Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer open in task manager but not open and firewall disabled


  • This topic is locked This topic is locked
47 replies to this topic

#1 Duckie13

Duckie13

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 AM

Posted 29 March 2014 - 06:05 PM

Hi All,

I've been racking my brain trying to see what is going on and I cannot for the life of me figure it out. So I was hoping that someone on here might be able to help. Here's my situation. As I mentioned in the title something is going wrong with internet explorer and it opens in the task manager but is not open on the screen (although I do often see a little flash of something like a window popping up every now and then but only a flash then it's gone). Also I will click on normal links (like cnn.com after searching google for "cnn" and it will send me to some random website, usually trying to sell me something). Finally after some invesitgation it looks like there is a false iexplorer.exe file on my computer that got there somehow, and I think is causing issues. Oh and my windows firewall and symantec have been disabled. I have scanned with malwarebytes, adaware, spybot, and a few others with some each of them finding things but nothing has been fixed. 

 

Any and all help is greatly appreciated. Thank you in advance,

-Duck

 

Below is the DDS from the preparation guide I found. I have the Attach file as well but the file says not to post unless asked to do so. So I'll wait until that I guess.

______________________________________________

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.15.2
Run by Howard at 17:55:33 on 2014-03-29
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8174.5897 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Howard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Fitbit\fitbit-tray.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Fitbit\fitbit.exe
C:\Windows\system32\lxbucoms.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Howard\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Windows\System32\regsvr32.exe
C:\Users\Howard\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\DWHWizrd.exe
C:\Program Files\My Dell\uaclauncher.exe
C:\Windows\system32\taskmgr.exe
C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [Spotify Web Helper] "C:\Users\Howard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Fitbit Service Monitor] C:\Program Files (x86)\Fitbit\fitbit-tray.exe
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [MusicManager] "C:\Users\Howard\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
uRun: [Ewfption] regsvr32.exe C:\Users\Howard\AppData\Local\Ewfption\sonymvd2pro_xp.dll
uRun: [Ewfption Update] regsvr32.exe C:\Users\Howard\AppData\Local\Ewfption\PowNap.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
StartupFolder: C:\Users\Howard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Howard\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Howard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{13B015E0-B412-4652-AE2F-3CC6666F2E30} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4B4BDBFF-B9FA-4523-89CD-1C28DE206EAA} : DHCPNameServer = 128.101.101.101 134.84.84.84
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [LXBUCATS] rundll32 C:\Windows\System32\spool\DRIVERS\x64\3\LXBUtime.dll,RunDLLEntry
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-5-27 55856]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2014-1-10 1435680]
R2 Fitbit;Fitbit Data Uploader;C:\Program Files (x86)\Fitbit\fitbit.exe [2012-7-9 770080]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-27 13336]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2011-4-25 1839888]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-12-7 137648]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-5-27 317440]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-27 406056]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MatLocalLicenceServer60;Materialise Local License Server 6.0;C:\Program Files (x86)\Common Files\Materialise\LicenseFiles6\LicSrv60.exe [2012-10-1 589824]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-16 111616]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-5-27 158976]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 SIUSBXP;SIUSBXP;C:\Windows\System32\drivers\SiUSBXp.sys [2012-7-9 26856]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-9-29 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-28 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-03-25 02:08:31 -------- d-----w- C:\Users\Howard\AppData\Roaming\0D0S1L2Z1P1B
2014-03-25 02:08:13 -------- d-----w- C:\Program Files (x86)\Mega Browse
2014-03-25 02:07:19 -------- d-----w- C:\Users\Howard\AppData\Roaming\DigitalSites
2014-03-25 02:07:18 -------- d-----w- C:\Program Files (x86)\OpenIt
2014-03-23 22:25:59 -------- d-----w- C:\AdwCleaner
2014-03-21 19:12:26 -------- d-----w- C:\Users\Howard\AppData\Roaming\LavasoftStatistics
2014-03-21 18:44:17 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-03-21 18:44:14 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-21 18:43:16 -------- d-----w- C:\Program Files\Lavasoft
2014-03-21 18:42:23 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2014-03-21 18:18:29 -------- d-----w- C:\ProgramData\Oracle
2014-03-16 14:51:55 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-16 14:51:55 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-16 14:51:51 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-03-16 14:51:48 484864 ----a-w- C:\Windows\System32\wer.dll
2014-03-16 14:51:48 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-03-16 14:51:43 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-03-16 14:46:32 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-16 14:46:32 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
.
==================== Find3M  ====================
.
2014-03-12 01:47:42 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 01:47:42 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
.
============= FINISH: 17:56:06.78 ===============
 


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:39 AM

Posted 30 March 2014 - 05:13 PM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 Duckie13

Duckie13
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 AM

Posted 30 March 2014 - 09:38 PM

Attached File  Addition.txt   43.93KB   2 downloads
 
Hi Georgi,
Thank you kindly for your assistance. I ran it and you will find FSRT log below, and addition attached. 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Howard (administrator) on HOWARD-PC on 30-03-2014 21:34:10
Running from C:\Users\Howard\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Howard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit\fitbit-tray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit\fitbit.exe
( ) C:\Windows\system32\lxbucoms.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Users\Howard\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Dropbox, Inc.) C:\Users\Howard\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\DWHWizrd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Google Inc.) C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
(Blizzard Entertainment, Inc.) C:\Users\Howard\Desktop\StarCraft II\Versions\Base28667\SC2.exe
(Google Inc.) C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe
(Google Inc.) C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Howard\Desktop\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] - C:\Windows\system32\THXCfg64.dll [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry_EptMon] - C:\Windows\system32\EptMon64.dll [21504 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055816 2011-05-30] ()
HKLM\...\Run: [LXBUCATS] - C:\Windows\system32\spool\DRIVERS\x64\3\LXBUtime.dll [28672 2007-04-17] ()
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-05-30] ()
HKLM-x32\...\Run: [ccApp] - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115624 2011-04-25] (Symantec Corporation)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [VMM Mode Selection] - C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Fitbit Connect] - C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3362336 2014-01-10] (Fitbit, Inc.)
HKU\S-1-5-21-1226994778-3408642141-2447314796-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-1226994778-3408642141-2447314796-1001\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-1226994778-3408642141-2447314796-1001\...\Run: [Spotify Web Helper] - C:\Users\Howard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1199576 2012-11-29] (Spotify Ltd)
HKU\S-1-5-21-1226994778-3408642141-2447314796-1001\...\Run: [Fitbit Service Monitor] - C:\Program Files (x86)\Fitbit\fitbit-tray.exe [2177056 2012-04-11] (Fitbit, Inc.)
HKU\S-1-5-21-1226994778-3408642141-2447314796-1001\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)
HKU\S-1-5-21-1226994778-3408642141-2447314796-1001\...\Run: [MusicManager] - C:\Users\Howard\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7331840 2013-04-23] (Google Inc.)
HKU\S-1-5-21-1226994778-3408642141-2447314796-1001\...\Run: [Fitbit Connect] - C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3362336 2014-01-10] (Fitbit, Inc.)
HKU\S-1-5-21-1226994778-3408642141-2447314796-1001\...\Run: [Ewfption] - regsvr32.exe C:\Users\Howard\AppData\Local\Ewfption\sonymvd2pro_xp.dll <===== ATTENTION
HKU\S-1-5-21-1226994778-3408642141-2447314796-1001\...\Run: [Ewfption Update] - regsvr32.exe C:\Users\Howard\AppData\Local\Ewfption\PowNap.dll
HKU\S-1-5-21-1226994778-3408642141-2447314796-1001\...\MountPoints2: {349f8379-12cd-11e2-8321-782bcb967ac6} - K:\TL-Bootstrap.exe
HKU\S-1-5-21-1226994778-3408642141-2447314796-1001\...\MountPoints2: {95ac9d34-8836-11e0-8382-806e6f6e6963} - D:\SETUP.EXE
HKU\S-1-5-21-1226994778-3408642141-2447314796-1001\...\MountPoints2: {de155691-a2b4-11e3-afb6-782bcb967ac6} - I:\VZW_Software_upgrade_assistant.exe
Startup: C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Howard\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Users\Howard\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Howard\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Howard\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-28]
CHR Extension: (YouTube) - C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]
CHR Extension: (Add to Amazon Wish List) - C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2013-11-30]
CHR Extension: (Google Search) - C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]
CHR Extension: (Planapple Save Button) - C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhcboefjgjaapmjacmbbijgfaddecoho [2013-05-10]
CHR Extension: (Google Wallet) - C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Gmail) - C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Howard\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-04-28]
CHR StartMenuInternet: Google Chrome - C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108456 2011-04-25] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108456 2011-04-25] (Symantec Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1435680 2014-01-10] (Fitbit, Inc.)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093944 2011-01-19] (Symantec Corporation)
R2 lxbu_device; C:\Windows\system32\lxbucoms.exe [566704 2007-04-17] ( )
R2 lxbu_device; C:\Windows\SysWOW64\lxbucoms.exe [537520 2007-04-17] ( )
S2 MatLocalLicenceServer60; C:\Program Files (x86)\Common Files\Materialise\LicenseFiles6\LicSrv60.exe [589824 2012-10-01] ()
R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3250416 2011-04-25] (Symantec Corporation)
S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [428960 2011-04-25] (Symantec Corporation)
R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1839888 2011-04-25] (Symantec Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20140327.019\eng64.sys [126040 2013-08-22] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20140327.019\ex64.sys [2099288 2013-08-22] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [453240 2011-04-25] (Symantec Corporation)
R1 SRTSP; C:\Windows\SysWOW64\Drivers\SRTSP64.SYS [453240 2011-04-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [482424 2011-04-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWOW64\Drivers\SRTSPL64.SYS [482424 2011-04-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32376 2011-04-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\SysWOW64\Drivers\SRTSPX64.SYS [32376 2011-04-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173616 2011-09-28] (Symantec Corporation)
U2 SharedAccess; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-30 21:34 - 2014-03-30 21:34 - 02157056 _____ (Farbar) C:\Users\Howard\Desktop\FRST64 (1).exe
2014-03-30 21:33 - 2014-03-30 21:34 - 02157056 _____ (Farbar) C:\Users\Howard\Downloads\FRST64 (1).exe
2014-03-30 20:49 - 2014-03-30 21:34 - 00019074 _____ () C:\Users\Howard\Desktop\FRST.txt
2014-03-30 20:49 - 2014-03-30 20:49 - 00044982 _____ () C:\Users\Howard\Desktop\Addition.txt
2014-03-30 20:48 - 2014-03-30 21:34 - 00000000 ____D () C:\FRST
2014-03-30 20:48 - 2014-03-30 20:49 - 00050504 _____ () C:\Users\Howard\Downloads\FRST.txt
2014-03-30 20:48 - 2014-03-30 20:49 - 00044982 _____ () C:\Users\Howard\Downloads\Addition.txt
2014-03-30 20:31 - 2014-03-30 20:36 - 00000000 ____D () C:\Users\Howard\Documents\StarCraft II
2014-03-30 20:31 - 2014-03-30 20:31 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-03-30 19:57 - 2014-03-30 20:31 - 00000000 ____D () C:\Users\Howard\Desktop\StarCraft II
2014-03-30 19:57 - 2014-03-30 19:57 - 00000777 _____ () C:\Users\Public\Desktop\StarCraft II.lnk
2014-03-30 19:56 - 2014-03-30 19:56 - 00000000 ____D () C:\ProgramData\Battle.net
2014-03-30 19:49 - 2014-03-30 19:50 - 54085656 _____ (Blizzard Entertainment) C:\Users\Howard\Downloads\StarCraft-II-Setup-enUS.exe
2014-03-30 19:41 - 2014-03-30 19:41 - 02157056 _____ (Farbar) C:\Users\Howard\Downloads\FRST64.exe
2014-03-29 17:56 - 2014-03-29 17:56 - 00021372 _____ () C:\Users\Howard\Desktop\attach.txt
2014-03-29 17:56 - 2014-03-29 17:56 - 00018268 _____ () C:\Users\Howard\Desktop\dds.txt
2014-03-29 17:54 - 2014-03-29 17:54 - 00688992 ____R (Swearware) C:\Users\Howard\Downloads\dds.com
2014-03-24 21:08 - 2014-03-24 22:22 - 00000000 ____D () C:\Program Files (x86)\Mega Browse
2014-03-24 21:08 - 2014-03-24 21:08 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\0D0S1L2Z1P1B
2014-03-24 21:07 - 2014-03-24 21:07 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\DigitalSites
2014-03-24 21:07 - 2014-03-24 21:07 - 00000000 ____D () C:\Program Files (x86)\OpenIt
2014-03-23 17:25 - 2014-03-24 16:49 - 00000000 ____D () C:\AdwCleaner
2014-03-23 17:23 - 2014-03-23 17:23 - 00030454 _____ () C:\ComboFix.txt
2014-03-23 17:06 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-23 17:05 - 2014-03-24 22:12 - 00000000 ____D () C:\Windows\erdnt
2014-03-23 17:05 - 2014-03-23 17:23 - 00000000 ____D () C:\Qoobox
2014-03-21 14:40 - 2014-03-21 14:40 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\Lavasoft
2014-03-21 14:12 - 2014-03-21 14:12 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\LavasoftStatistics
2014-03-21 13:44 - 2014-03-24 22:14 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-21 13:44 - 2014-03-24 22:13 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-21 13:43 - 2014-03-21 13:43 - 00000000 ____D () C:\Program Files\Lavasoft
2014-03-21 13:42 - 2014-03-21 13:42 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-03-21 13:41 - 2014-03-21 13:41 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-03-21 13:18 - 2014-03-21 13:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-16 10:18 - 2014-03-01 01:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-16 10:18 - 2014-03-01 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-16 10:18 - 2014-03-01 00:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-16 10:18 - 2014-02-28 23:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-16 10:18 - 2014-02-28 23:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-16 10:18 - 2014-02-28 23:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-16 10:18 - 2014-02-28 23:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-16 10:18 - 2014-02-28 23:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-16 10:18 - 2014-02-28 23:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-16 10:18 - 2014-02-28 23:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-16 10:18 - 2014-02-28 23:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-16 10:18 - 2014-02-28 23:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-16 10:18 - 2014-02-28 23:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-16 10:18 - 2014-02-28 23:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-16 10:18 - 2014-02-28 23:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-16 10:18 - 2014-02-28 23:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-16 10:18 - 2014-02-28 23:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-16 10:18 - 2014-02-28 22:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-16 10:18 - 2014-02-28 22:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-16 10:18 - 2014-02-28 22:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-16 10:18 - 2014-02-28 22:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-16 10:18 - 2014-02-28 22:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-16 10:18 - 2014-02-28 22:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-16 10:18 - 2014-02-28 22:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-16 10:18 - 2014-02-28 22:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-16 10:18 - 2014-02-28 22:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-16 10:18 - 2014-02-28 22:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-16 10:18 - 2014-02-28 22:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-16 10:18 - 2014-02-28 22:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-16 10:18 - 2014-02-28 22:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-16 10:18 - 2014-02-28 22:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-16 10:18 - 2014-02-28 22:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-16 10:18 - 2014-02-28 22:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-16 10:18 - 2014-02-28 22:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-16 10:18 - 2014-02-28 21:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-16 10:18 - 2014-02-28 21:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-16 10:18 - 2014-02-28 21:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-16 10:18 - 2014-02-28 21:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-16 10:18 - 2014-02-28 21:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-16 10:18 - 2014-02-28 21:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-16 09:51 - 2014-02-06 20:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-16 09:51 - 2014-02-03 21:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-16 09:51 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-16 09:51 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-16 09:51 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-16 09:51 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-16 09:46 - 2014-02-03 21:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-16 09:46 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-11 20:30 - 2014-03-11 20:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Howard\Downloads\mbam-setup-1.75.0.1300 (1).exe
 
==================== One Month Modified Files and Folders =======
 
2014-03-30 21:34 - 2014-03-30 21:34 - 02157056 _____ (Farbar) C:\Users\Howard\Desktop\FRST64 (1).exe
2014-03-30 21:34 - 2014-03-30 21:33 - 02157056 _____ (Farbar) C:\Users\Howard\Downloads\FRST64 (1).exe
2014-03-30 21:34 - 2014-03-30 20:49 - 00019074 _____ () C:\Users\Howard\Desktop\FRST.txt
2014-03-30 21:34 - 2014-03-30 20:48 - 00000000 ____D () C:\FRST
2014-03-30 21:25 - 2012-10-21 11:03 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-30 20:49 - 2014-03-30 20:49 - 00044982 _____ () C:\Users\Howard\Desktop\Addition.txt
2014-03-30 20:49 - 2014-03-30 20:48 - 00050504 _____ () C:\Users\Howard\Downloads\FRST.txt
2014-03-30 20:49 - 2014-03-30 20:48 - 00044982 _____ () C:\Users\Howard\Downloads\Addition.txt
2014-03-30 20:46 - 2013-04-13 07:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-30 20:36 - 2014-03-30 20:31 - 00000000 ____D () C:\Users\Howard\Documents\StarCraft II
2014-03-30 20:31 - 2014-03-30 20:31 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-03-30 20:31 - 2014-03-30 19:57 - 00000000 ____D () C:\Users\Howard\Desktop\StarCraft II
2014-03-30 20:31 - 2009-07-14 00:10 - 01610453 _____ () C:\Windows\WindowsUpdate.log
2014-03-30 20:31 - 2009-07-13 23:51 - 00233019 _____ () C:\Windows\setupact.log
2014-03-30 19:57 - 2014-03-30 19:57 - 00000777 _____ () C:\Users\Public\Desktop\StarCraft II.lnk
2014-03-30 19:56 - 2014-03-30 19:56 - 00000000 ____D () C:\ProgramData\Battle.net
2014-03-30 19:50 - 2014-03-30 19:49 - 54085656 _____ (Blizzard Entertainment) C:\Users\Howard\Downloads\StarCraft-II-Setup-enUS.exe
2014-03-30 19:49 - 2012-10-21 11:03 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-30 19:41 - 2014-03-30 19:41 - 02157056 _____ (Farbar) C:\Users\Howard\Downloads\FRST64.exe
2014-03-30 19:38 - 2013-05-22 20:48 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-03-30 15:49 - 2012-02-12 21:44 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\Dropbox
2014-03-30 11:40 - 2011-11-10 23:21 - 00000000 ____D () C:\Program Files\Lx_cats
2014-03-30 11:36 - 2014-02-06 10:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-29 17:56 - 2014-03-29 17:56 - 00021372 _____ () C:\Users\Howard\Desktop\attach.txt
2014-03-29 17:56 - 2014-03-29 17:56 - 00018268 _____ () C:\Users\Howard\Desktop\dds.txt
2014-03-29 17:54 - 2014-03-29 17:54 - 00688992 ____R (Swearware) C:\Users\Howard\Downloads\dds.com
2014-03-27 18:38 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-27 18:38 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-26 07:38 - 2009-07-14 00:13 - 00782320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-26 07:33 - 2012-02-12 21:45 - 00000000 ___RD () C:\Users\Howard\Dropbox
2014-03-26 07:33 - 2011-11-11 10:20 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-26 07:31 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-25 22:13 - 2013-07-14 01:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-25 22:11 - 2011-09-28 21:25 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-25 21:20 - 2011-05-27 02:54 - 00237836 _____ () C:\Windows\PFRO.log
2014-03-24 22:22 - 2014-03-24 21:08 - 00000000 ____D () C:\Program Files (x86)\Mega Browse
2014-03-24 22:22 - 2014-01-29 14:47 - 00000000 ____D () C:\Program Files (x86)\Fitbit Connect
2014-03-24 22:22 - 2012-07-09 18:07 - 00000000 ____D () C:\Program Files (x86)\Fitbit
2014-03-24 22:22 - 2011-11-03 16:24 - 00000000 ____D () C:\Program Files\Bonjour
2014-03-24 22:22 - 2011-09-28 22:27 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-03-24 22:22 - 2011-09-28 21:11 - 00000000 ____D () C:\Users\Howard
2014-03-24 22:19 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-03-24 22:19 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-24 22:19 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media
2014-03-24 22:19 - 2009-07-13 22:20 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-24 22:19 - 2009-07-13 22:20 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-24 22:19 - 2009-07-13 22:20 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-24 22:19 - 2009-07-13 22:20 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-24 22:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\TAPI
2014-03-24 22:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Recovery
2014-03-24 22:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-03-24 22:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\ias
2014-03-24 22:18 - 2011-05-27 02:56 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-03-24 22:18 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-03-24 22:18 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-03-24 22:18 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-03-24 22:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-03-24 22:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-03-24 22:17 - 2012-06-04 06:45 - 00000000 ____D () C:\Windows\Minidump
2014-03-24 22:17 - 2011-09-29 22:22 - 00000000 ____D () C:\Windows\system32\SPReview
2014-03-24 22:17 - 2011-09-29 22:21 - 00000000 ____D () C:\Windows\system32\EventProviders
2014-03-24 22:17 - 2009-07-14 02:45 - 00000000 ____D () C:\Windows\ShellNew
2014-03-24 22:17 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\restore
2014-03-24 22:17 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-03-24 22:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-03-24 22:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\th-TH
2014-03-24 22:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-03-24 22:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sl-SI
2014-03-24 22:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-03-24 22:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\ro-RO
2014-03-24 22:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-24 22:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\lv-LV
2014-03-24 22:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\lt-LT
2014-03-24 22:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\hr-HR
2014-03-24 22:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\he-IL
2014-03-24 22:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\et-EE
2014-03-24 22:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\bg-BG
2014-03-24 22:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-03-24 22:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-03-24 22:16 - 2014-02-07 08:35 - 00000000 ____D () C:\Users\Howard\AppData\Local\Ewfption
2014-03-24 22:16 - 2013-07-14 01:02 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\vlc
2014-03-24 22:16 - 2013-07-02 22:11 - 00000000 ____D () C:\ProgramData\Minitab
2014-03-24 22:16 - 2013-07-02 22:09 - 00000000 ____D () C:\Users\Howard\Downloads\Minitab16 (English)
2014-03-24 22:16 - 2013-06-20 13:54 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
2014-03-24 22:16 - 2013-05-22 20:47 - 00000000 ____D () C:\Program Files\My Dell
2014-03-24 22:16 - 2013-03-17 03:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-24 22:16 - 2012-12-30 14:03 - 00000000 ____D () C:\Users\Howard\Documents\BeerSmith2
2014-03-24 22:16 - 2012-11-10 10:31 - 00000000 ___SD () C:\Users\Howard\Google Drive
2014-03-24 22:16 - 2012-09-15 03:03 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\Skype
2014-03-24 22:16 - 2012-06-21 20:50 - 00000000 ____D () C:\Users\Howard\Desktop\Gaming
2014-03-24 22:16 - 2012-06-21 20:48 - 00000000 ____D () C:\Users\Howard\Desktop\Humboldt Materials
2014-03-24 22:16 - 2012-06-04 21:47 - 00000000 ____D () C:\ProgramData\Anti-phishing Domain Advisor
2014-03-24 22:16 - 2012-04-10 13:06 - 00000000 ____D () C:\Users\Howard\Downloads\cjB6200EN
2014-03-24 22:16 - 2012-03-07 23:43 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\Spotify
2014-03-24 22:16 - 2012-02-20 21:17 - 00000000 ____D () C:\Users\Howard\Desktop\spoken-language-trnbhzkgq-gb-052_021523_576460
2014-03-24 22:16 - 2012-02-12 21:45 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-03-24 22:16 - 2011-09-30 16:58 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\Thunderbird
2014-03-24 22:16 - 2011-09-29 19:31 - 00000000 ____D () C:\Users\Howard\AppData\Local\Microsoft Help
2014-03-24 22:16 - 2011-09-29 19:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-24 22:16 - 2011-09-28 22:03 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-03-24 22:16 - 2011-09-28 21:16 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy
2014-03-24 22:16 - 2011-09-28 21:15 - 00000000 ___RD () C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-24 22:16 - 2011-09-28 21:11 - 00000000 ___RD () C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-24 22:16 - 2011-09-28 21:11 - 00000000 ___RD () C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-24 22:16 - 2011-09-28 21:11 - 00000000 ___RD () C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-24 22:16 - 2011-05-27 01:10 - 00000000 ____D () C:\ProgramData\Best Buy pc app
2014-03-24 22:16 - 2011-05-27 01:09 - 00000000 __HDC () C:\ProgramData\{7B344F95-C8A2-414E-BF1A-2D2F08D3D6B2}
2014-03-24 22:16 - 2011-05-27 01:09 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-03-24 22:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-03-24 22:15 - 2013-09-17 12:34 - 00000000 ____D () C:\Program Files\HitmanPro
2014-03-24 22:15 - 2013-09-17 08:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-24 22:15 - 2013-04-13 07:38 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-24 22:15 - 2013-03-17 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-24 22:15 - 2012-12-09 11:56 - 00000000 ____D () C:\Program Files (x86)\ImageJ
2014-03-24 22:15 - 2012-10-29 20:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-24 22:15 - 2012-10-14 18:53 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-03-24 22:15 - 2012-03-03 14:50 - 00000000 ____D () C:\Program Files\iTunes
2014-03-24 22:15 - 2012-03-03 14:50 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-24 22:15 - 2011-11-03 16:27 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-24 22:15 - 2011-09-29 19:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-03-24 22:15 - 2011-09-28 22:40 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-03-24 22:15 - 2011-09-28 22:35 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-03-24 22:15 - 2011-09-28 22:27 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-03-24 22:15 - 2011-09-28 21:35 - 00000000 ____D () C:\FIND_EULA_PATH
2014-03-24 22:15 - 2011-05-27 03:27 - 00000000 ____D () C:\dell
2014-03-24 22:15 - 2011-05-27 01:18 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-03-24 22:15 - 2011-05-27 01:09 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-24 22:15 - 2011-05-27 01:05 - 00000000 ____D () C:\Program Files (x86)\Multimedia Card Reader(9106)
2014-03-24 22:15 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-03-24 22:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-24 22:14 - 2014-03-21 13:44 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-24 22:13 - 2014-03-21 13:44 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-24 22:12 - 2014-03-23 17:05 - 00000000 ____D () C:\Windows\erdnt
2014-03-24 22:12 - 2009-07-14 02:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-24 22:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-03-24 21:42 - 2012-04-12 19:36 - 00000000 ____D () C:\Users\Howard\Documents\TurboTax
2014-03-24 21:41 - 2013-07-08 22:30 - 00000000 ____D () C:\Users\Howard\Desktop\HH 89
2014-03-24 21:36 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-03-24 21:31 - 2012-04-11 19:56 - 00000000 ____D () C:\Program Files (x86)\TurboTax
2014-03-24 21:29 - 2011-05-27 01:02 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-24 21:24 - 2011-09-29 19:30 - 00000000 __RHD () C:\MSOCache
2014-03-24 21:23 - 2012-02-17 17:35 - 00000000 ____D () C:\AMD
2014-03-24 21:23 - 2012-01-06 18:25 - 00000000 ____D () C:\ATI
2014-03-24 21:08 - 2014-03-24 21:08 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\0D0S1L2Z1P1B
2014-03-24 21:07 - 2014-03-24 21:07 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\DigitalSites
2014-03-24 21:07 - 2014-03-24 21:07 - 00000000 ____D () C:\Program Files (x86)\OpenIt
2014-03-24 21:04 - 2012-04-11 19:57 - 00000930 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-03-24 16:49 - 2014-03-23 17:25 - 00000000 ____D () C:\AdwCleaner
2014-03-23 17:23 - 2014-03-23 17:23 - 00030454 _____ () C:\ComboFix.txt
2014-03-23 17:23 - 2014-03-23 17:05 - 00000000 ____D () C:\Qoobox
2014-03-21 14:40 - 2014-03-21 14:40 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\Lavasoft
2014-03-21 14:12 - 2014-03-21 14:12 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\LavasoftStatistics
2014-03-21 13:43 - 2014-03-21 13:43 - 00000000 ____D () C:\Program Files\Lavasoft
2014-03-21 13:42 - 2014-03-21 13:42 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-03-21 13:41 - 2014-03-21 13:41 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-03-21 13:18 - 2014-03-21 13:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-17 03:23 - 2009-07-13 23:45 - 02399592 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-12 00:07 - 2012-01-21 10:20 - 00000000 ____D () C:\Users\Howard\Desktop\UMN
2014-03-11 20:47 - 2013-04-13 07:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 20:47 - 2013-04-13 07:37 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 20:47 - 2011-12-02 10:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 20:31 - 2014-03-11 20:30 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Howard\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-09 04:01 - 2011-05-27 01:08 - 00000000 ____D () C:\ProgramData\Skype
2014-03-03 04:01 - 2014-02-27 08:44 - 00774442 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-02 20:57 - 2014-02-01 20:18 - 00003124 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask-Retry
2014-03-01 01:05 - 2014-03-16 10:18 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 00:17 - 2014-03-16 10:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 00:16 - 2014-03-16 10:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-28 23:58 - 2014-03-16 10:18 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-28 23:52 - 2014-03-16 10:18 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-28 23:51 - 2014-03-16 10:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-28 23:42 - 2014-03-16 10:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-28 23:40 - 2014-03-16 10:18 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-28 23:37 - 2014-03-16 10:18 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-28 23:33 - 2014-03-16 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-28 23:33 - 2014-03-16 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-28 23:32 - 2014-03-16 10:18 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-28 23:30 - 2014-03-16 10:18 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-28 23:23 - 2014-03-16 10:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-28 23:17 - 2014-03-16 10:18 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-28 23:11 - 2014-03-16 10:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-28 23:02 - 2014-03-16 10:18 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 22:54 - 2014-03-16 10:18 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 22:52 - 2014-03-16 10:18 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 22:51 - 2014-03-16 10:18 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 22:47 - 2014-03-16 10:18 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 22:43 - 2014-03-16 10:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 22:43 - 2014-03-16 10:18 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 22:42 - 2014-03-16 10:18 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 22:40 - 2014-03-16 10:18 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 22:38 - 2014-03-16 10:18 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 22:37 - 2014-03-16 10:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 22:35 - 2014-03-16 10:18 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 22:18 - 2014-03-16 10:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 22:16 - 2014-03-16 10:18 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 22:14 - 2014-03-16 10:18 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 22:10 - 2014-03-16 10:18 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 22:03 - 2014-03-16 10:18 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 22:00 - 2014-03-16 10:18 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 21:57 - 2014-03-16 10:18 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 21:38 - 2014-03-16 10:18 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 21:32 - 2014-03-16 10:18 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 21:27 - 2014-03-16 10:18 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 21:25 - 2014-03-16 10:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 21:25 - 2014-03-16 10:18 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
 
Some content of TEMP:
====================
C:\Users\Howard\AppData\Local\Temp\11-12_vista64_win7_64_dd_ccc_ocl.exe
C:\Users\Howard\AppData\Local\Temp\APNStub.exe
C:\Users\Howard\AppData\Local\Temp\AskSLib.dll
C:\Users\Howard\AppData\Local\Temp\EAD2818.exe
C:\Users\Howard\AppData\Local\Temp\EAD389C.exe
C:\Users\Howard\AppData\Local\Temp\EAD3ABE.exe
C:\Users\Howard\AppData\Local\Temp\EAD446E.exe
C:\Users\Howard\AppData\Local\Temp\EAD5688.exe
C:\Users\Howard\AppData\Local\Temp\EAD5A6E.exe
C:\Users\Howard\AppData\Local\Temp\EAD5F00.exe
C:\Users\Howard\AppData\Local\Temp\EAD6BCC.exe
C:\Users\Howard\AppData\Local\Temp\EAD7251.exe
C:\Users\Howard\AppData\Local\Temp\EAD7676.exe
C:\Users\Howard\AppData\Local\Temp\EAD849.exe
C:\Users\Howard\AppData\Local\Temp\EAD8EC7.exe
C:\Users\Howard\AppData\Local\Temp\EAD9A4B.exe
C:\Users\Howard\AppData\Local\Temp\EAD9B0.exe
C:\Users\Howard\AppData\Local\Temp\EAD9E60.exe
C:\Users\Howard\AppData\Local\Temp\EAD9F98.exe
C:\Users\Howard\AppData\Local\Temp\EADAC26.exe
C:\Users\Howard\AppData\Local\Temp\EADAF51.exe
C:\Users\Howard\AppData\Local\Temp\EADC7B1.exe
C:\Users\Howard\AppData\Local\Temp\EADD104.exe
C:\Users\Howard\AppData\Local\Temp\EADD113.exe
C:\Users\Howard\AppData\Local\Temp\EADDB12.exe
C:\Users\Howard\AppData\Local\Temp\EADDB50.exe
C:\Users\Howard\AppData\Local\Temp\EADE32D.exe
C:\Users\Howard\AppData\Local\Temp\EADE704.exe
C:\Users\Howard\AppData\Local\Temp\EADFA93.exe
C:\Users\Howard\AppData\Local\Temp\EADFD32.exe
C:\Users\Howard\AppData\Local\Temp\EADFF54.exe
C:\Users\Howard\AppData\Local\Temp\installerdll263204.dll
C:\Users\Howard\AppData\Local\Temp\installerdll78460500.dll
C:\Users\Howard\AppData\Local\Temp\installerdll78474742.dll
C:\Users\Howard\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Howard\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Howard\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Howard\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Howard\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exe
C:\Users\Howard\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Howard\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Howard\AppData\Local\Temp\MSND6A.exe
C:\Users\Howard\AppData\Local\Temp\photostage_1.0.0.1_1.5.0.67_update_all.exe
C:\Users\Howard\AppData\Local\Temp\rootsupd.exe
C:\Users\Howard\AppData\Local\Temp\tmp20A8.exe
C:\Users\Howard\AppData\Local\Temp\tmp2C3D.exe
C:\Users\Howard\AppData\Local\Temp\tmp4EE2.exe
C:\Users\Howard\AppData\Local\Temp\tmp827E.exe
C:\Users\Howard\AppData\Local\Temp\tmp9C5E.exe
C:\Users\Howard\AppData\Local\Temp\tmpE1C6.exe
C:\Users\Howard\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Howard\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Howard\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Howard\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-30 12:01
 
==================== End Of Log ============================


#4 Duckie13

Duckie13
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 AM

Posted 30 March 2014 - 09:51 PM

Georgi,

 

Also, I'm very sorry but I did install a game today. This is probably not what you wanted and I just realized that now. I hope that this does not affect things but it likely will and I apologize in advance for that. I wasn't thinking. I can redo any and all steps if that is the case, please let me know. 

 

Once again, sorry.

 

-Duck



#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:39 AM

Posted 31 March 2014 - 02:52 AM

Hello Duck,

 

 

No worries but from now on please refrain from doing any changes till we are done with the cleaning process. :)

 

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Also can you please go to C:\FRST\Quarantine and right click on the folder, select send to compressed(zip) folder that will make a zipped copy of this folder.
Then please upload it to http://www.bleepingcomputer.com/submit-malware.php?channel=122 so I can examine the files and submit to antivirus companies if needed.
After that please delete the zip file you just created but don't delete the C:\FRST\Quarantine folder for now. We will delete it at the end of the cleaning process.

 

 

 

Also I noticed a problem with the SharedAccess service.

 

Next please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure that all options are checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#6 Duckie13

Duckie13
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 AM

Posted 31 March 2014 - 08:16 AM

I have done the first thing but I cannot upload the quarantine file to the site, each time I do the page crashes. I am trying to post a reply as well, but it is struggling to do so and wont save the post, I will try later tonight to do it again.

Thanks for the patience.



#7 Duckie13

Duckie13
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 AM

Posted 31 March 2014 - 08:17 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Howard at 2014-03-31 07:38:58 Run:1
Running from C:\Users\Howard\Desktop\comp help
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
2014-03-18 07:15 - 2014-03-18 07:15 - 00106496 _____ () C:\Users\Howard\AppData\Local\Ewfption\PowNap.dll
HKU\S-1-5-21-1226994778-3408642141-2447314796-1001\...\Run: [Ewfption] - regsvr32.exe C:\Users\Howard\AppData\Local\Ewfption\sonymvd2pro_xp.dll <===== ATTENTION
HKU\S-1-5-21-1226994778-3408642141-2447314796-1001\...\Run: [Ewfption Update] - regsvr32.exe C:\Users\Howard\AppData\Local\Ewfption\PowNap.dll
C:\Users\Howard\AppData\Local\Ewfption\sonymvd2pro_xp.dll
C:\Users\Howard\AppData\Local\Ewfption\PowNap.dll
Folder: C:\Users\Howard\AppData\Local\Ewfption
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-03-24 21:08 - 2014-03-24 22:22 - 00000000 ____D () C:\Program Files (x86)\Mega Browse
2014-03-24 21:08 - 2014-03-24 21:08 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\0D0S1L2Z1P1B
2014-03-24 21:07 - 2014-03-24 21:07 - 00000000 ____D () C:\Users\Howard\AppData\Roaming\DigitalSites
2014-03-24 21:07 - 2014-03-24 21:07 - 00000000 ____D () C:\Program Files (x86)\OpenIt
C:\Users\Howard\AppData\Local\Temp
end
*****************
 
C:\Users\Howard\AppData\Local\Ewfption\PowNap.dll => Moved successfully.
HKU\S-1-5-21-1226994778-3408642141-2447314796-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Ewfption => Value deleted successfully.
HKU\S-1-5-21-1226994778-3408642141-2447314796-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Ewfption Update => Value deleted successfully.
"C:\Users\Howard\AppData\Local\Ewfption\sonymvd2pro_xp.dll" => File/Directory not found.
"C:\Users\Howard\AppData\Local\Ewfption\PowNap.dll" => File/Directory not found.
 
========================= Folder: C:\Users\Howard\AppData\Local\Ewfption ========================
 
2014-03-18 07:15 - 2014-03-18 07:15 - 0233492 _____ () C:\Users\Howard\AppData\Local\Ewfption\PowNap.0
2014-02-07 08:35 - 2014-02-07 08:35 - 0233492 _____ () C:\Users\Howard\AppData\Local\Ewfption\sonymvd2pro_xp.0
 
====== End of Folder: ======
 
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D6B258A5-6D22-42C1-A023-44AD19D56158} => Key deleted successfully.
HKCR\CLSID\{D6B258A5-6D22-42C1-A023-44AD19D56158} => Key not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\Program Files (x86)\Mega Browse => Moved successfully.
C:\Users\Howard\AppData\Roaming\0D0S1L2Z1P1B => Moved successfully.
C:\Users\Howard\AppData\Roaming\DigitalSites => Moved successfully.
C:\Program Files (x86)\OpenIt => Moved successfully.
 
"C:\Users\Howard\AppData\Local\Temp" directory move:
 
C:\Users\Howard\AppData\Local\Temp\11-12_vista64_win7_64_dd_ccc_ocl.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\AdobeARM.log => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\AdwCleaner.jpg => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\amt.log => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\APNStub.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\AskSLib.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\Attach.txt => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\DDS.txt => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\DWH2564.tmp => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\EAD2818.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\EAD389C.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\EAD3ABE.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\EAD446E.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\EAD5688.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\EAD5A6E.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\EAD5F00.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\EAD6BCC.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\EAD7251.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\EAD7676.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\EAD849.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\EAD8EC7.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\EAD9A4B.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\EAD9B0.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\EAD9E60.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\EAD9F98.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\EADAC26.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\EADAF51.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\EADC7B1.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\EADD104.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\EADD113.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\EADDB12.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\EADDB50.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\EADE32D.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\EADE704.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\EADFA93.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\EADFD32.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\EADFF54.exe => Moved successfully.
Could not move "C:\Users\Howard\AppData\Local\Temp\etilqs_n3eHnrBGT03WUMJ" => Scheduled to move on reboot.
C:\Users\Howard\AppData\Local\Temp\EULA.txt => Moved successfully.
Could not move "C:\Users\Howard\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\Howard\AppData\Local\Temp\installerdll263204.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\installerdll78460500.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\installerdll78474742.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\Intuit.Spc.Map.Features.WindowsFirewallLog.txt => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\JavaDeployReg.log => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\jinstall.cfg => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\jusched.log => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\log.txt => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\MSB1CACH.LEX => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\MSND6A.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\photostage_1.0.0.1_1.5.0.67_update_all.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\PS7A9D.tmp.ini => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\qtsingleapp-combli-839e-1-lockfile => Moved successfully.
Could not move "C:\Users\Howard\AppData\Local\Temp\qtsingleapp-Google-875a-1-lockfile" => Scheduled to move on reboot.
C:\Users\Howard\AppData\Local\Temp\rootsupd.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\StructuredQuery.log => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\tmp20A8.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\tmp2C3D.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\tmp4EE2.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\tmp827E.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\tmp9C5E.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\tmpE1C6.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\TWAIN.LOG => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\Twain001.Mtx => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\Twunk001.MTX => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\Twunk002.MTX => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\UninstallEADM.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\UofM VPN (Single User).log => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\vlc-2.0.8-win32.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\wfr13A3.tmp => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{00E5C764-9525-44C3-8404-712AD06AE12A}Titan.ico => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{24D77A7C-E10B-4057-9974-FAB8BFDAC853}installer.ico => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{30C4B843-28DA-466F-AFCA-CB0ED153C826}PS_AppIcon.ico => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{3BC8460B-085E-47F3-9C62-8FFCBAF11D78}Setup.ico => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{450CDEDE-2E5F-4659-AC0D-BA693424ACAF}Setup.ico => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{61D23D99-3398-414E-974E-EBAE498BB298}bridge.ico => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{7BB7F66A-D798-45A3-A383-0727FB1EBF8E}Setup.ico => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A946BC8E-D927-412B-A1C5-A67A9C54921A}designpremium_install_pkg_rev.ico => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{abd781e6-d5ca-45aa-a5f7-f64799eb1c04}VC_Uninstall_Icon.ico => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{C4519961-AC64-4565-B3AF-9050296B5D5A}ai_install_pkg_rev.ico => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\~DF6A221A4F8DCDB0D6.TMP => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{FD8529A8-14A1-45D0-8A9E-4396A92DF4A0}\{C9CD97C8-AFED-447F-9663-24DD150A08E9}\WMEncoder.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\GoogleCrashHandler.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\GoogleCrashHandler64.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\GoogleUpdate.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\GoogleUpdateBroker.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\GoogleUpdateHelper.msi => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\GoogleUpdateOnDemand.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\GoogleUpdateSetup.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdate.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_am.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_ar.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_bg.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_bn.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_ca.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_cs.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_da.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_de.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_el.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_en-GB.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_en.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_es-419.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_es.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_et.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_fa.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_fi.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_fil.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_fr.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_gu.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_hi.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_hr.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_hu.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_id.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_is.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_it.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_iw.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_ja.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_kn.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_ko.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_lt.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_lv.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_ml.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_mr.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_ms.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_nl.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_no.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_pl.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_pt-BR.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_pt-PT.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_ro.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_ru.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_sk.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_sl.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_sr.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_sv.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_sw.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_ta.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_te.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_th.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_tr.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_uk.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_ur.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_vi.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_zh-CN.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\goopdateres_zh-TW.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\npGoogleUpdate3.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\psmachine.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{BBCFFAE9-62A9-4948-A01F-3D6DDD0629C9}\psuser.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\GoogleCrashHandler.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\GoogleCrashHandler64.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\GoogleUpdate.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\GoogleUpdateBroker.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\GoogleUpdateHelper.msi => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\GoogleUpdateOnDemand.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\GoogleUpdateSetup.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdate.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_am.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_ar.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_bg.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_bn.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_ca.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_cs.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_da.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_de.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_el.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_en-GB.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_en.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_es-419.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_es.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_et.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_fa.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_fi.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_fil.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_fr.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_gu.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_hi.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_hr.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_hu.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_id.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_is.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_it.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_iw.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_ja.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_kn.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_ko.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_lt.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_lv.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_ml.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_mr.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_ms.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_nl.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_no.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_pl.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_pt-BR.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_pt-PT.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_ro.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_ru.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_sk.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_sl.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_sr.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_sv.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_sw.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_ta.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_te.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_th.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_tr.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_uk.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_ur.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_vi.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_zh-CN.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\goopdateres_zh-TW.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\npGoogleUpdate3.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\psmachine.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{B59DDEAC-BD89-4F94-805D-66442C8C5F87}\psuser.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\GoogleCrashHandler.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\GoogleCrashHandler64.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\GoogleUpdate.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\GoogleUpdateBroker.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\GoogleUpdateHelper.msi => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\GoogleUpdateOnDemand.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\GoogleUpdateSetup.exe => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdate.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_am.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_ar.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_bg.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_bn.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_ca.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_cs.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_da.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_de.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_el.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_en-GB.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_en.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_es-419.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_es.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_et.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_fa.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_fi.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_fil.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_fr.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_gu.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_hi.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_hr.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_hu.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_id.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_is.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_it.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_iw.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_ja.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_kn.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_ko.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_lt.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_lv.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_ml.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_mr.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_ms.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_nl.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_no.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_pl.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_pt-BR.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_pt-PT.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_ro.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_ru.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_sk.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_sl.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_sr.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_sv.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_sw.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_ta.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_te.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_th.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_tr.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_uk.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_ur.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_vi.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_zh-CN.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\goopdateres_zh-TW.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\npGoogleUpdate3.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\psmachine.dll => Moved successfully.
C:\Users\Howard\AppData\Local\Temp\{A1A94213-FD15-4D77-AD34-1A5C8E828F29}\psuser.dll => Moved successfully.


#8 Duckie13

Duckie13
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 AM

Posted 31 March 2014 - 08:20 AM

Here's the log, this might be easier

 

Attached File  Fixlog.txt   255.7KB   1 downloads



#9 Duckie13

Duckie13
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 AM

Posted 31 March 2014 - 08:21 AM

Farbar Service Scanner Version: 25-02-2014
Ran by Howard (administrator) on 31-03-2014 at 08:20:53
Running from "C:\Users\Howard\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
 
MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of MpsSvc. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of MpsSvc. The value does not exist.
Unable to retrieve ServiceDll of MpsSvc. The value does not exist.
 
bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of bfe. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of bfe. The value does not exist.
Unable to retrieve ServiceDll of bfe. The value does not exist.
 
 
Firewall Disabled Policy: 
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
 
 
Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
 
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ServiceDll of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
 
Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
 
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****


#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:39 AM

Posted 31 March 2014 - 09:44 AM

Hello,

 

Ok, please open the folder C:\FRST\Quarantine and press Ctrl + F. Type in PowNap.dll and upload the file to my channel.

 

It seems that a lot of services were deleted (probably by ZeroAccess rootkit).

We should get them repaired.

 

 

Backup Your Registry

 


 

Now download the following files and save them to your desktop:

mpsdrv.reg

 

MpsSvc.reg

 

BFE.reg

 

SharedAccess.reg

 

wscsvc.reg

 

WinDefend.reg

 

iphlpsvc.reg

 

RemoteAccess.reg

 

PolicyAgent.reg

 

 

Now double click on each of them one by one. An information box will pop up asking if you want to merge the information in the file into the registry, click YES.

 

  • Next please download the ESET ServicesRepair utility and save it to your Desktop.
  • Double-click ServicesRepair.exe to run the ESET ServicesRepair utility.
  • If you are using User Access Control, click Run when prompted and then click Yes when asked to allow changes.
  • Reboot the computer and then please attach fresh logs from the following 2 tools - RKILL and Farbar Service Scanner.

 

 

Regards,

Georgi


cXfZ4wS.png


#11 Duckie13

Duckie13
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 AM

Posted 31 March 2014 - 08:10 PM

Farbar Service Scanner Version: 25-02-2014
Ran by Howard (administrator) on 31-03-2014 at 20:10:13
Running from "C:\Users\Howard\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****


#12 Duckie13

Duckie13
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 AM

Posted 31 March 2014 - 08:15 PM

Farbar Service Scanner Version: 25-02-2014
Ran by Howard (administrator) on 31-03-2014 at 20:10:13
Running from "C:\Users\Howard\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****


#13 Duckie13

Duckie13
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 AM

Posted 31 March 2014 - 08:16 PM

Just to let you know I dont think that I had RKill on my computer from before, so I downloaded it from the download section of this site and ran it. it was rkill.exe I'm assuming that's the one you meant and it's the one I posted the results from above.

 

Cheers!



#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:39 AM

Posted 01 April 2014 - 01:35 AM

Hello,

 

 

Sorry about Rkill - i'll give you more detailed instructions on how to use it soon (you posted the farbar service scanner log twice instead of rkill). :)

Also please re-run farbar Service Scanner but make sure that all options are checked before you press the Scan button.

Post the log in your next reply. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#15 Duckie13

Duckie13
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 AM

Posted 01 April 2014 - 07:30 AM

Farbar Service Scanner Version: 25-02-2014
Ran by Howard (administrator) on 01-04-2014 at 07:28:58
Running from "C:\Users\Howard\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****

Rkill 2.6.5 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 04/01/2014 07:29:34 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * PcaSvc [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 04/01/2014 07:29:40 AM
Execution time: 0 hours(s), 0 minute(s), and 6 seconds(s)

Rkill 2.6.5 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 04/01/2014 07:29:34 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * PcaSvc [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 04/01/2014 07:29:40 AM
Execution time: 0 hours(s), 0 minute(s), and 6 seconds(s)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users