4-7 3783672]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-1-28 109352]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-24 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-24 701512]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2013-3-20 7084672]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2013-4-3 761464]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2013-4-7 367200]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM 64 bit;C:\Windows\System32\drivers\Envy24HF.sys [2007-3-15 150016]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-24 25928]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-1-9 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-13 19456]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-1-13 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-1-13 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-18 1255736]
.
=============== Created Last 30 ================
.
2014-01-30 03:50:49 -------- d-sh--w- C:\$RECYCLE.BIN
2014-01-30 03:41:39 -------- d-s---w- C:\ComboFix
2014-01-29 01:56:45 -------- d-----w- C:\Program Files\HitmanPro
2014-01-29 01:56:34 -------- d-----w- C:\ProgramData\HitmanPro
2014-01-28 10:49:07 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{93E40CBE-B6E8-4C62-B067-D8A010E4FCC6}\mpengine.dll
2014-01-28 01:23:25 -------- d-----w- C:\FRST
2014-01-28 00:18:54 98816 ----a-w- C:\Windows\sed.exe
2014-01-28 00:18:54 256000 ----a-w- C:\Windows\PEV.exe
2014-01-28 00:18:54 208896 ----a-w- C:\Windows\MBR.exe
2014-01-26 01:45:03 119000 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-01-24 04:33:16 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-24 04:32:28 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-01-21 03:43:50 -------- d-----w- C:\Users\Tom\AppData\Local\Macromedia
2014-01-20 20:48:19 -------- d-----w- C:\Program Files\SAMSUNG
2014-01-20 20:48:04 -------- d-----w- C:\ProgramData\Samsung
2014-01-19 15:49:04 -------- d-----w- C:\Windows\ERUNT
2014-01-19 15:47:55 -------- d-----w- C:\AdwCleaner
2014-01-15 22:23:52 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 22:23:52 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-15 22:23:52 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-15 22:23:52 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-15 22:23:52 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 22:23:51 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-15 22:23:51 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-15 22:23:51 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-15 22:23:50 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-01-15 03:06:00 -------- d-----w- C:\Users\Tom\AppData\Local\Amazon
2014-01-13 22:13:22 -------- d-----w- C:\Users\Tom\AppData\Roaming\HpUpdate
2014-01-13 22:12:34 -------- d-----w- C:\Windows\Hewlett-Packard
2014-01-13 22:03:36 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-01-13 22:03:36 366592 ----a-w- C:\Windows\System32\qdvd.dll
2014-01-13 22:00:36 -------- d-----w- C:\Users\Tom\AppData\Local\Secunia PSI
2014-01-13 22:00:27 -------- d-----w- C:\Program Files (x86)\Secunia
2014-01-09 05:20:20 -------- d-----w- C:\Windows\Migration
2014-01-05 02:29:57 -------- d-----w- C:\Program Files (x86)\Cisco Systems
2014-01-05 02:27:48 -------- d-----w- C:\ProgramData\Cisco Systems
.
==================== Find3M ====================
.
2014-01-26 14:11:49 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-26 14:11:49 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-16 05:24:06 154824 ----a-w- C:\Windows\SysWow64\WRusr.dll
2014-01-16 05:24:06 115232 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
2014-01-16 05:24:06 104872 ----a-w- C:\Windows\System32\WRusr.dll
2013-12-28 02:22:17 10395072 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe
2013-12-18 12:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 22:02:17.95 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/18/2012 4:09:37 PM
System Uptime: 1/29/2014 9:50:10 PM (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | 965P-DS3
Processor: Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz | Socket 775 | 1800/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 488 GiB total, 451.63 GiB free.
D: is FIXED (NTFS) - 443 GiB total, 191.18 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP61: 1/27/2014 6:19:02 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Amazon Kindle
Bomgar Representative Console 13.1.3 [remote.sacsinc.com]
BufferChm
C4400
CCleaner
Cisco Connect
Copy
Destinations
DeviceDiscovery
DirectX 9 Runtime
DivX Setup
DocProc
EMC 10 Content
EMCGadgets64
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.0.0
HitmanPro 3.7
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart C4400 All-In-One Driver Software 13.0 Rel. 3
HP Photosmart Essential 3.5
HP Product Detection
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
ieSpell
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 4.5.1
Microsoft Mouse and Keyboard Center
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
OCR Software by I.R.I.S. 13.0
PS_AIO_03_C4400_Software_Min
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy CD and DVD Burning
Roxio Express Labeler 3
Roxio File Backup
Roxio PhotoShow
Roxio Update Manager
SAMSUNG USB Driver for Mobile Phones
Scan
SmartWebPrinting
SolutionCenter
Sonic CinePlayer Decoder Pack
Status
Toolbox
TrayApp
True Image 2013
UnloadSupport
VC80CRTRedist - 8.0.50727.6195
VD64Inst
WebReg
Webroot SecureAnywhere
Windows 7 Upgrade Advisor
.
==== Event Viewer Messages From Past Week ========
.
1/29/2014 9:50:56 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/29/2014 9:50:56 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
1/29/2014 9:50:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter
1/29/2014 9:45:37 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
1/29/2014 9:41:18 PM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
1/29/2014 9:41:18 PM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
1/28/2014 5:36:35 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort3.
1/28/2014 2:29:23 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
1/28/2014 2:29:23 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
1/27/2014 9:45:20 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/27/2014 9:43:30 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
1/27/2014 9:43:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/27/2014 9:43:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/27/2014 9:43:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/27/2014 9:43:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/27/2014 9:43:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache RxFilter snapman spldr Wanarpv6
.
==== End Of File ===========================
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-01-29 22:10:32
-----------------------------
22:10:32.512 OS Version: Windows x64 6.1.7601 Service Pack 1
22:10:32.512 Number of processors: 2 586 0xF02
22:10:32.512 ComputerName: TOM-PC UserName: Tom
22:10:35.320 Initialize success
22:10:44.682 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
22:10:44.682 Disk 0 Vendor: ST31000528AS CC38 Size: 953868MB BusType: 3
22:10:44.775 Disk 0 MBR read successfully
22:10:44.775 Disk 0 MBR scan
22:10:44.775 Disk 0 Windows 7 default MBR code
22:10:44.791 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:10:44.791 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 499900 MB offset 206848
22:10:44.807 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 453866 MB offset 1024002048
22:10:44.838 Disk 0 scanning C:\Windows\system32\drivers
22:10:50.220 Service scanning
22:10:58.893 Service WRkrn C:\Windows\System32\drivers\WRkrn.sys **LOCKED** 32
22:10:59.627 Modules scanning
22:10:59.627 Disk 0 trace - called modules:
22:10:59.642 ntoskrnl.exe CLASSPNP.SYS disk.sys vidsflt.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
22:10:59.642 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005e7d060]
22:10:59.658 3 CLASSPNP.SYS[fffff88001ab343f] -> nt!IofCallDriver -> [0xfffffa8005e7c040]
22:10:59.658 5 vidsflt.sys[fffff880010b55f1] -> nt!IofCallDriver -> [0xfffffa8005cf4520]
22:10:59.673 7 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0xfffffa8005cf6060]
22:10:59.673 Scan finished successfully
22:11:18.549 Disk 0 MBR has been saved successfully to "C:\Users\Tom\Desktop\MBR.dat"
22:11:18.565 The log file has been saved successfully to "C:\Users\Tom\Desktop\aswMBR.txt"
.
I tried to backup your Registry with ERUNT but got an error. Will this work with windows 7 pro? if not then please advice me on what I need to do. I just want to find out if something might be hiding in the system that keeps giving that message when running combofix. I do understand your rules said not to run combo and I totally understand. If combo is giving me this message
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache86\userinit.exe
This was the same exact message I got before my computer was cleaned by another malware expert. He did clean it and I have no complaint other than how does this keep showing up if it is clean?
Thanks for taking a look.
-----------------------------------
I did install ERUNT and was able to run it.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache86\userinit.exe
No idea why that keeps showing up unless the copy it restored to is no good?
I can see you've run nearly every tool under the sun, I'll post 2 more to see what it might show.
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save it to your Desktop.
(use correct version for your system.....Which system am I using? (http://support.microsoft.com/kb/827218))
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.[/*]
Press Scan button.[/*]
It will produce a log called FRST.txt in the same directory the tool is run from.[/*]
Please copy and paste log back here.[/*]
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.[/*]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Download the latest version of TDSSKiller from here (http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe) and save it to your Desktop.
Doubleclick on TDSSKiller.exe to run the application
https://dl.dropbox.com/u/73555776/tdss%20start.JPG
Then click on Change parameters.
https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG
Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
https://dl.dropbox.com/u/73555776/tdss%20threat.JPG
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Get the report by selecting Reports
https://dl.dropbox.com/u/73555776/tdss%20report.JPG
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.
threeputt
2014-02-03, 04:03
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by Tom (administrator) on TOM-PC on 02-02-2014 19:56:46
Running from C:\Users\Tom\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_12_0_0_38_ActiveX.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [WRSVC] - C:\Program Files\Webroot\WRSA.exe [761464 2014-01-19] (Webroot)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer [432504 2013-04-22] ()
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer [513024 2013-04-22] ()
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer [352632 2013-04-22] ()
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer [1020792 2013-04-22] ()
HKU\S-1-5-21-2972477526-3186669649-2190957514-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-05-01] (Google Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF1A4C4F0C218CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
BHO-x32: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1058
Tcpip\Parameters: [DhcpNameServer] 24.177.176.38 71.92.29.130 24.217.201.67
FireFox:
========
FF ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\1qmzyu6f.default
FF Homepage: hxxp://yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-11-18]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-05-12]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2013-12-27]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-11-18]
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.72\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.72\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.72\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-02]
CHR Extension: (Google Drive) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-02]
CHR Extension: (YouTube) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-02]
CHR Extension: (Google Search) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-02]
CHR Extension: (Webroot Filtering Extension) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\dblebgkanaecgapcfefmedflbdhmblog [2014-01-13]
CHR Extension: (Google Wallet) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-13]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-05-18]
CHR Extension: (Webroot Password Manager) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2013-05-02]
CHR Extension: (Gmail) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-02]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.26.crx [2014-02-01]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2013-04-03]
==================== Services (Whitelisted) =================
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [761464 2014-01-19] (Webroot)
==================== Drivers (Whitelisted) ====================
R3 Envy24HFS; C:\Windows\System32\drivers\Envy24HF.sys [150016 2007-03-15] (VIA - IC Ensemble, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-04-07] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-04-07] (Acronis)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-04-07] (Acronis International GmbH)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [115232 2014-01-15] (Webroot)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-02 19:56 - 2014-02-02 19:56 - 00013242 _____ () C:\Users\Tom\Desktop\FRST.txt
2014-02-02 19:56 - 2014-02-02 19:56 - 00000000 ____D () C:\FRST
2014-02-02 19:55 - 2014-02-02 19:56 - 02080256 _____ (Farbar) C:\Users\Tom\Desktop\FRST64.exe
2014-02-02 17:29 - 2014-02-02 17:29 - 00000056 _____ () C:\Windows\setupact.log
2014-02-02 17:29 - 2014-02-02 17:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-02 12:47 - 2014-02-02 12:48 - 00000000 ____D () C:\Users\Tom\Desktop\RK_Quarantine
2014-02-01 23:10 - 2014-02-01 23:10 - 00000000 ____D () C:\Users\Tom\Desktop\6-18-2012
2014-02-01 21:40 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-01 21:40 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-01 21:40 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-01 21:40 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-01 21:40 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-01 21:40 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-01 21:40 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-01 21:40 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-01 21:39 - 2014-02-02 09:05 - 00000000 ____D () C:\Qoobox
2014-02-01 21:39 - 2014-02-01 21:39 - 05179159 ____R (Swearware) C:\Users\Tom\Desktop\ComboFix.exe
2014-02-01 21:36 - 2014-02-02 17:33 - 00060769 _____ () C:\Windows\WindowsUpdate.log
2014-01-26 09:21 - 2014-01-26 09:22 - 00000000 ____D () C:\Users\Tom\Desktop\Grant's boat
2014-01-25 23:33 - 2014-01-25 23:33 - 00987425 _____ () C:\Users\Tom\Desktop\SecurityCheck.exe
2014-01-25 22:36 - 2014-01-25 22:36 - 00000631 _____ () C:\Users\Tom\Desktop\JRT.txt
2014-01-25 22:17 - 2014-01-25 22:17 - 01236282 _____ () C:\Users\Tom\Desktop\adwcleaner.exe
2014-01-25 22:17 - 2014-01-25 22:17 - 01037068 _____ (Thisisu) C:\Users\Tom\Desktop\JRT.exe
2014-01-25 20:58 - 2014-01-25 20:58 - 00165376 _____ () C:\Users\Tom\Desktop\SystemLook_x64.exe
2014-01-25 19:44 - 2014-01-25 19:54 - 00000000 ____D () C:\Users\Tom\Desktop\mbar
2014-01-25 19:39 - 2014-01-25 19:39 - 04380160 _____ () C:\Users\Tom\Desktop\RogueKillerX64.exe
2014-01-25 19:01 - 2014-01-25 19:01 - 00005425 _____ () C:\Users\Tom\Desktop\attach.txt
2014-01-25 19:00 - 2014-02-02 09:19 - 00000000 ____D () C:\Users\Tom\Desktop\virus
2014-01-25 15:22 - 2014-01-25 15:22 - 00029754 _____ () C:\Users\Tom\Desktop\damper.bmp
2014-01-24 07:57 - 2014-01-24 07:58 - 00602112 _____ (OldTimer Tools) C:\Users\Tom\Downloads\OTL.exe
2014-01-23 22:48 - 2014-01-23 22:48 - 05175240 ____R (Swearware) C:\Users\Tom\Downloads\ComboFix.exe
2014-01-23 22:33 - 2014-01-25 19:54 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-23 22:32 - 2014-01-25 19:44 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-23 22:32 - 2014-01-23 22:32 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Tom\Downloads\mbar-1.07.0.1009.exe
2014-01-23 22:28 - 2014-01-23 22:28 - 04406784 _____ () C:\Users\Tom\Downloads\RogueKillerX64.exe
2014-01-21 08:59 - 2014-01-21 23:15 - 00000000 ____D () C:\Users\Tom\Desktop\FUEL Sender Ford Taurus
2014-01-20 21:43 - 2014-01-20 21:43 - 00000000 ____D () C:\Users\Tom\AppData\Local\Macromedia
2014-01-20 21:10 - 2014-01-20 21:10 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-20 21:10 - 2014-01-20 21:10 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Mozilla
2014-01-20 21:10 - 2014-01-20 21:10 - 00000000 ____D () C:\Users\Tom\AppData\Local\Mozilla
2014-01-20 21:10 - 2014-01-20 21:10 - 00000000 ____D () C:\ProgramData\Mozilla
2014-01-20 21:10 - 2014-01-20 21:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-20 21:10 - 2014-01-20 21:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-01-20 14:48 - 2014-01-20 14:48 - 00000000 ____D () C:\Users\Public\Documents\Verizon_Android
2014-01-20 14:48 - 2014-01-20 14:48 - 00000000 ____D () C:\ProgramData\Samsung
2014-01-20 14:48 - 2014-01-20 14:48 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-01-19 09:49 - 2014-01-19 09:49 - 00000000 ____D () C:\Windows\ERUNT
2014-01-19 09:47 - 2014-01-25 22:20 - 00000000 ____D () C:\AdwCleaner
2014-01-17 14:42 - 2014-01-17 14:42 - 00000253 _____ () C:\Users\Tom\Desktop\Kissimmee 2014, #WhereTheCarsAre Consignment List Mecum Auctions.url
2014-01-15 16:23 - 2013-11-26 19:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 16:23 - 2013-11-26 19:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 16:23 - 2013-11-26 19:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 16:23 - 2013-11-26 19:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 16:23 - 2013-11-26 19:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 16:23 - 2013-11-26 19:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 16:23 - 2013-11-26 19:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 16:23 - 2013-11-26 05:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 16:23 - 2013-11-26 04:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 21:06 - 2014-01-19 13:24 - 00000000 ____D () C:\Users\Tom\Documents\My Kindle Content
2014-01-14 21:06 - 2014-01-14 21:06 - 00002219 _____ () C:\Users\Tom\Desktop\Kindle.lnk
2014-01-14 21:06 - 2014-01-14 21:06 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-01-14 21:06 - 2014-01-14 21:06 - 00000000 ____D () C:\Users\Tom\AppData\Local\Amazon
2014-01-13 16:15 - 2014-01-13 16:15 - 02434048 _____ () C:\Users\Tom\Downloads\msxml.msi
2014-01-13 16:14 - 2014-01-13 16:14 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-01-13 16:13 - 2014-01-20 17:09 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\HpUpdate
2014-01-13 16:13 - 2014-01-13 16:13 - 03607616 _____ (Igor Pavlov) C:\Users\Tom\Downloads\GmdClientSetup.exe
2014-01-13 16:12 - 2014-01-13 16:12 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-01-13 16:11 - 2014-01-13 16:12 - 03111104 _____ (Hewlett-Packard ) C:\Users\Tom\Downloads\hpusetup.exe
2014-01-13 16:04 - 2012-08-23 08:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-01-13 16:04 - 2012-08-23 08:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-01-13 16:04 - 2012-08-23 08:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-01-13 16:04 - 2012-08-23 08:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-01-13 16:04 - 2012-08-23 07:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-01-13 16:04 - 2012-08-23 07:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-01-13 16:04 - 2012-08-23 07:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-01-13 16:04 - 2012-08-23 07:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-01-13 16:04 - 2012-08-23 07:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-01-13 16:04 - 2012-08-23 07:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-01-13 16:04 - 2012-08-23 07:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-01-13 16:04 - 2012-08-23 07:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-01-13 16:04 - 2012-08-23 07:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-01-13 16:04 - 2012-08-23 06:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-01-13 16:04 - 2012-08-23 05:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-01-13 16:04 - 2012-08-23 05:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-01-13 16:04 - 2012-08-23 05:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-01-13 16:04 - 2012-08-23 05:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-01-13 16:04 - 2012-08-23 04:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-01-13 16:04 - 2012-08-23 04:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-01-13 16:04 - 2012-08-23 04:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-01-13 16:04 - 2012-08-23 04:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-01-13 16:04 - 2012-08-23 03:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-01-13 16:04 - 2012-08-23 02:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-01-13 16:04 - 2012-08-23 02:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-01-13 16:03 - 2012-05-04 05:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-01-13 16:03 - 2012-05-04 03:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-01-13 16:00 - 2014-01-13 16:00 - 00000000 ____D () C:\Users\Tom\AppData\Local\Secunia PSI
2014-01-13 16:00 - 2014-01-13 16:00 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-01-09 07:55 - 2013-11-26 05:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-09 07:55 - 2013-11-26 04:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-09 07:55 - 2013-11-26 04:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-01-09 07:55 - 2013-11-26 04:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-01-09 07:55 - 2013-11-26 03:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-09 07:55 - 2013-11-26 03:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-01-09 07:55 - 2013-11-26 03:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-09 07:55 - 2013-11-26 03:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-09 07:55 - 2013-11-26 03:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-09 07:55 - 2013-11-26 03:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-01-09 07:55 - 2013-11-26 03:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-09 07:55 - 2013-11-26 03:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-09 07:55 - 2013-11-26 03:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-01-09 07:55 - 2013-11-26 03:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-01-09 07:55 - 2013-11-26 02:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-09 07:55 - 2013-11-26 02:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-01-09 07:55 - 2013-11-26 02:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-01-09 07:55 - 2013-11-26 02:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-09 07:55 - 2013-11-26 02:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-09 07:55 - 2013-11-26 02:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-01-09 07:55 - 2013-11-26 02:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-01-09 07:55 - 2013-11-26 02:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-09 07:55 - 2013-11-26 01:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-09 07:55 - 2013-11-26 01:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-01-09 07:55 - 2013-11-26 01:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-01-09 07:55 - 2013-11-26 01:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-09 07:55 - 2013-11-26 00:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-09 07:55 - 2013-11-26 00:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-09 07:55 - 2013-11-26 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-09 07:55 - 2013-11-26 00:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-01-09 07:55 - 2013-11-26 00:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-01-08 23:18 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-01-08 23:16 - 2014-01-08 23:16 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-01-08 23:16 - 2014-01-08 23:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-01-08 23:16 - 2014-01-08 23:16 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-01-08 23:16 - 2014-01-08 23:16 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-01-08 23:16 - 2014-01-08 23:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-01-08 23:16 - 2014-01-08 23:16 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-01-08 23:16 - 2014-01-08 23:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-01-04 20:29 - 2014-01-04 20:29 - 00000000 ____D () C:\Program Files (x86)\Cisco Systems
2014-01-04 20:27 - 2014-01-04 20:27 - 00000000 ____D () C:\ProgramData\Cisco Systems
==================== One Month Modified Files and Folders =======
2014-02-02 19:56 - 2014-02-02 19:56 - 00013242 _____ () C:\Users\Tom\Desktop\FRST.txt
2014-02-02 19:56 - 2014-02-02 19:56 - 00000000 ____D () C:\FRST
2014-02-02 19:56 - 2014-02-02 19:55 - 02080256 _____ (Farbar) C:\Users\Tom\Desktop\FRST64.exe
2014-02-02 19:56 - 2013-04-03 19:13 - 00000000 ____D () C:\ProgramData\WRData
2014-02-02 19:44 - 2012-11-18 16:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-02 19:24 - 2013-05-01 06:18 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-02 17:37 - 2009-07-13 22:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-02 17:37 - 2009-07-13 22:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-02 17:34 - 2009-07-13 23:13 - 00786250 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-02 17:33 - 2014-02-01 21:36 - 00060769 _____ () C:\Windows\WindowsUpdate.log
2014-02-02 17:29 - 2014-02-02 17:29 - 00000056 _____ () C:\Windows\setupact.log
2014-02-02 17:29 - 2014-02-02 17:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-02 17:29 - 2013-05-01 06:18 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-02 17:29 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-02 12:48 - 2014-02-02 12:47 - 00000000 ____D () C:\Users\Tom\Desktop\RK_Quarantine
2014-02-02 09:19 - 2014-01-25 19:00 - 00000000 ____D () C:\Users\Tom\Desktop\virus
2014-02-02 09:05 - 2014-02-01 21:39 - 00000000 ____D () C:\Qoobox
2014-02-02 09:01 - 2013-04-29 19:57 - 00000000 ____D () C:\Windows\erdnt
2014-02-02 09:01 - 2009-07-13 23:08 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-02 09:01 - 2009-07-13 20:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-01 23:10 - 2014-02-01 23:10 - 00000000 ____D () C:\Users\Tom\Desktop\6-18-2012
2014-02-01 22:28 - 2013-05-02 20:34 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-01 21:39 - 2014-02-01 21:39 - 05179159 ____R (Swearware) C:\Users\Tom\Desktop\ComboFix.exe
2014-01-26 09:22 - 2014-01-26 09:21 - 00000000 ____D () C:\Users\Tom\Desktop\Grant's boat
2014-01-26 08:11 - 2013-03-24 17:02 - 00000000 ____D () C:\Users\Tom\AppData\Local\Adobe
2014-01-26 08:11 - 2012-11-18 16:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-26 08:11 - 2012-11-18 16:58 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-26 08:11 - 2012-11-18 16:58 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-25 23:33 - 2014-01-25 23:33 - 00987425 _____ () C:\Users\Tom\Desktop\SecurityCheck.exe
2014-01-25 22:36 - 2014-01-25 22:36 - 00000631 _____ () C:\Users\Tom\Desktop\JRT.txt
2014-01-25 22:20 - 2014-01-19 09:47 - 00000000 ____D () C:\AdwCleaner
2014-01-25 22:17 - 2014-01-25 22:17 - 01236282 _____ () C:\Users\Tom\Desktop\adwcleaner.exe
2014-01-25 22:17 - 2014-01-25 22:17 - 01037068 _____ (Thisisu) C:\Users\Tom\Desktop\JRT.exe
2014-01-25 21:37 - 2013-03-26 16:23 - 00000866 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-01-25 20:58 - 2014-01-25 20:58 - 00165376 _____ () C:\Users\Tom\Desktop\SystemLook_x64.exe
2014-01-25 19:54 - 2014-01-25 19:44 - 00000000 ____D () C:\Users\Tom\Desktop\mbar
2014-01-25 19:54 - 2014-01-23 22:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-25 19:44 - 2014-01-23 22:32 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-25 19:39 - 2014-01-25 19:39 - 04380160 _____ () C:\Users\Tom\Desktop\RogueKillerX64.exe
2014-01-25 19:01 - 2014-01-25 19:01 - 00005425 _____ () C:\Users\Tom\Desktop\attach.txt
2014-01-25 15:22 - 2014-01-25 15:22 - 00029754 _____ () C:\Users\Tom\Desktop\damper.bmp
2014-01-24 19:50 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-24 07:58 - 2014-01-24 07:57 - 00602112 _____ (OldTimer Tools) C:\Users\Tom\Downloads\OTL.exe
2014-01-23 22:48 - 2014-01-23 22:48 - 05175240 ____R (Swearware) C:\Users\Tom\Downloads\ComboFix.exe
2014-01-23 22:32 - 2014-01-23 22:32 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Tom\Downloads\mbar-1.07.0.1009.exe
2014-01-23 22:28 - 2014-01-23 22:28 - 04406784 _____ () C:\Users\Tom\Downloads\RogueKillerX64.exe
2014-01-21 23:15 - 2014-01-21 08:59 - 00000000 ____D () C:\Users\Tom\Desktop\FUEL Sender Ford Taurus
2014-01-20 21:43 - 2014-01-20 21:43 - 00000000 ____D () C:\Users\Tom\AppData\Local\Macromedia
2014-01-20 21:10 - 2014-01-20 21:10 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-20 21:10 - 2014-01-20 21:10 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Mozilla
2014-01-20 21:10 - 2014-01-20 21:10 - 00000000 ____D () C:\Users\Tom\AppData\Local\Mozilla
2014-01-20 21:10 - 2014-01-20 21:10 - 00000000 ____D () C:\ProgramData\Mozilla
2014-01-20 21:10 - 2014-01-20 21:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-20 21:10 - 2014-01-20 21:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-01-20 17:09 - 2014-01-13 16:13 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\HpUpdate
2014-01-20 14:48 - 2014-01-20 14:48 - 00000000 ____D () C:\Users\Public\Documents\Verizon_Android
2014-01-20 14:48 - 2014-01-20 14:48 - 00000000 ____D () C:\ProgramData\Samsung
2014-01-20 14:48 - 2014-01-20 14:48 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-01-19 13:24 - 2014-01-14 21:06 - 00000000 ____D () C:\Users\Tom\Documents\My Kindle Content
2014-01-19 09:49 - 2014-01-19 09:49 - 00000000 ____D () C:\Windows\ERUNT
2014-01-17 17:29 - 2013-03-26 16:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-01-17 14:42 - 2014-01-17 14:42 - 00000253 _____ () C:\Users\Tom\Desktop\Kissimmee 2014, #WhereTheCarsAre Consignment List Mecum Auctions.url
2014-01-15 23:24 - 2013-04-03 19:13 - 00154824 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2014-01-15 23:24 - 2013-04-03 19:13 - 00115232 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2014-01-15 23:24 - 2013-04-03 19:13 - 00104872 _____ (Webroot) C:\Windows\system32\WRusr.dll
2014-01-15 18:21 - 2009-07-13 22:45 - 00469632 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 16:26 - 2013-12-29 06:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 16:24 - 2012-11-18 16:34 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 21:06 - 2014-01-14 21:06 - 00002219 _____ () C:\Users\Tom\Desktop\Kindle.lnk
2014-01-14 21:06 - 2014-01-14 21:06 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-01-14 21:06 - 2014-01-14 21:06 - 00000000 ____D () C:\Users\Tom\AppData\Local\Amazon
2014-01-13 17:19 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-01-13 16:16 - 2013-03-24 16:39 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-01-13 16:15 - 2014-01-13 16:15 - 02434048 _____ () C:\Users\Tom\Downloads\msxml.msi
2014-01-13 16:14 - 2014-01-13 16:14 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-01-13 16:13 - 2014-01-13 16:13 - 03607616 _____ (Igor Pavlov) C:\Users\Tom\Downloads\GmdClientSetup.exe
2014-01-13 16:13 - 2012-11-18 18:35 - 00000000 ____D () C:\Program Files (x86)\HP
2014-01-13 16:12 - 2014-01-13 16:12 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-01-13 16:12 - 2014-01-13 16:11 - 03111104 _____ (Hewlett-Packard ) C:\Users\Tom\Downloads\hpusetup.exe
2014-01-13 16:06 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-01-13 16:00 - 2014-01-13 16:00 - 00000000 ____D () C:\Users\Tom\AppData\Local\Secunia PSI
2014-01-13 16:00 - 2014-01-13 16:00 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-01-09 11:46 - 2012-11-18 18:00 - 00000000 ____D () C:\Windows\Panther
2014-01-08 23:31 - 2012-11-18 16:11 - 00001417 _____ () C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-08 23:21 - 2013-03-29 22:04 - 00774360 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-08 23:16 - 2014-01-08 23:16 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-01-08 23:16 - 2014-01-08 23:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-01-08 23:16 - 2014-01-08 23:16 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-01-08 23:16 - 2014-01-08 23:16 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-01-08 23:16 - 2014-01-08 23:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-01-08 23:16 - 2014-01-08 23:16 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-01-08 23:16 - 2014-01-08 23:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-01-08 09:58 - 2013-03-31 18:58 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-01-06 19:29 - 2012-11-18 19:01 - 00000000 ____D () C:\Users\Tom\AppData\Local\Google
2014-01-04 20:29 - 2014-01-04 20:29 - 00000000 ____D () C:\Program Files (x86)\Cisco Systems
2014-01-04 20:27 - 2014-01-04 20:27 - 00000000 ____D () C:\ProgramData\Cisco Systems
2014-01-03 08:53 - 2013-03-24 18:05 - 00000000 ____D () C:\ProgramData\Roxio
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-02 00:35
==================== End Of Log ============================
threeputt
2014-02-03, 04:04
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2014 04
Ran by Tom at 2014-02-02 19:57:33
Running from C:\Users\Tom\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Amazon Kindle (HKCU Version: - Amazon)
Bomgar Representative Console 13.1.3 [remote.sacsinc.com] (Version: 13.1.3 - Bomgar Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4400 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
CCleaner (Version: 4.09 - Piriform)
Cisco Connect (x32 Version: 1.4.12263.1 - Cisco Consumer Products LLC)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DivX Setup (x32 Version: 2.6.1.41 - DivX, LLC)
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
EMC 10 Content (x32 Version: 1.0.035 - Roxo, Inc.) Hidden
EMCGadgets64 (Version: 1.0.302 - Sonic) Hidden
Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (Version: 13.0 - HP)
HP Photosmart C4400 All-In-One Driver Software 13.0 Rel. 3 (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (Version: 3.5 - HP)
HP Product Detection (x32 Version: 11.14.0001 - HP)
HP Smart Web Printing 4.51 (Version: 4.51 - HP)
HP Solution Center 13.0 (Version: 13.0 - HP)
HP Update (x32 Version: 5.005.000.001 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
ieSpell (x32 Version: 2.6.4 (build 573) - Red Egg Software)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
OCR Software by I.R.I.S. 13.0 (Version: 13.0 - HP)
PS_AIO_03_C4400_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.0 - Roxio) Hidden
Roxio Burn (x32 Version: 1.0.0 - Roxio) Hidden
Roxio Central Audio (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Copy (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Core (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Data (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Tools (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Easy CD and DVD Burning (x32 Version: 10.3 - Roxio)
Roxio Easy CD and DVD Burning (x32 Version: 10.3.104 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.1 - Roxio) Hidden
Roxio File Backup (Version: 1.3.0 - Roxio) Hidden
Roxio PhotoShow (x32 Version: 6.0 - Sonic Solutions)
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.2380.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
True Image 2013 (x32 Version: 16.0.6514 - Acronis) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Webroot SecureAnywhere (x32 Version: 8.0.4.46 - Webroot)
Windows 7 Upgrade Advisor (x32 Version: 2.0.5000.0 - Microsoft Corporation)
==================== Restore Points =========================
02-02-2014 03:38:00 Windows Update
==================== Hosts content: ==========================
2009-07-13 20:34 - 2014-01-19 08:39 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {4C2395DF-5ED6-4CD9-8A2E-68F9683FB0DC} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {59C24319-105F-4F7F-844C-955DFBA2DE61} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {6B806EE9-3142-46FC-8FBA-C4C62A5C0B2F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-26] (Adobe Systems Incorporated)
Task: {89D352E8-C73E-45E0-99BD-A2A09699EE9F} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {8F17A7AC-CD6B-4122-B0CA-738D35D1D1F0} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {92083FCA-4E29-4F61-B0E5-A2F45E0F574E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {CB739195-A4B1-45A1-BA6C-F7E5FF11F5F6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-01] (Google Inc.)
Task: {D3498FA7-6C72-47DB-A890-1524A356B1D4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {E4A2596E-C34F-4F41-A484-8287203AF386} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-01] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-03-27 21:39 - 2013-03-27 21:39 - 00021824 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\x64\ti_managers_proxy_stub.dll
2013-03-27 21:09 - 2013-03-27 21:09 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2013-03-27 21:36 - 2013-03-27 21:36 - 00021312 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/02/2014 05:31:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2014 09:08:36 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2014 09:02:49 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2014 09:01:37 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (02/02/2014 09:01:37 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.
Context: Windows Application
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (02/02/2014 09:01:37 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (02/02/2014 09:01:37 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Error: (02/02/2014 09:01:37 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (02/02/2014 09:01:37 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.
Context: Windows Application, SystemIndex Catalog
Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)
Error: (02/02/2014 09:01:37 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (02/02/2014 05:30:13 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RxFilter
Error: (02/02/2014 09:07:09 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RxFilter
Error: (02/02/2014 09:01:38 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (02/02/2014 09:01:38 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
Error: (02/02/2014 09:01:20 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RxFilter
Error: (02/02/2014 09:00:16 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (02/02/2014 08:57:04 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (02/02/2014 08:52:37 AM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
Error: (02/02/2014 08:52:37 AM) (Source: Service Control Manager) (User: )
Description: The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
Error: (02/01/2014 10:00:02 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RxFilter
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-01-19 08:36:55.266
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-01-19 08:36:55.204
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 36%
Total physical RAM: 6142.49 MB
Available physical RAM: 3884.98 MB
Total Pagefile: 12283.16 MB
Available Pagefile: 9728.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:488.18 GB) (Free:451.95 GB) NTFS
Drive d: (BACKUP) (Fixed) (Total:443.23 GB) (Free:191.12 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 8EC78538)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=443 GB) - (Type=07 NTFS)
==================== End Of Log ============================
threeputt
2014-02-03, 04:21
no threats found with TDSSKiller
no threats found with TDSSKiller
Good deal
Everything that I've read over is coming back clean. What I can do is attempt to repair corrupt system files that might be interfering.
There is a search indexing option in Ccleaner which may be interfering with the Windows, Under the Applications tab, Windows, there is a box "MS Search." un-check
it
Once you uncheck it, apply the settings and restart your system. Sorry if the instructions are a bit vague, it's been a while since I did anything with Ccleaner
Rebuild your search index:
http://www.sevenforums.com/tutorials/17880-index-rebuild.html
~~~~~~~~~~~~~~~~~~~~~~~~~
Download Windows Repair (all in one) from this site (http://www.tweaking.com/content/page/windows_repair_all_in_one.html)
Install the programme then run
Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:
Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:
Once that is done then go to Step Start Repairs
https://dl.dropbox.com/u/73555776/waio%20start.JPG
https://dl.dropbox.com/u/73555776/waio%20step3.JPG
Select Restore Important Windows Services.
https://dl.dropbox.com/u/73555776/waio%20rep%20list.JPG
Let the program run, then get a fresh FSS scan again.
threeputt
2014-02-04, 01:37
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by Tom (administrator) on TOM-PC on 03-02-2014 17:32:28
Running from C:\Users\Tom\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [WRSVC] - C:\Program Files\Webroot\WRSA.exe [761464 2014-01-19] (Webroot)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer [432504 2013-04-22] ()
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer [513024 2013-04-22] ()
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer [352632 2013-04-22] ()
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer [1020792 2013-04-22] ()
HKU\S-1-5-21-2972477526-3186669649-2190957514-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-05-01] (Google Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF1A4C4F0C218CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
BHO-x32: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1058
Tcpip\Parameters: [DhcpNameServer] 24.177.176.38 71.92.29.130 24.217.201.67
FireFox:
========
FF ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\1qmzyu6f.default
FF Homepage: hxxp://yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-11-18]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-05-12]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2013-12-27]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-11-18]
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.72\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.72\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.72\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-02]
CHR Extension: (Google Drive) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-02]
CHR Extension: (YouTube) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-02]
CHR Extension: (Google Search) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-02]
CHR Extension: (Webroot Filtering Extension) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\dblebgkanaecgapcfefmedflbdhmblog [2014-01-13]
CHR Extension: (Google Wallet) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-13]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-05-18]
CHR Extension: (Webroot Password Manager) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2013-05-02]
CHR Extension: (Gmail) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-02]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.26.crx [2014-02-01]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2013-04-03]
==================== Services (Whitelisted) =================
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [761464 2014-01-19] (Webroot)
==================== Drivers (Whitelisted) ====================
R3 Envy24HFS; C:\Windows\System32\drivers\Envy24HF.sys [150016 2007-03-15] (VIA - IC Ensemble, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-04-07] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-04-07] (Acronis)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-04-07] (Acronis International GmbH)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [115232 2014-01-15] (Webroot)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-03 17:28 - 2014-02-03 17:28 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-02-03 17:25 - 2014-02-03 17:25 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-TOM-PC-Microsoft-Windows-7-Professional-(64-bit).dat
2014-02-03 17:25 - 2014-02-03 17:25 - 00000000 ____D () C:\RegBackup
2014-02-03 15:58 - 2014-02-03 15:58 - 00006560 ____N () C:\bootsqm.dat
2014-02-03 15:53 - 2014-02-03 15:53 - 00002163 _____ () C:\Users\Tom\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-02-03 15:53 - 2014-02-03 15:53 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-02-03 15:52 - 2014-02-03 15:52 - 05072432 _____ () C:\Users\Tom\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-02-03 15:47 - 2014-02-03 17:29 - 00000336 _____ () C:\Windows\setupact.log
2014-02-03 15:47 - 2014-02-03 15:47 - 00000546 _____ () C:\Windows\PFRO.log
2014-02-03 15:47 - 2014-02-03 15:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-03 15:35 - 2014-02-03 15:35 - 00018976 _____ () C:\ComboFix.txt
2014-02-02 22:28 - 2014-02-03 17:29 - 00043017 _____ () C:\Windows\WindowsUpdate.log
2014-02-02 20:03 - 2014-02-02 20:03 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Tom\Desktop\tdsskiller.exe
2014-02-02 19:57 - 2014-02-02 19:58 - 00017767 _____ () C:\Users\Tom\Desktop\Addition.txt
2014-02-02 19:56 - 2014-02-03 17:32 - 00012913 _____ () C:\Users\Tom\Desktop\FRST.txt
2014-02-02 19:56 - 2014-02-03 17:32 - 00000000 ____D () C:\FRST
2014-02-02 19:55 - 2014-02-02 19:56 - 02080256 _____ (Farbar) C:\Users\Tom\Desktop\FRST64.exe
2014-02-02 12:47 - 2014-02-02 12:48 - 00000000 ____D () C:\Users\Tom\Desktop\RK_Quarantine
2014-02-01 23:10 - 2014-02-01 23:10 - 00000000 ____D () C:\Users\Tom\Desktop\6-18-2012
2014-02-01 21:40 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-01 21:40 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-01 21:40 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-01 21:40 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-01 21:40 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-01 21:40 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-01 21:40 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-01 21:40 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-01 21:39 - 2014-02-03 15:35 - 00000000 ____D () C:\Qoobox
2014-02-01 21:39 - 2014-02-03 15:25 - 05179684 ____R (Swearware) C:\Users\Tom\Desktop\ComboFix.exe
2014-01-26 09:21 - 2014-01-26 09:22 - 00000000 ____D () C:\Users\Tom\Desktop\Grant's boat
2014-01-25 23:33 - 2014-01-25 23:33 - 00987425 _____ () C:\Users\Tom\Desktop\SecurityCheck.exe
2014-01-25 22:36 - 2014-01-25 22:36 - 00000631 _____ () C:\Users\Tom\Desktop\JRT.txt
2014-01-25 22:17 - 2014-01-25 22:17 - 01236282 _____ () C:\Users\Tom\Desktop\adwcleaner.exe
2014-01-25 22:17 - 2014-01-25 22:17 - 01037068 _____ (Thisisu) C:\Users\Tom\Desktop\JRT.exe
2014-01-25 20:58 - 2014-01-25 20:58 - 00165376 _____ () C:\Users\Tom\Desktop\SystemLook_x64.exe
2014-01-25 19:44 - 2014-01-25 19:54 - 00000000 ____D () C:\Users\Tom\Desktop\mbar
2014-01-25 19:39 - 2014-01-25 19:39 - 04380160 _____ () C:\Users\Tom\Desktop\RogueKillerX64.exe
2014-01-25 19:01 - 2014-01-25 19:01 - 00005425 _____ () C:\Users\Tom\Desktop\attach.txt
2014-01-25 19:00 - 2014-02-02 09:19 - 00000000 ____D () C:\Users\Tom\Desktop\virus
2014-01-25 15:22 - 2014-01-25 15:22 - 00029754 _____ () C:\Users\Tom\Desktop\damper.bmp
2014-01-24 07:57 - 2014-01-24 07:58 - 00602112 _____ (OldTimer Tools) C:\Users\Tom\Downloads\OTL.exe
2014-01-23 22:48 - 2014-01-23 22:48 - 05175240 ____R (Swearware) C:\Users\Tom\Downloads\ComboFix.exe
2014-01-23 22:33 - 2014-01-25 19:54 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-23 22:32 - 2014-01-25 19:44 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-23 22:32 - 2014-01-23 22:32 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Tom\Downloads\mbar-1.07.0.1009.exe
2014-01-23 22:28 - 2014-01-23 22:28 - 04406784 _____ () C:\Users\Tom\Downloads\RogueKillerX64.exe
2014-01-21 08:59 - 2014-01-21 23:15 - 00000000 ____D () C:\Users\Tom\Desktop\FUEL Sender Ford Taurus
2014-01-20 21:43 - 2014-01-20 21:43 - 00000000 ____D () C:\Users\Tom\AppData\Local\Macromedia
2014-01-20 21:10 - 2014-01-20 21:10 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-20 21:10 - 2014-01-20 21:10 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Mozilla
2014-01-20 21:10 - 2014-01-20 21:10 - 00000000 ____D () C:\Users\Tom\AppData\Local\Mozilla
2014-01-20 21:10 - 2014-01-20 21:10 - 00000000 ____D () C:\ProgramData\Mozilla
2014-01-20 21:10 - 2014-01-20 21:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-20 21:10 - 2014-01-20 21:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-01-20 14:48 - 2014-01-20 14:48 - 00000000 ____D () C:\Users\Public\Documents\Verizon_Android
2014-01-20 14:48 - 2014-01-20 14:48 - 00000000 ____D () C:\ProgramData\Samsung
2014-01-20 14:48 - 2014-01-20 14:48 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-01-19 09:49 - 2014-01-19 09:49 - 00000000 ____D () C:\Windows\ERUNT
2014-01-19 09:47 - 2014-01-25 22:20 - 00000000 ____D () C:\AdwCleaner
2014-01-17 14:42 - 2014-01-17 14:42 - 00000253 _____ () C:\Users\Tom\Desktop\Kissimmee 2014, #WhereTheCarsAre Consignment List Mecum Auctions.url
2014-01-15 16:23 - 2013-11-26 19:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 16:23 - 2013-11-26 19:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 16:23 - 2013-11-26 19:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 16:23 - 2013-11-26 19:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 16:23 - 2013-11-26 19:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 16:23 - 2013-11-26 19:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 16:23 - 2013-11-26 19:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 16:23 - 2013-11-26 05:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 16:23 - 2013-11-26 04:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 21:06 - 2014-01-19 13:24 - 00000000 ____D () C:\Users\Tom\Documents\My Kindle Content
2014-01-14 21:06 - 2014-01-14 21:06 - 00002219 _____ () C:\Users\Tom\Desktop\Kindle.lnk
2014-01-14 21:06 - 2014-01-14 21:06 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-01-14 21:06 - 2014-01-14 21:06 - 00000000 ____D () C:\Users\Tom\AppData\Local\Amazon
2014-01-13 16:15 - 2014-01-13 16:15 - 02434048 _____ () C:\Users\Tom\Downloads\msxml.msi
2014-01-13 16:14 - 2014-01-13 16:14 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-01-13 16:13 - 2014-01-20 17:09 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\HpUpdate
2014-01-13 16:13 - 2014-01-13 16:13 - 03607616 _____ (Igor Pavlov) C:\Users\Tom\Downloads\GmdClientSetup.exe
2014-01-13 16:12 - 2014-01-13 16:12 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-01-13 16:11 - 2014-01-13 16:12 - 03111104 _____ (Hewlett-Packard ) C:\Users\Tom\Downloads\hpusetup.exe
2014-01-13 16:04 - 2012-08-23 08:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-01-13 16:04 - 2012-08-23 08:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-01-13 16:04 - 2012-08-23 08:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-01-13 16:04 - 2012-08-23 08:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-01-13 16:04 - 2012-08-23 07:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-01-13 16:04 - 2012-08-23 07:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-01-13 16:04 - 2012-08-23 07:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-01-13 16:04 - 2012-08-23 07:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-01-13 16:04 - 2012-08-23 07:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-01-13 16:04 - 2012-08-23 07:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-01-13 16:04 - 2012-08-23 07:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-01-13 16:04 - 2012-08-23 07:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-01-13 16:04 - 2012-08-23 07:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-01-13 16:04 - 2012-08-23 06:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-01-13 16:04 - 2012-08-23 05:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-01-13 16:04 - 2012-08-23 05:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-01-13 16:04 - 2012-08-23 05:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-01-13 16:04 - 2012-08-23 05:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-01-13 16:04 - 2012-08-23 04:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-01-13 16:04 - 2012-08-23 04:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-01-13 16:04 - 2012-08-23 04:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-01-13 16:04 - 2012-08-23 04:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-01-13 16:04 - 2012-08-23 03:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-01-13 16:04 - 2012-08-23 02:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-01-13 16:04 - 2012-08-23 02:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-01-13 16:03 - 2012-05-04 05:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-01-13 16:03 - 2012-05-04 03:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-01-13 16:00 - 2014-01-13 16:00 - 00000000 ____D () C:\Users\Tom\AppData\Local\Secunia PSI
2014-01-13 16:00 - 2014-01-13 16:00 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-01-09 07:55 - 2013-11-26 05:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-09 07:55 - 2013-11-26 04:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-09 07:55 - 2013-11-26 04:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-01-09 07:55 - 2013-11-26 04:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-01-09 07:55 - 2013-11-26 03:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-09 07:55 - 2013-11-26 03:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-01-09 07:55 - 2013-11-26 03:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-09 07:55 - 2013-11-26 03:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-09 07:55 - 2013-11-26 03:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-09 07:55 - 2013-11-26 03:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-01-09 07:55 - 2013-11-26 03:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-09 07:55 - 2013-11-26 03:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-09 07:55 - 2013-11-26 03:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-01-09 07:55 - 2013-11-26 03:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-01-09 07:55 - 2013-11-26 02:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-09 07:55 - 2013-11-26 02:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-01-09 07:55 - 2013-11-26 02:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-01-09 07:55 - 2013-11-26 02:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-09 07:55 - 2013-11-26 02:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-09 07:55 - 2013-11-26 02:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-01-09 07:55 - 2013-11-26 02:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-01-09 07:55 - 2013-11-26 02:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-09 07:55 - 2013-11-26 01:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-09 07:55 - 2013-11-26 01:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-01-09 07:55 - 2013-11-26 01:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-01-09 07:55 - 2013-11-26 01:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-09 07:55 - 2013-11-26 00:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-09 07:55 - 2013-11-26 00:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-09 07:55 - 2013-11-26 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-09 07:55 - 2013-11-26 00:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-01-09 07:55 - 2013-11-26 00:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-01-08 23:18 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-01-08 23:16 - 2014-01-08 23:16 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-01-08 23:16 - 2014-01-08 23:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-01-08 23:16 - 2014-01-08 23:16 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-01-08 23:16 - 2014-01-08 23:16 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-01-08 23:16 - 2014-01-08 23:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-01-08 23:16 - 2014-01-08 23:16 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-01-08 23:16 - 2014-01-08 23:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-01-04 20:29 - 2014-01-04 20:29 - 00000000 ____D () C:\Program Files (x86)\Cisco Systems
2014-01-04 20:27 - 2014-01-04 20:27 - 00000000 ____D () C:\ProgramData\Cisco Systems
==================== One Month Modified Files and Folders =======
2014-02-03 17:32 - 2014-02-02 19:56 - 00012913 _____ () C:\Users\Tom\Desktop\FRST.txt
2014-02-03 17:32 - 2014-02-02 19:56 - 00000000 ____D () C:\FRST
2014-02-03 17:29 - 2014-02-03 15:47 - 00000336 _____ () C:\Windows\setupact.log
2014-02-03 17:29 - 2014-02-02 22:28 - 00043017 _____ () C:\Windows\WindowsUpdate.log
2014-02-03 17:29 - 2013-05-01 06:18 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-03 17:29 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-03 17:28 - 2014-02-03 17:28 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-02-03 17:27 - 2009-07-13 22:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-03 17:27 - 2009-07-13 22:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-03 17:26 - 2013-04-03 19:13 - 00000000 ____D () C:\ProgramData\WRData
2014-02-03 17:25 - 2014-02-03 17:25 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-TOM-PC-Microsoft-Windows-7-Professional-(64-bit).dat
2014-02-03 17:25 - 2014-02-03 17:25 - 00000000 ____D () C:\RegBackup
2014-02-03 17:24 - 2013-05-01 06:18 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-03 17:24 - 2009-07-13 23:13 - 00786250 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-03 15:58 - 2014-02-03 15:58 - 00006560 ____N () C:\bootsqm.dat
2014-02-03 15:53 - 2014-02-03 15:53 - 00002163 _____ () C:\Users\Tom\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-02-03 15:53 - 2014-02-03 15:53 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-02-03 15:52 - 2014-02-03 15:52 - 05072432 _____ () C:\Users\Tom\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-02-03 15:47 - 2014-02-03 15:47 - 00000546 _____ () C:\Windows\PFRO.log
2014-02-03 15:47 - 2014-02-03 15:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-03 15:44 - 2012-11-18 16:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-03 15:35 - 2014-02-03 15:35 - 00018976 _____ () C:\ComboFix.txt
2014-02-03 15:35 - 2014-02-01 21:39 - 00000000 ____D () C:\Qoobox
2014-02-03 15:33 - 2009-07-13 20:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-03 15:25 - 2014-02-01 21:39 - 05179684 ____R (Swearware) C:\Users\Tom\Desktop\ComboFix.exe
2014-02-03 08:21 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-02 20:03 - 2014-02-02 20:03 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Tom\Desktop\tdsskiller.exe
2014-02-02 19:58 - 2014-02-02 19:57 - 00017767 _____ () C:\Users\Tom\Desktop\Addition.txt
2014-02-02 19:56 - 2014-02-02 19:55 - 02080256 _____ (Farbar) C:\Users\Tom\Desktop\FRST64.exe
2014-02-02 12:48 - 2014-02-02 12:47 - 00000000 ____D () C:\Users\Tom\Desktop\RK_Quarantine
2014-02-02 09:19 - 2014-01-25 19:00 - 00000000 ____D () C:\Users\Tom\Desktop\virus
2014-02-02 09:01 - 2013-04-29 19:57 - 00000000 ____D () C:\Windows\erdnt
2014-02-02 09:01 - 2009-07-13 23:08 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-01 23:10 - 2014-02-01 23:10 - 00000000 ____D () C:\Users\Tom\Desktop\6-18-2012
2014-02-01 22:28 - 2013-05-02 20:34 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-26 09:22 - 2014-01-26 09:21 - 00000000 ____D () C:\Users\Tom\Desktop\Grant's boat
2014-01-26 08:11 - 2013-03-24 17:02 - 00000000 ____D () C:\Users\Tom\AppData\Local\Adobe
2014-01-26 08:11 - 2012-11-18 16:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-26 08:11 - 2012-11-18 16:58 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-26 08:11 - 2012-11-18 16:58 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-25 23:33 - 2014-01-25 23:33 - 00987425 _____ () C:\Users\Tom\Desktop\SecurityCheck.exe
2014-01-25 22:36 - 2014-01-25 22:36 - 00000631 _____ () C:\Users\Tom\Desktop\JRT.txt
2014-01-25 22:20 - 2014-01-19 09:47 - 00000000 ____D () C:\AdwCleaner
2014-01-25 22:17 - 2014-01-25 22:17 - 01236282 _____ () C:\Users\Tom\Desktop\adwcleaner.exe
2014-01-25 22:17 - 2014-01-25 22:17 - 01037068 _____ (Thisisu) C:\Users\Tom\Desktop\JRT.exe
2014-01-25 21:37 - 2013-03-26 16:23 - 00000866 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-01-25 20:58 - 2014-01-25 20:58 - 00165376 _____ () C:\Users\Tom\Desktop\SystemLook_x64.exe
2014-01-25 19:54 - 2014-01-25 19:44 - 00000000 ____D () C:\Users\Tom\Desktop\mbar
2014-01-25 19:54 - 2014-01-23 22:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-25 19:44 - 2014-01-23 22:32 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-25 19:39 - 2014-01-25 19:39 - 04380160 _____ () C:\Users\Tom\Desktop\RogueKillerX64.exe
2014-01-25 19:01 - 2014-01-25 19:01 - 00005425 _____ () C:\Users\Tom\Desktop\attach.txt
2014-01-25 15:22 - 2014-01-25 15:22 - 00029754 _____ () C:\Users\Tom\Desktop\damper.bmp
2014-01-24 07:58 - 2014-01-24 07:57 - 00602112 _____ (OldTimer Tools) C:\Users\Tom\Downloads\OTL.exe
2014-01-23 22:48 - 2014-01-23 22:48 - 05175240 ____R (Swearware) C:\Users\Tom\Downloads\ComboFix.exe
2014-01-23 22:32 - 2014-01-23 22:32 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Tom\Downloads\mbar-1.07.0.1009.exe
2014-01-23 22:28 - 2014-01-23 22:28 - 04406784 _____ () C:\Users\Tom\Downloads\RogueKillerX64.exe
2014-01-21 23:15 - 2014-01-21 08:59 - 00000000 ____D () C:\Users\Tom\Desktop\FUEL Sender Ford Taurus
2014-01-20 21:43 - 2014-01-20 21:43 - 00000000 ____D () C:\Users\Tom\AppData\Local\Macromedia
2014-01-20 21:10 - 2014-01-20 21:10 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-20 21:10 - 2014-01-20 21:10 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Mozilla
2014-01-20 21:10 - 2014-01-20 21:10 - 00000000 ____D () C:\Users\Tom\AppData\Local\Mozilla
2014-01-20 21:10 - 2014-01-20 21:10 - 00000000 ____D () C:\ProgramData\Mozilla
2014-01-20 21:10 - 2014-01-20 21:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-20 21:10 - 2014-01-20 21:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-01-20 17:09 - 2014-01-13 16:13 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\HpUpdate
2014-01-20 14:48 - 2014-01-20 14:48 - 00000000 ____D () C:\Users\Public\Documents\Verizon_Android
2014-01-20 14:48 - 2014-01-20 14:48 - 00000000 ____D () C:\ProgramData\Samsung
2014-01-20 14:48 - 2014-01-20 14:48 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-01-19 13:24 - 2014-01-14 21:06 - 00000000 ____D () C:\Users\Tom\Documents\My Kindle Content
2014-01-19 09:49 - 2014-01-19 09:49 - 00000000 ____D () C:\Windows\ERUNT
2014-01-17 17:29 - 2013-03-26 16:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-01-17 14:42 - 2014-01-17 14:42 - 00000253 _____ () C:\Users\Tom\Desktop\Kissimmee 2014, #WhereTheCarsAre Consignment List Mecum Auctions.url
2014-01-15 23:24 - 2013-04-03 19:13 - 00154824 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2014-01-15 23:24 - 2013-04-03 19:13 - 00115232 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2014-01-15 23:24 - 2013-04-03 19:13 - 00104872 _____ (Webroot) C:\Windows\system32\WRusr.dll
2014-01-15 18:21 - 2009-07-13 22:45 - 00469632 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 16:26 - 2013-12-29 06:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 16:24 - 2012-11-18 16:34 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 21:06 - 2014-01-14 21:06 - 00002219 _____ () C:\Users\Tom\Desktop\Kindle.lnk
2014-01-14 21:06 - 2014-01-14 21:06 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-01-14 21:06 - 2014-01-14 21:06 - 00000000 ____D () C:\Users\Tom\AppData\Local\Amazon
2014-01-13 17:19 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-01-13 16:16 - 2013-03-24 16:39 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-01-13 16:15 - 2014-01-13 16:15 - 02434048 _____ () C:\Users\Tom\Downloads\msxml.msi
2014-01-13 16:14 - 2014-01-13 16:14 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-01-13 16:13 - 2014-01-13 16:13 - 03607616 _____ (Igor Pavlov) C:\Users\Tom\Downloads\GmdClientSetup.exe
2014-01-13 16:13 - 2012-11-18 18:35 - 00000000 ____D () C:\Program Files (x86)\HP
2014-01-13 16:12 - 2014-01-13 16:12 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-01-13 16:12 - 2014-01-13 16:11 - 03111104 _____ (Hewlett-Packard ) C:\Users\Tom\Downloads\hpusetup.exe
2014-01-13 16:06 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-01-13 16:00 - 2014-01-13 16:00 - 00000000 ____D () C:\Users\Tom\AppData\Local\Secunia PSI
2014-01-13 16:00 - 2014-01-13 16:00 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-01-09 11:46 - 2012-11-18 18:00 - 00000000 ____D () C:\Windows\Panther
2014-01-08 23:31 - 2012-11-18 16:11 - 00001417 _____ () C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-08 23:21 - 2013-03-29 22:04 - 00774360 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-08 23:16 - 2014-01-08 23:16 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-01-08 23:16 - 2014-01-08 23:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-01-08 23:16 - 2014-01-08 23:16 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-01-08 23:16 - 2014-01-08 23:16 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-01-08 23:16 - 2014-01-08 23:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-01-08 23:16 - 2014-01-08 23:16 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-01-08 23:16 - 2014-01-08 23:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-01-08 23:16 - 2014-01-08 23:16 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-08 23:16 - 2014-01-08 23:16 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-01-08 09:58 - 2013-03-31 18:58 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-01-06 19:29 - 2012-11-18 19:01 - 00000000 ____D () C:\Users\Tom\AppData\Local\Google
2014-01-04 20:29 - 2014-01-04 20:29 - 00000000 ____D () C:\Program Files (x86)\Cisco Systems
2014-01-04 20:27 - 2014-01-04 20:27 - 00000000 ____D () C:\ProgramData\Cisco Systems
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-02 00:35
==================== End Of Log ============================
threeputt
2014-02-04, 01:48
Here is one thing that troubles me. When I run the tool you said to download and run see if check disk is needed I get errors found. I click number 2 check disk and it goes through its thing and I see no problems. I then do the same thing again and it finds errors again. I have a Seagate boot disk. I run the quick test and it shows good. The long test started but I see its going to take a few hours so I will probably run it tonight when I go to bed. As far as I know there is nothing wrong with the hard drive. I uploaded a picture of what the error shows. I also hope I did all the steps you said to run and posted a new log in last post. Tom
Let it do it's thing, probably turn out to be much of nothing :alien:
Logs are coming back clean.
You say, every time you run ComboFix you see that one specific file being removed and replaced? Why are you running it?
Are you seeing errors?, antivirus alerts?
threeputt
2014-02-04, 05:19
The combofix usually shows a different file each time I run it . I just thought that was strange and if I did have something hiding I wanted to find out what. I do understand malware experts do not like people running this program but in my case I have an image ready to restore windows in a few minutes so I hope you understand. I just cannot stand for problems like this to show up. I will give you an example
Infected copy of c:\windows\system32\samsrv.dll was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-directory-services
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache64\services.exe
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache86\userinit.exe
There have been more but I did not save them all. Nothing showed today and I tried it twice. I thought maybe my hard drive could be going south but I checked it with a Seagate boot disk and it showed good. Like I mentioned I have not run the long test and may let it run tonight. I know I checked it a few months ago and all was fine.
I have been working with computers for over 15 years and I can fix most things. I just never got into the malware part of it, always wanted to but never seemed to have the time.
I guess I am just curious why this would happen on a computer that is clean ? I have also run the windows repair tool you posted on other computers before . I know its not perfect but I cannot ever remember it showing me the error I got today when I run it on this PC? the one that tells me to check disk. It still shows errors on drive each time I run it. I then click number 2 and the computer reboots and it shows no file system errors ? which I thought was strange also.
Because I do work on computers as a hobby I am always trying to learn and this one has got me puzzled especially because its mine. I have other hard drives with different versions of windows loaded so I can just connect the SATA cable and I am never without a computer unless the motherboard goes and I got that covered also. I got many extra computers laying around. Again its no big deal if I do trash this system. I have two 1 terabyte Seagate's I use for backup , also backup in the cloud so I should never lose anything I really need.
I really appreciate you helping on this. Maybe we can solve the puzzle. I also have a few hard drives with different versions of Linux loaded just to try and learn. It is different but so is windows 8.1. Tom
Tom
threeputt
2014-02-04, 05:24
I forgot to mention that the reason I run combo to start with is my computer started acting strange and slowed down. I run everything else I could think of and said what the heck I will just run combofix to see if it made any difference. It did speed my system up so that's how I got to where I am now.
You know, working on computers at times can be quite complicated. I known there have been times I have got so frustrated in trying to find answers ......
Wish we had a button we could push and "there it is"
Since you have a good complete back up we can try more.
Please download RKill by Grinler from the link below and save it to your desktop.
Rkill (http://www.bleepingcomputer.com/download/rkill/)
Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page (http://www.bleepingcomputer.com/forums/index.php?showtopic=114351&view=findpost&p=649847) if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next reply.
A log pops up at the end of the run. This log file is located at C:\rkill.log.
Please post the log in your next reply.
STEP 2
Please download RogueKiller.exe (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) and save to the desktop.
Close all windows and browsers
Right-click the program and select 'Run as Administrator'
Press the scan button.
A report opens on the desktop named - RKreport.txt
STEP 3
Please download Malwarebytes Anti-Rootkit (http://www.malwarebytes.org/products/mbar/) and save it to your desktop.
Be sure to print out and follow these instructions (http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-rootkit/) for performing a scan.
Caution: This is a beta version so also read the disclaimer and back up (http://support.microsoft.com/kb/971759) all your data before using.
When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
Copy and paste the contents of these two log files in your next reply.
Note: Further documentation on this tool can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit (mbar) folder.
I'm sure you will need to make multiple replies. Let's see if all this can find something.
threeputt
2014-02-05, 03:07
Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 02/04/2014 07:05:01 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 02/04/2014 07:05:26 PM
Execution time: 0 hours(s), 0 minute(s), and 24 seconds(s)
threeputt
2014-02-05, 03:11
RogueKiller V8.8.5 [Feb 3 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : hxxp://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Tom [Admin rights]
Mode : Scan -- Date : 02/04/2014 19:09:59
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST31000528AS ATA Device +++++
--- User ---
[MBR] 35e2d6e3dbfb6253fa0f1da347851f87
[BSP] 8172bfdcb85223655f5d95cef3aaf7f5 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 499900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1024002048 | Size: 453866 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_S_02042014_190959.txt >>
threeputt
2014-02-05, 03:14
I forgot to hit delete so here is the newer log
RogueKiller V8.8.5 [Feb 3 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : hxxp://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Tom [Admin rights]
Mode : Remove -- Date : 02/04/2014 19:13:17
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST31000528AS ATA Device +++++
--- User ---
[MBR] 35e2d6e3dbfb6253fa0f1da347851f87
[BSP] 8172bfdcb85223655f5d95cef3aaf7f5 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 499900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1024002048 | Size: 453866 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_D_02042014_191317.txt >>
RKreport[0]_S_02042014_190959.txt
threeputt
2014-02-05, 03:26
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2014.02.04.13
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Tom :: TOM-PC [administrator]
2/4/2014 7:15:07 PM
mbar-log-2014-02-04 (19-15-07).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 233885
Time elapsed: 8 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.16476
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.809000 GHz
Memory total: 6440869888, free: 4627406848
Downloaded database version: v2014.01.26.01
Downloaded database version: v2013.12.18.01
Initializing...
======================
------------ Kernel report ------------
01/25/2014 19:45:03
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\vidsflt.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\drivers\WRkrn.sys
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\NDIS.SYS
\SystemRoot\System32\drivers\TDI.SYS
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\vididr.sys
\SystemRoot\system32\DRIVERS\tib_mounter.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\tib.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\fltsrv.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\yk62x64.sys
\SystemRoot\system32\drivers\Envy24HF.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\dot4usb.sys
\SystemRoot\system32\DRIVERS\Dot4.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\Dot4Prt.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\dc3d.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\point64.sys
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\afcdp.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\kernel32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\urlmon.dll
\Windows\System32\advapi32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\lpk.dll
\Windows\System32\comdlg32.dll
\Windows\System32\iertutil.dll
\Windows\System32\normaliz.dll
\Windows\System32\clbcatq.dll
\Windows\System32\difxapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\usp10.dll
\Windows\System32\imagehlp.dll
\Windows\System32\msctf.dll
\Windows\System32\ws2_32.dll
\Windows\System32\ole32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\sechost.dll
\Windows\System32\shlwapi.dll
\Windows\System32\user32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\nsi.dll
\Windows\System32\wininet.dll
\Windows\System32\psapi.dll
\Windows\System32\imm32.dll
\Windows\System32\setupapi.dll
\Windows\System32\shell32.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007264060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000075\
Lower Device Object: 0xfffffa8007276b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8005e5f060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-5\
Lower Device Object: 0xfffffa8005cd9680
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8005e5f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005e5fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005e5f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005e5d2d0, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8005cd8520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8005cd9680, DeviceName: \Device\Ide\IdeDeviceP3T0L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8EC78538
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 1023795200
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1024002048 Numsec = 929517568
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000203804160 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953503055-1953523055)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8007264060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007264b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007264060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007276900, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8007276b60, DeviceName: \Device\00000075\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.16476
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.809000 GHz
Memory total: 6440869888, free: 4722556928
Downloaded database version: v2014.02.04.13
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
02/04/2014 19:15:01
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\vidsflt.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\drivers\WRkrn.sys
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\NDIS.SYS
\SystemRoot\System32\drivers\TDI.SYS
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\vididr.sys
\SystemRoot\system32\DRIVERS\tib_mounter.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\tib.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\fltsrv.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\yk62x64.sys
\SystemRoot\system32\drivers\Envy24HF.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\afcdp.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\shlwapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\iertutil.dll
\Windows\System32\user32.dll
\Windows\System32\advapi32.dll
\Windows\System32\nsi.dll
\Windows\System32\kernel32.dll
\Windows\System32\ole32.dll
\Windows\System32\lpk.dll
\Windows\System32\comdlg32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\imagehlp.dll
\Windows\System32\usp10.dll
\Windows\System32\msvcrt.dll
\Windows\System32\psapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\msctf.dll
\Windows\System32\imm32.dll
\Windows\System32\gdi32.dll
\Windows\System32\wininet.dll
\Windows\System32\normaliz.dll
\Windows\System32\sechost.dll
\Windows\System32\shell32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\urlmon.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8005e5f060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-5\
Lower Device Object: 0xfffffa8005ce2060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8005e5f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005e5e6a0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005e5f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005e5d380, DeviceName: Unknown, DriverName: \Driver\vidsflt\
DevicePointer: 0xfffffa8005ce0580, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8005ce2060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8EC78538
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 1023795200
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1024002048 Numsec = 929517568
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000203804160 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953503055-1953523055)...
Done!
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
Let's experiment.
Delete your version of ComboFix,, we'll get a fresh copy.
How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Download ComboFix from here:
Link 1 (http://www.bleepingcomputer.com/download/combofix/)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
Place ComboFix.exe on your Desktop <--Important
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
Double click on ComboFix.exe & follow the prompts.
You may be asked to install or update the Recovery Console (http://en.wikipedia.org/wiki/Recovery_Console) (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer
---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.
Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
---------------------------------------------------------------------------------------------
If there are Internet issues after running ComboFix:
Internet Explorer:
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
Firefox:
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
Safari
Launch Safari
Go to general settings menu
Then in Preferences/ Advanced
Then on line click Proxies change settings ...
Click Internet Options, then click the Connections tab, click Network Settings.
Disable option (uncheck) for the use of proxy server ...
If it should ask to back up a new version of Erunt, please allow it.
It's late here so it will be morning till I can see your reply.
threeputt
2014-02-05, 05:01
ComboFix 14-02-03.01 - Tom 02/04/2014 20:35:48.11.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6142.4456 [GMT -6:00]
Running from: c:\users\Tom\Desktop\ComboFix.exe
AV: Webroot SecureAnywhere *Disabled/Updated* {66A6FE14-08CB-F415-3742-517201416109}
SP: Webroot SecureAnywhere *Disabled/Updated* {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-01-05 to 2014-02-05 )))))))))))))))))))))))))))))))
.
.
2014-02-05 02:42 . 2014-02-05 02:42 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-02-05 02:42 . 2014-02-05 02:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-05 01:15 . 2014-02-05 01:15 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-02-04 15:23 . 2013-12-16 07:54 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{65066F2E-F40E-4ED0-8F0D-DA8F73211661}\mpengine.dll
2014-02-03 23:28 . 2014-02-03 23:28 181064 ----a-w- c:\windows\PSEXESVC.EXE
2014-02-03 23:25 . 2014-02-03 23:25 -------- d-----w- C:\RegBackup
2014-02-03 21:53 . 2014-02-03 21:53 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-02-03 01:56 . 2014-02-03 23:33 -------- d-----w- C:\FRST
2014-01-24 04:33 . 2014-02-05 01:24 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-24 04:32 . 2014-02-05 01:14 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-21 03:43 . 2014-01-21 03:43 -------- d-----w- c:\users\Tom\AppData\Local\Macromedia
2014-01-21 03:10 . 2014-01-21 03:10 -------- d-----w- c:\users\Tom\AppData\Local\Mozilla
2014-01-21 03:10 . 2014-01-21 03:10 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-01-20 20:48 . 2014-01-20 20:48 -------- d-----w- c:\program files\SAMSUNG
2014-01-20 20:48 . 2014-01-20 20:48 -------- d-----w- c:\programdata\Samsung
2014-01-19 15:49 . 2014-01-19 15:49 -------- d-----w- c:\windows\ERUNT
2014-01-19 15:47 . 2014-01-26 04:20 -------- d-----w- C:\AdwCleaner
2014-01-15 22:23 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 22:23 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 22:23 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 22:23 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 22:23 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 22:23 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 22:23 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 22:23 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 22:23 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-15 03:06 . 2014-01-15 03:06 -------- d-----w- c:\users\Tom\AppData\Local\Amazon
2014-01-13 22:14 . 2014-01-13 22:14 -------- d-----w- c:\program files (x86)\Hewlett-Packard
2014-01-13 22:13 . 2014-01-20 23:09 -------- d-----w- c:\users\Tom\AppData\Roaming\HpUpdate
2014-01-13 22:12 . 2014-01-13 22:12 -------- d-----w- c:\windows\Hewlett-Packard
2014-01-13 22:03 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2014-01-13 22:03 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-01-13 22:00 . 2014-01-13 22:00 -------- d-----w- c:\users\Tom\AppData\Local\Secunia PSI
2014-01-13 22:00 . 2014-01-13 22:00 -------- d-----w- c:\program files (x86)\Secunia
2014-01-09 05:20 . 2014-01-09 05:20 -------- d-----w- c:\windows\Migration
2014-01-09 05:18 . 2013-10-15 00:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-26 14:11 . 2012-11-18 22:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-26 14:11 . 2012-11-18 22:58 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-16 05:24 . 2013-04-04 01:13 154824 ----a-w- c:\windows\SysWow64\WRusr.dll
2014-01-16 05:24 . 2013-04-04 01:13 115232 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2014-01-16 05:24 . 2013-04-04 01:13 104872 ----a-w- c:\windows\system32\WRusr.dll
2014-01-15 22:24 . 2012-11-18 22:34 86054176 ----a-w- c:\windows\system32\MRT.exe
2013-12-28 02:22 . 2012-11-19 00:48 10395072 ----a-w- c:\program files (x86)\Common Files\wruninstall.exe
2013-12-18 12:13 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-11-23 18:26 . 2013-12-29 12:31 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-29 12:31 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-12 02:23 . 2013-12-29 12:31 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-29 12:31 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-05-01 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2014-01-19 761464]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Install Webroot FF RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -q -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext [2012-11-18 10395072]
Install Webroot IE RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -p -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext [2012-11-18 10395072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys;c:\windows\SYSNATIVE\drivers\WRkrn.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe;c:\program files\Webroot\WRSA.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 Envy24HFS;ICE Envy24 Family Audio Controller WDM 64 bit;c:\windows\system32\drivers\Envy24HF.sys;c:\windows\SYSNATIVE\drivers\Envy24HF.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 01:25 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-18 14:11]
.
2014-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-01 12:18]
.
2014-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-01 12:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2013-03-28 03:37 2818800 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2013-03-28 03:37 2818800 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2013-03-28 03:37 2818800 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncExcl]
@="{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}"
[HKEY_CLASSES_ROOT\CLSID\{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}]
2014-01-16 05:24 104872 ----a-w- c:\windows\System32\WRusr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncGreen]
@="{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}"
[HKEY_CLASSES_ROOT\CLSID\{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}]
2014-01-16 05:24 104872 ----a-w- c:\windows\System32\WRusr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncRed]
@="{1914B27A-33C8-46F8-A1C2-F993268D4564}"
[HKEY_CLASSES_ROOT\CLSID\{1914B27A-33C8-46F8-A1C2-F993268D4564}]
2014-01-16 05:24 104872 ----a-w- c:\windows\System32\WRusr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncYellow]
@="{C14874EA-ACE4-4A47-8A81-18C4D1C40868}"
[HKEY_CLASSES_ROOT\CLSID\{C14874EA-ACE4-4A47-8A81-18C4D1C40868}]
2014-01-16 05:24 104872 ----a-w- c:\windows\System32\WRusr.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\1qmzyu6f.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_38_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_38_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Completion time: 2014-02-04 20:57:37 - machine was rebooted
ComboFix-quarantined-files.txt 2014-02-05 02:57
ComboFix2.txt 2014-02-03 21:35
ComboFix3.txt 2014-02-02 03:52
.
Pre-Run: 484,104,400,896 bytes free
Post-Run: 484,136,583,168 bytes free
.
- - End Of File - - 68A390400FE636BC2CB08335B685E8A7
A36C5E4F47E84449FF07ED3517B43A31
How's the computer this morning?
threeputt
2014-02-05, 15:16
Its seems to running great. I assume nothing showed? I run a long test on the hard drive overnight and it is good. Did you see anything? Tom
Hi Tom
No, it came back clean and with no alerts.
Any other malware issues?
If not let me know and I can post preventive tips.
threeputt
2014-02-05, 16:23
No problems at all. I really appreciate your help on this. If anything shows up I will let you know. Tom
Glad to help :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif
It's necessary to remove the tools used, future scans will pick up on the files/folders not to mention quarantine folders.
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
Run FRST/FRST64 and press the Fix button just once and wait.
no need to post the log this time.
start
DeleteQuarantine:
end
************************
Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.
Go to Start > Run > copy and paste the full text path in the run box
ComboFix /Uninstall
Note the space between the x and the /U, it needs to be there.
***********************
Download and Run OTC
We will now remove the tools we used during this fix using OTC.
Download OTC (http://oldtimer.geekstogo.com/OTC.exe) by OldTimer and save it to your desktop.
Double click http://i517.photobucket.com/albums/u338/Eextremeboy/OTC_Icon.jpg icon to start the program. If you are using Vista, please right-click and choose run as administrator
Then Click the big http://i517.photobucket.com/albums/u338/Eextremeboy/CleanUp.jpg button.
You will get a prompt saying "Being Cleanup Process". Please select Yes.
Restart your computer when prompted.
**********************
any other tools remaining can simply be deleted.
Your good to go, good job!
Please take the time to read over a few of my preventive tips.
Computer Security
http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Be prepared for CryptoLocker:
Cryptolocker Ransomware: What You Need To Know (http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/#)
CryptoLocker Ransomware Information Guide and FAQ (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates (http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us) and download all the "Critical Updates" for Windows.
Firefox 3 (http://www.mozilla.com/en-US/firefox/)
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript (http://www.noscript.net) - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.
AdblockPlus
AdblockPlus, Surf the web without annoying ads!
Blocks banners, pop-ups and video ads - even on Facebook and YouTube
Protects your online privacy
Two-click installation, It's free!
click the icon that corresponds to your browser and download.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOT (http://www.mywot.com/) Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
Green should be good to go
Yellow for caution
Red to stop
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/
and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/ (null)))
Avoid P2P
P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.
Please read these short reports on the dangers of peer-2-peer programs and file sharing.
FBI Cyber Education Letter (http://www.fbi.gov/cyberinvest/cyberedletter.htm)
File sharing infects 500,000 computers (http://www.itpro.co.uk/195672/file-sharing-infects-500-000-computers)
USAToday (http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm)
infoworld (http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html)
*********************************************
Please read the following safe computing articles..
Secure My Computer: A Layered Approach (http://www.dslreports.com/faq/8463)
Free Antivirus-AntiSpyware-Firewall Software (http://www.geekstogo.com/forum/Free-Antivirus-Antispyware-Software-t38.html)
Keep a backup of your important files (http://www.geekstogo.com/2008/06/19/options-for-home-computer-data-backup-part-1/) - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
Extra note:
Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/
threeputt
2014-02-06, 04:33
I tried to uninstall combofix but I do not see the run menu in windows 7. Let me look again and I will post back. Tom
threeputt
2014-02-06, 04:57
I did this, in windows 7 I went to Search field and entered combofix /uninstall . I then run it and tried to update combofix. I thought being I was removing it to not update so I continued the program. It run combofix instead of removed it and would you believe I got another file problem. Internet 11 has been locking up with me this afternoon on several webpages. This is the log and you will see what I am referring to. I know something has to be causing this but not sure what??
ComboFix 14-02-03.01 - Tom 02/05/2014 20:37:41.13.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6142.4647 [GMT -6:00]
Running from: c:\users\Tom\Desktop\ComboFix.exe
AV: Webroot SecureAnywhere *Enabled/Updated* {66A6FE14-08CB-F415-3742-517201416109}
SP: Webroot SecureAnywhere *Enabled/Updated* {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache86\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-01-06 to 2014-02-06 )))))))))))))))))))))))))))))))
.
.
2014-02-06 02:43 . 2014-02-06 02:43 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-02-06 02:43 . 2014-02-06 02:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-05 01:15 . 2014-02-05 01:15 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-02-04 15:23 . 2013-12-16 07:54 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{65066F2E-F40E-4ED0-8F0D-DA8F73211661}\mpengine.dll
2014-02-03 23:28 . 2014-02-03 23:28 181064 ----a-w- c:\windows\PSEXESVC.EXE
2014-02-03 23:25 . 2014-02-03 23:25 -------- d-----w- C:\RegBackup
2014-02-03 21:53 . 2014-02-03 21:53 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-02-03 01:56 . 2014-02-03 23:33 -------- d-----w- C:\FRST
2014-01-24 04:33 . 2014-02-05 01:24 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-24 04:32 . 2014-02-05 01:14 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-21 03:43 . 2014-01-21 03:43 -------- d-----w- c:\users\Tom\AppData\Local\Macromedia
2014-01-21 03:10 . 2014-01-21 03:10 -------- d-----w- c:\users\Tom\AppData\Local\Mozilla
2014-01-21 03:10 . 2014-01-21 03:10 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-01-20 20:48 . 2014-01-20 20:48 -------- d-----w- c:\program files\SAMSUNG
2014-01-20 20:48 . 2014-01-20 20:48 -------- d-----w- c:\programdata\Samsung
2014-01-19 15:49 . 2014-01-19 15:49 -------- d-----w- c:\windows\ERUNT
2014-01-19 15:47 . 2014-01-26 04:20 -------- d-----w- C:\AdwCleaner
2014-01-15 22:23 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 22:23 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 22:23 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 22:23 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 22:23 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 22:23 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 22:23 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 22:23 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 22:23 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-15 03:06 . 2014-01-15 03:06 -------- d-----w- c:\users\Tom\AppData\Local\Amazon
2014-01-13 22:14 . 2014-01-13 22:14 -------- d-----w- c:\program files (x86)\Hewlett-Packard
2014-01-13 22:13 . 2014-01-20 23:09 -------- d-----w- c:\users\Tom\AppData\Roaming\HpUpdate
2014-01-13 22:12 . 2014-01-13 22:12 -------- d-----w- c:\windows\Hewlett-Packard
2014-01-13 22:03 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2014-01-13 22:03 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-01-13 22:00 . 2014-01-13 22:00 -------- d-----w- c:\users\Tom\AppData\Local\Secunia PSI
2014-01-13 22:00 . 2014-01-13 22:00 -------- d-----w- c:\program files (x86)\Secunia
2014-01-09 05:20 . 2014-01-09 05:20 -------- d-----w- c:\windows\Migration
2014-01-09 05:18 . 2013-10-15 00:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-05 07:44 . 2012-11-18 22:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 07:44 . 2012-11-18 22:58 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-16 05:24 . 2013-04-04 01:13 154824 ----a-w- c:\windows\SysWow64\WRusr.dll
2014-01-16 05:24 . 2013-04-04 01:13 115232 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2014-01-16 05:24 . 2013-04-04 01:13 104872 ----a-w- c:\windows\system32\WRusr.dll
2014-01-15 22:24 . 2012-11-18 22:34 86054176 ----a-w- c:\windows\system32\MRT.exe
2013-12-28 02:22 . 2012-11-19 00:48 10395072 ----a-w- c:\program files (x86)\Common Files\wruninstall.exe
2013-12-18 12:13 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-11-23 18:26 . 2013-12-29 12:31 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-29 12:31 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-12 02:23 . 2013-12-29 12:31 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-29 12:31 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-05-01 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2014-01-19 761464]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Install Webroot FF RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -q -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext [2012-11-18 10395072]
Install Webroot IE RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -p -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext [2012-11-18 10395072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys;c:\windows\SYSNATIVE\drivers\WRkrn.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe;c:\program files\Webroot\WRSA.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 Envy24HFS;ICE Envy24 Family Audio Controller WDM 64 bit;c:\windows\system32\drivers\Envy24HF.sys;c:\windows\SYSNATIVE\drivers\Envy24HF.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 01:25 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-18 07:44]
.
2014-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-01 12:18]
.
2014-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-01 12:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2013-03-28 03:37 2818800 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2013-03-28 03:37 2818800 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2013-03-28 03:37 2818800 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncExcl]
@="{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}"
[HKEY_CLASSES_ROOT\CLSID\{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}]
2014-01-16 05:24 104872 ----a-w- c:\windows\System32\WRusr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncGreen]
@="{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}"
[HKEY_CLASSES_ROOT\CLSID\{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}]
2014-01-16 05:24 104872 ----a-w- c:\windows\System32\WRusr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncRed]
@="{1914B27A-33C8-46F8-A1C2-F993268D4564}"
[HKEY_CLASSES_ROOT\CLSID\{1914B27A-33C8-46F8-A1C2-F993268D4564}]
2014-01-16 05:24 104872 ----a-w- c:\windows\System32\WRusr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncYellow]
@="{C14874EA-ACE4-4A47-8A81-18C4D1C40868}"
[HKEY_CLASSES_ROOT\CLSID\{C14874EA-ACE4-4A47-8A81-18C4D1C40868}]
2014-01-16 05:24 104872 ----a-w- c:\windows\System32\WRusr.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\1qmzyu6f.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Completion time: 2014-02-05 20:48:29 - machine was rebooted
ComboFix-quarantined-files.txt 2014-02-06 02:48
ComboFix2.txt 2014-02-05 02:57
ComboFix3.txt 2014-02-03 21:35
ComboFix4.txt 2014-02-02 03:52
.
Pre-Run: 483,024,596,992 bytes free
Post-Run: 482,960,293,888 bytes free
.
- - End Of File - - C6473E984CCE843E603035F415DBF54F
A36C5E4F47E84449FF07ED3517B43A31
threeputt
2014-02-06, 05:28
Sorry if I am bothering you but again I tried to remove combofix. This time again it said it needed the updated combo so I clicked yes to update. It then started running and it said it had been removed. The computer again locked up on a few webpages so I thought what the heck I would download the newer version of combo and run it. I did just that and again it found infected 1 file. Combofix repaired this file and the computer rebooted fine. Do I just need to leave this as is? or do you think something is actually making this happen. Here is the new log anyway. Just let me know what you thing and if I am being a pest please tell me and I will just reformat the computer and see what happens then. Thanks so much for your help on this. Tom
ComboFix 14-02-05.02 - Tom 02/05/2014 21:10:14.14.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6142.4701 [GMT -6:00]
Running from: c:\users\Tom\Desktop\ComboFix.exe
AV: Webroot SecureAnywhere *Enabled/Updated* {66A6FE14-08CB-F415-3742-517201416109}
SP: Webroot SecureAnywhere *Enabled/Updated* {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache64\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-01-06 to 2014-02-06 )))))))))))))))))))))))))))))))
.
.
2014-02-06 03:15 . 2014-02-06 03:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-02-06 03:15 . 2014-02-06 03:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-05 01:15 . 2014-02-05 01:15 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-02-04 15:23 . 2013-12-16 07:54 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{65066F2E-F40E-4ED0-8F0D-DA8F73211661}\mpengine.dll
2014-02-03 23:28 . 2014-02-03 23:28 181064 ----a-w- c:\windows\PSEXESVC.EXE
2014-02-03 23:25 . 2014-02-03 23:25 -------- d-----w- C:\RegBackup
2014-02-03 21:53 . 2014-02-03 21:53 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-02-03 01:56 . 2014-02-03 23:33 -------- d-----w- C:\FRST
2014-01-24 04:33 . 2014-02-05 01:24 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-24 04:32 . 2014-02-05 01:14 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-21 03:43 . 2014-01-21 03:43 -------- d-----w- c:\users\Tom\AppData\Local\Macromedia
2014-01-21 03:10 . 2014-01-21 03:10 -------- d-----w- c:\users\Tom\AppData\Local\Mozilla
2014-01-21 03:10 . 2014-01-21 03:10 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-01-20 20:48 . 2014-01-20 20:48 -------- d-----w- c:\program files\SAMSUNG
2014-01-20 20:48 . 2014-01-20 20:48 -------- d-----w- c:\programdata\Samsung
2014-01-19 15:49 . 2014-01-19 15:49 -------- d-----w- c:\windows\ERUNT
2014-01-19 15:47 . 2014-01-26 04:20 -------- d-----w- C:\AdwCleaner
2014-01-15 22:23 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 22:23 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 22:23 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 22:23 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 22:23 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 22:23 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 22:23 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 22:23 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 22:23 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-15 03:06 . 2014-01-15 03:06 -------- d-----w- c:\users\Tom\AppData\Local\Amazon
2014-01-13 22:14 . 2014-01-13 22:14 -------- d-----w- c:\program files (x86)\Hewlett-Packard
2014-01-13 22:13 . 2014-01-20 23:09 -------- d-----w- c:\users\Tom\AppData\Roaming\HpUpdate
2014-01-13 22:12 . 2014-01-13 22:12 -------- d-----w- c:\windows\Hewlett-Packard
2014-01-13 22:03 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2014-01-13 22:03 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-01-13 22:00 . 2014-01-13 22:00 -------- d-----w- c:\users\Tom\AppData\Local\Secunia PSI
2014-01-13 22:00 . 2014-01-13 22:00 -------- d-----w- c:\program files (x86)\Secunia
2014-01-09 05:20 . 2014-01-09 05:20 -------- d-----w- c:\windows\Migration
2014-01-09 05:18 . 2013-10-15 00:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-05 07:44 . 2012-11-18 22:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 07:44 . 2012-11-18 22:58 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-16 05:24 . 2013-04-04 01:13 154824 ----a-w- c:\windows\SysWow64\WRusr.dll
2014-01-16 05:24 . 2013-04-04 01:13 115232 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2014-01-16 05:24 . 2013-04-04 01:13 104872 ----a-w- c:\windows\system32\WRusr.dll
2014-01-15 22:24 . 2012-11-18 22:34 86054176 ----a-w- c:\windows\system32\MRT.exe
2013-12-28 02:22 . 2012-11-19 00:48 10395072 ----a-w- c:\program files (x86)\Common Files\wruninstall.exe
2013-12-18 12:13 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-11-23 18:26 . 2013-12-29 12:31 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-29 12:31 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-12 02:23 . 2013-12-29 12:31 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-29 12:31 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-05-01 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2014-01-19 761464]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Install Webroot FF RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -q -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext [2012-11-18 10395072]
Install Webroot IE RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -p -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext [2012-11-18 10395072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys;c:\windows\SYSNATIVE\drivers\WRkrn.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe;c:\program files\Webroot\WRSA.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 Envy24HFS;ICE Envy24 Family Audio Controller WDM 64 bit;c:\windows\system32\drivers\Envy24HF.sys;c:\windows\SYSNATIVE\drivers\Envy24HF.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 01:25 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-18 07:44]
.
2014-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-01 12:18]
.
2014-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-01 12:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2013-03-28 03:37 2818800 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2013-03-28 03:37 2818800 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2013-03-28 03:37 2818800 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncExcl]
@="{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}"
[HKEY_CLASSES_ROOT\CLSID\{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}]
2014-01-16 05:24 104872 ----a-w- c:\windows\System32\WRusr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncGreen]
@="{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}"
[HKEY_CLASSES_ROOT\CLSID\{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}]
2014-01-16 05:24 104872 ----a-w- c:\windows\System32\WRusr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncRed]
@="{1914B27A-33C8-46F8-A1C2-F993268D4564}"
[HKEY_CLASSES_ROOT\CLSID\{1914B27A-33C8-46F8-A1C2-F993268D4564}]
2014-01-16 05:24 104872 ----a-w- c:\windows\System32\WRusr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncYellow]
@="{C14874EA-ACE4-4A47-8A81-18C4D1C40868}"
[HKEY_CLASSES_ROOT\CLSID\{C14874EA-ACE4-4A47-8A81-18C4D1C40868}]
2014-01-16 05:24 104872 ----a-w- c:\windows\System32\WRusr.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\1qmzyu6f.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Completion time: 2014-02-05 21:20:29 - machine was rebooted
ComboFix-quarantined-files.txt 2014-02-06 03:20
ComboFix2.txt 2014-02-06 02:48
.
Pre-Run: 486,176,579,584 bytes free
Post-Run: 486,118,498,304 bytes free
.
- - End Of File - - A04FEF661C9D1F4DE84DA0733E0A6761
A36C5E4F47E84449FF07ED3517B43A31
threeputt
2014-02-06, 07:24
OK, here I am again. I run combofix two more times and all is clean. I think I will let it rest . You say this computer is clean and that is good enough for me. I doubt anyone ever run combofix on a new computer so really we would not know if it found anything false or not. In my case it probably is a false positive. It is running good enough until I upgrade to a faster system. I will do all you said in you last post including removing combofix and let it be. Thanks again for you help. I know you are tired of me posting anyway :) Tom
Could be false positive.
Restored copy from - c:\windows\erdnt\cache64\services.exe
It's always restored from the same place. Is erdnt making a fresh copy every time you run the tool?
We can't check since the file has been replaced.
What we need to do for a while is stop running ComboFix. It could be a bug from within the program itself.
As to why it's happening, I just don't know. Let's leave this thread open and see if you have issues pop up in a couple of days.
At this time I think you should completely uninstall ComboFix and use the computer. Allow it to shut down and restart normally. Allow Microsoft updates and updates to other items on here.
Just let me know.
threeputt
2014-02-06, 16:38
Yes, I removed combofix last night. I will just see how it goes and get back to you. Tom
threeputt
2014-02-06, 18:00
Is erdnt making a fresh copy every time you run the tool?
It does
Like you said it probably is false positive. I never run combo on a good running computer so I could not tell if problems like this arise.
I will just do as you mentioned and let it be. I really appreciate your help again on this. I will keep you updated. Tom
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif
Since this issue appears resolved ... this Topic is closed.